Jump to content

beard_whisperer

Members
  • Posts

    23
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you very much for all of your help. I have read through your steps and executed them all accordingly. I always appreciate your help and will be donating to you soon.
  2. It appears 2 threats were found, this time both on my external hard drive. I will be out of town until Friday, so hopefully my computer will be okay until then. I really appreciate your help. Here is the log report: E:\Files\Documents\CrK\Office 2010 Toolkit.exe a variant of MSIL/HackKMS.A applicationE:\Random Unorganized\Random 1\Favorites\Downloads\Downloads\SDFix.exe Win32/PrcView application
  3. Computer seems to be running optimally still. Only problems with internet, but that is due to my slow speeds and nothing else as far as I can tell. When I ran HijackThis 2 errors occurred. Also a screen came up afterwards with options to "Fix this". I did not check or fix any of the items listed. The report from Mbytes: Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2013.11.27.06 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16428Andrew :: ANDREW-PC [administrator] Protection: Disabled 11/27/2013 9:17:15 AMmbam-log-2013-11-27 (09-17-15).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 205458Time elapsed: 1 minute(s), 10 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) And the hijackthis log: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 9:26:59 AM, on 11/27/2013Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.16428)Boot mode: Normal Running processes:C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\Andrew\Desktop\HijackThis.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exeO4 - Global Startup: 2.4GHz Wireless N Client Utility.lnk = C:\Program Files (x86)\Rosewill\Wireless N Client Utility\RW-Utility.exeO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dllO18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dllO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeO23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exeO23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exeO23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exeO23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 7109 bytes
  4. No problems as far as I can tell. To note though, combofix did have to update itself a quarter into the way of processing the .txt file. Not sure if that's important or not. Computer seems to be running smoothly still with no noticeable problems. Here is the log report: ComboFix 13-11-27.01 - Andrew 11/26/2013 21:51:06.3.4 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8092.6475 [GMT -6:00]Running from: c:\users\Andrew\Downloads\ComboFix.exeCommand switches used :: c:\users\Andrew\Desktop\CFScript.txtAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files\Level Quality Watcherc:\program files\Level Quality Watcher\v1.01\levelqualitywatcher32.exec:\program files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe..((((((((((((((((((((((((( Files Created from 2013-10-27 to 2013-11-27 )))))))))))))))))))))))))))))))..2013-11-27 03:54 . 2013-11-27 03:54 -------- d-----w- c:\users\Default\AppData\Local\temp2013-11-27 00:25 . 2013-11-27 00:26 -------- d-----w- c:\program files (x86)\Origin Games2013-11-27 00:03 . 2013-11-27 00:25 -------- d-----w- c:\programdata\Origin2013-11-27 00:03 . 2013-11-27 00:03 -------- d-----w- c:\programdata\Electronic Arts2013-11-27 00:03 . 2013-11-27 00:22 -------- d-----w- c:\program files (x86)\Origin2013-11-26 14:07 . 2013-11-26 14:07 -------- d-----w- c:\windows\ERUNT2013-11-26 13:59 . 2013-11-26 14:02 -------- d-----w- C:\AdwCleaner2013-11-26 06:49 . 2013-11-27 01:42 -------- d-----w- C:\dxtory2013-11-26 06:48 . 2013-02-16 04:44 8300544 ----a-w- c:\windows\SysWow64\DxtoryCodec.dll2013-11-26 06:48 . 2013-02-16 04:44 8043008 ----a-w- c:\windows\system32\DxtoryCodec.dll2013-11-26 06:48 . 2013-11-26 06:48 -------- d-----w- c:\program files (x86)\ExKode2013-11-26 02:12 . 2013-11-26 02:16 -------- d-----w- C:\temp2013-11-26 02:11 . 2013-11-26 02:11 -------- d-----w- c:\program files (x86)\VS Revo Group2013-11-26 02:06 . 2013-11-26 02:06 -------- d-----w- c:\program files\CCleaner2013-11-25 18:22 . 2013-11-25 18:23 -------- d-----w- c:\program files\WinRAR2013-11-25 17:56 . 2013-11-25 17:56 -------- d-----w- c:\windows\AsDmiHtm2013-11-25 17:55 . 2013-11-25 17:55 5320800 ----a-w- c:\windows\PE_Rom.dll2013-11-25 17:50 . 2013-11-25 17:50 -------- d-----w- c:\programdata\ASUS OC Profiles2013-11-25 17:49 . 2011-09-15 04:33 24648 ----a-w- c:\windows\system32\drivers\ASUSstpt.sys2013-11-25 17:49 . 2011-09-15 04:33 16456 ----a-w- c:\windows\system32\drivers\ASUSwh.sys2013-11-25 17:49 . 2011-09-15 04:33 14920 ----a-w- c:\windows\system32\drivers\ASUScr.sys2013-11-25 17:49 . 2011-09-15 04:33 141896 ----a-w- c:\windows\system32\drivers\ASUSumsc.sys2013-11-25 17:49 . 2013-11-25 17:49 -------- d-----w- c:\program files\ASUS2013-11-25 17:47 . 2012-05-31 03:06 32400 ----a-r- c:\windows\system32\drivers\ndisrd.sys2013-11-25 17:46 . 2012-04-19 15:19 14848 ----a-w- c:\windows\SysWow64\drivers\AiChargerPlus.sys2013-11-25 17:45 . 2008-12-03 02:05 184320 ----a-w- c:\windows\SysWow64\drivers\UpdateHelper.dll2013-11-25 17:44 . 2013-11-25 17:44 -------- d-----w- c:\programdata\ASUS2013-11-25 17:44 . 2013-11-25 17:46 -------- d-----w- c:\program files (x86)\ASUS2013-11-25 17:44 . 2012-08-22 09:54 15232 ----a-r- c:\windows\SysWow64\drivers\AsIO.sys2013-11-25 17:44 . 2010-06-29 07:41 28672 ----a-r- c:\windows\SysWow64\AsIO.dll2013-11-25 17:44 . 2013-11-25 17:44 -------- d-----w- c:\windows\SysWow64\drivers\MFDLL2013-11-25 17:44 . 2008-01-04 05:34 11832 ------w- c:\windows\SysWow64\drivers\AsInsHelp64.sys2013-11-25 17:13 . 2013-11-26 02:07 -------- d-----w- c:\windows\Panther2013-11-25 16:41 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll2013-11-25 16:41 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll2013-11-25 16:41 . 2009-03-09 21:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll2013-11-25 16:41 . 2007-04-05 00:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll2013-11-25 10:03 . 2013-11-25 10:25 -------- d-----w- c:\program files (x86)\Common Files\Steam2013-11-25 10:03 . 2013-11-27 01:39 -------- d-----w- c:\program files (x86)\Steam2013-11-25 09:22 . 2013-11-25 09:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-11-25 09:22 . 2013-11-25 09:22 -------- d-----w- c:\programdata\Malwarebytes2013-11-25 09:22 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-11-25 08:54 . 2013-11-25 08:54 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A0178F4-121A-4CC9-9DCF-DD8A97E862DA}\gapaengine.dll2013-11-25 08:54 . 2013-11-08 01:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-11-25 08:54 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll2013-11-25 08:54 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll2013-11-25 08:54 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe2013-11-25 08:54 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe2013-11-25 08:54 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe2013-11-25 08:54 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe2013-11-25 08:51 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE2013-11-25 08:28 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-11-25 08:28 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-11-25 08:28 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-11-25 08:28 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-11-25 08:28 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-11-25 08:28 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2013-11-25 08:28 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-11-25 08:08 . 2013-11-25 08:08 -------- d-----w- c:\programdata\Oracle2013-11-25 08:08 . 2013-11-25 08:08 -------- d-----w- c:\program files (x86)\Common Files\Java2013-11-25 08:08 . 2013-11-25 08:08 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-11-25 08:08 . 2013-11-25 08:08 -------- d-----w- c:\program files (x86)\Java2013-11-25 08:08 . 2013-11-25 08:08 -------- d-----w- c:\programdata\McAfee2013-11-25 07:44 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll2013-11-25 07:20 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe2013-11-25 07:20 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll2013-11-25 07:18 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll2013-11-25 07:18 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll2013-11-25 07:18 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll2013-11-25 07:18 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll2013-11-25 07:18 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll2013-11-25 07:18 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll2013-11-25 07:15 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll2013-11-25 07:14 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll2013-11-25 07:13 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL2013-11-25 07:13 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll2013-11-25 07:13 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll2013-11-25 07:13 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll2013-11-25 07:13 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll2013-11-25 07:13 . 2013-06-25 22:55 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys2013-11-25 07:13 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys2013-11-25 07:13 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe2013-11-25 07:13 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys2013-11-25 07:13 . 2013-07-03 04:05 76800 ----a-w- c:\windows\system32\drivers\hidclass.sys2013-11-25 07:13 . 2013-07-03 04:05 32896 ----a-w- c:\windows\system32\drivers\hidparse.sys2013-11-25 07:13 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys2013-11-25 07:13 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys2013-11-25 07:11 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll2013-11-25 07:11 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll2013-11-25 07:11 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll2013-11-25 07:11 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll2013-11-25 07:11 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll2013-11-25 07:11 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll2013-11-25 07:11 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll2013-11-25 07:11 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll2013-11-25 07:10 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll2013-11-25 07:10 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL2013-11-25 07:10 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL2013-11-25 07:10 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll2013-11-25 07:10 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL2013-11-25 07:10 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll2013-11-25 07:10 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll2013-11-25 07:10 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe2013-11-25 06:33 . 2013-11-25 08:26 -------- d-----w- c:\program files\Microsoft Silverlight2013-11-25 06:33 . 2013-11-25 08:26 -------- d-----w- c:\program files (x86)\Microsoft Silverlight2013-11-25 06:32 . 2013-11-25 06:32 -------- d-----w- c:\windows\system32\SPReview2013-11-25 06:32 . 2013-11-25 06:32 -------- d-----w- c:\windows\system32\EventProviders2013-11-25 06:31 . 2013-11-25 07:03 -------- d-----w- c:\program files (x86)\Microsoft Security Client2013-11-25 06:31 . 2013-11-25 07:03 -------- d-----w- c:\program files\Microsoft Security Client2013-11-25 06:07 . 2009-09-04 23:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll2013-11-25 06:07 . 2009-09-04 23:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll2013-11-25 06:07 . 2009-09-04 23:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll2013-11-25 06:07 . 2009-09-04 23:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll2013-11-25 06:06 . 2006-11-29 19:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll2013-11-25 06:06 . 2006-11-29 19:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll2013-11-25 06:04 . 2013-11-25 06:04 -------- d-----w- c:\program files (x86)\Common Files\Windows Live2013-11-25 05:38 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys2013-11-25 05:38 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys2013-11-25 05:38 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys2013-11-25 05:38 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys2013-11-25 05:38 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys2013-11-25 05:38 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys2013-11-25 05:38 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll2013-11-25 05:38 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe2013-11-25 05:38 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll..(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-11-25 06:55 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll2013-11-25 06:55 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll2013-11-25 06:08 . 2011-03-29 00:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-09-27 15:53 . 2013-09-27 15:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys2013-09-27 15:53 . 2013-06-19 03:50 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Dxtory Update Checker 2.0"="c:\program files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2012-08-20 550272].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\2.4GHz Wireless N Client Utility.lnk - c:\program files (x86)\Rosewill\Wireless N Client Utility\RW-Utility.exe -nogui [2013-11-1 741888].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [x]S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [x]S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S3 AiChargerPlus;AiChargerPlus;SysWow64\drivers\AiChargerPlus.sys;SysWow64\drivers\AiChargerPlus.sys [x]S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]S3 ASUSstpt;ASUS USB 3.0 Boost Storage Driver (Storage Driver);c:\windows\system32\DRIVERS\ASUSstpt.sys;c:\windows\SYSNATIVE\DRIVERS\ASUSstpt.sys [x]S3 ASUSumsc;ASUS USB 3.0 Boost Storage Driver (WDM);c:\windows\system32\DRIVERS\ASUSumsc.sys;c:\windows\SYSNATIVE\DRIVERS\ASUSumsc.sys [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-11-25 05:20 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-25 05:26].2013-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-25 05:15].2013-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-25 05:15]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-08-07 6827664]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmTCP: DhcpNameServer = 8.8.8.8 8.8.4.4 4.2.2.2..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-4253248241-2379161157-908575163-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-4253248241-2379161157-908575163-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]@Denied: (A 2) (Everyone)@="IFlashBroker3".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-11-26 21:55:40ComboFix-quarantined-files.txt 2013-11-27 03:55ComboFix2.txt 2013-11-26 18:23.Pre-Run: 66,933,465,088 bytes freePost-Run: 66,609,582,080 bytes free.- - End Of File - - BE06782D3C6511266F178D8E3ED54F62A36C5E4F47E84449FF07ED3517B43A31
  5. Reran the program, this time with no restart. Here is the log file: ComboFix 13-11-23.02 - Andrew 11/26/2013 12:19:09.2.4 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8092.6698 [GMT -6:00]Running from: c:\users\Andrew\Downloads\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.c:\windows\SysWow64\FlashPlayerApp.exe..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_Level Quality Watcher..((((((((((((((((((((((((( Files Created from 2013-10-26 to 2013-11-26 )))))))))))))))))))))))))))))))..2013-11-26 18:22 . 2013-11-26 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp2013-11-26 14:16 . 2013-11-08 01:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C47F9CD4-29F9-4F19-B0CF-D8598C0B01B2}\mpengine.dll2013-11-26 14:07 . 2013-11-26 14:07 -------- d-----w- c:\windows\ERUNT2013-11-26 13:59 . 2013-11-26 14:02 -------- d-----w- C:\AdwCleaner2013-11-26 06:49 . 2013-11-26 15:12 -------- d-----w- C:\dxtory2013-11-26 06:48 . 2013-02-16 04:44 8300544 ----a-w- c:\windows\SysWow64\DxtoryCodec.dll2013-11-26 06:48 . 2013-02-16 04:44 8043008 ----a-w- c:\windows\system32\DxtoryCodec.dll2013-11-26 06:48 . 2013-11-26 06:48 -------- d-----w- c:\program files (x86)\ExKode2013-11-26 02:12 . 2013-11-26 02:16 -------- d-----w- C:\temp2013-11-26 02:12 . 2013-11-26 02:12 -------- d-----w- c:\program files\Level Quality Watcher2013-11-26 02:11 . 2013-11-26 02:11 -------- d-----w- c:\program files (x86)\VS Revo Group2013-11-26 02:06 . 2013-11-26 02:06 -------- d-----w- c:\program files\CCleaner2013-11-25 18:22 . 2013-11-25 18:23 -------- d-----w- c:\program files\WinRAR2013-11-25 17:56 . 2013-11-25 17:56 -------- d-----w- c:\windows\AsDmiHtm2013-11-25 17:55 . 2013-11-25 17:55 5320800 ----a-w- c:\windows\PE_Rom.dll2013-11-25 17:50 . 2013-11-25 17:50 -------- d-----w- c:\programdata\ASUS OC Profiles2013-11-25 17:49 . 2011-09-15 04:33 24648 ----a-w- c:\windows\system32\drivers\ASUSstpt.sys2013-11-25 17:49 . 2011-09-15 04:33 16456 ----a-w- c:\windows\system32\drivers\ASUSwh.sys2013-11-25 17:49 . 2011-09-15 04:33 14920 ----a-w- c:\windows\system32\drivers\ASUScr.sys2013-11-25 17:49 . 2011-09-15 04:33 141896 ----a-w- c:\windows\system32\drivers\ASUSumsc.sys2013-11-25 17:49 . 2013-11-25 17:49 -------- d-----w- c:\program files\ASUS2013-11-25 17:47 . 2012-05-31 03:06 32400 ----a-r- c:\windows\system32\drivers\ndisrd.sys2013-11-25 17:46 . 2012-04-19 15:19 14848 ----a-w- c:\windows\SysWow64\drivers\AiChargerPlus.sys2013-11-25 17:45 . 2008-12-03 02:05 184320 ----a-w- c:\windows\SysWow64\drivers\UpdateHelper.dll2013-11-25 17:44 . 2013-11-25 17:44 -------- d-----w- c:\programdata\ASUS2013-11-25 17:44 . 2013-11-25 17:46 -------- d-----w- c:\program files (x86)\ASUS2013-11-25 17:44 . 2012-08-22 09:54 15232 ----a-r- c:\windows\SysWow64\drivers\AsIO.sys2013-11-25 17:44 . 2010-06-29 07:41 28672 ----a-r- c:\windows\SysWow64\AsIO.dll2013-11-25 17:44 . 2013-11-25 17:44 -------- d-----w- c:\windows\SysWow64\drivers\MFDLL2013-11-25 17:44 . 2008-01-04 05:34 11832 ------w- c:\windows\SysWow64\drivers\AsInsHelp64.sys2013-11-25 17:13 . 2013-11-26 02:07 -------- d-----w- c:\windows\Panther2013-11-25 16:41 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll2013-11-25 16:41 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll2013-11-25 16:41 . 2009-03-09 21:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll2013-11-25 16:41 . 2007-04-05 00:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll2013-11-25 10:03 . 2013-11-25 10:25 -------- d-----w- c:\program files (x86)\Common Files\Steam2013-11-25 10:03 . 2013-11-26 16:55 -------- d-----w- c:\program files (x86)\Steam2013-11-25 09:22 . 2013-11-25 09:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-11-25 09:22 . 2013-11-25 09:22 -------- d-----w- c:\programdata\Malwarebytes2013-11-25 09:22 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-11-25 08:54 . 2013-11-25 08:54 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A0178F4-121A-4CC9-9DCF-DD8A97E862DA}\gapaengine.dll2013-11-25 08:54 . 2013-11-08 01:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-11-25 08:54 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll2013-11-25 08:54 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll2013-11-25 08:54 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe2013-11-25 08:54 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe2013-11-25 08:54 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe2013-11-25 08:54 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe2013-11-25 08:51 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE2013-11-25 08:28 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-11-25 08:28 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-11-25 08:28 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-11-25 08:28 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-11-25 08:28 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-11-25 08:28 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2013-11-25 08:28 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-11-25 08:08 . 2013-11-25 08:08 -------- d-----w- c:\programdata\Oracle2013-11-25 08:08 . 2013-11-25 08:08 -------- d-----w- c:\program files (x86)\Common Files\Java2013-11-25 08:08 . 2013-11-25 08:08 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-11-25 08:08 . 2013-11-25 08:08 -------- d-----w- c:\program files (x86)\Java2013-11-25 08:08 . 2013-11-25 08:08 -------- d-----w- c:\programdata\McAfee2013-11-25 07:44 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll2013-11-25 07:20 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe2013-11-25 07:20 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll2013-11-25 07:18 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll2013-11-25 07:18 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll2013-11-25 07:18 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll2013-11-25 07:18 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll2013-11-25 07:18 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll2013-11-25 07:18 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll2013-11-25 07:15 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll2013-11-25 07:14 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll2013-11-25 07:13 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL2013-11-25 07:13 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll2013-11-25 07:13 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll2013-11-25 07:13 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll2013-11-25 07:13 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll2013-11-25 07:13 . 2013-06-25 22:55 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys2013-11-25 07:13 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys2013-11-25 07:13 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe2013-11-25 07:13 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys2013-11-25 07:13 . 2013-07-03 04:05 76800 ----a-w- c:\windows\system32\drivers\hidclass.sys2013-11-25 07:13 . 2013-07-03 04:05 32896 ----a-w- c:\windows\system32\drivers\hidparse.sys2013-11-25 07:13 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys2013-11-25 07:13 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys2013-11-25 07:11 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll2013-11-25 07:11 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll2013-11-25 07:11 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll2013-11-25 07:11 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll2013-11-25 07:11 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll2013-11-25 07:11 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll2013-11-25 07:11 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll2013-11-25 07:11 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll2013-11-25 07:10 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll2013-11-25 07:10 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL2013-11-25 07:10 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL2013-11-25 07:10 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll2013-11-25 07:10 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL2013-11-25 07:10 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll2013-11-25 07:10 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll2013-11-25 07:10 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe2013-11-25 06:33 . 2013-11-25 08:26 -------- d-----w- c:\program files\Microsoft Silverlight2013-11-25 06:33 . 2013-11-25 08:26 -------- d-----w- c:\program files (x86)\Microsoft Silverlight2013-11-25 06:32 . 2013-11-25 06:32 -------- d-----w- c:\windows\system32\SPReview2013-11-25 06:32 . 2013-11-25 06:32 -------- d-----w- c:\windows\system32\EventProviders2013-11-25 06:31 . 2013-11-25 07:03 -------- d-----w- c:\program files (x86)\Microsoft Security Client2013-11-25 06:31 . 2013-11-25 07:03 -------- d-----w- c:\program files\Microsoft Security Client2013-11-25 06:07 . 2009-09-04 23:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll2013-11-25 06:07 . 2009-09-04 23:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll2013-11-25 06:07 . 2009-09-04 23:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll2013-11-25 06:07 . 2009-09-04 23:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll2013-11-25 06:06 . 2006-11-29 19:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll2013-11-25 06:06 . 2006-11-29 19:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll2013-11-25 06:04 . 2013-11-25 06:04 -------- d-----w- c:\program files (x86)\Common Files\Windows Live2013-11-25 05:38 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys2013-11-25 05:38 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys2013-11-25 05:38 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys2013-11-25 05:38 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys2013-11-25 05:38 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys2013-11-25 05:38 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys2013-11-25 05:38 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll2013-11-25 05:38 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe2013-11-25 05:38 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll2013-11-25 05:38 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe2013-11-25 05:38 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS..(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-11-25 06:55 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll2013-11-25 06:55 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll2013-11-25 06:08 . 2011-03-29 00:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-09-27 15:53 . 2013-09-27 15:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys2013-09-27 15:53 . 2013-06-19 03:50 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys2013-08-29 01:48 . 2013-11-25 07:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Dxtory Update Checker 2.0"="c:\program files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2012-08-20 550272].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\2.4GHz Wireless N Client Utility.lnk - c:\program files (x86)\Rosewill\Wireless N Client Utility\RW-Utility.exe -nogui [2013-11-1 741888].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [x]S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [x]S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S3 AiChargerPlus;AiChargerPlus;SysWow64\drivers\AiChargerPlus.sys;SysWow64\drivers\AiChargerPlus.sys [x]S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]S3 ASUSstpt;ASUS USB 3.0 Boost Storage Driver (Storage Driver);c:\windows\system32\DRIVERS\ASUSstpt.sys;c:\windows\SYSNATIVE\DRIVERS\ASUSstpt.sys [x]S3 ASUSumsc;ASUS USB 3.0 Boost Storage Driver (WDM);c:\windows\system32\DRIVERS\ASUSumsc.sys;c:\windows\SYSNATIVE\DRIVERS\ASUSumsc.sys [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-11-25 05:20 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-25 05:26].2013-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-25 05:15].2013-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-25 05:15]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-08-07 6827664]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmTCP: DhcpNameServer = 8.8.8.8 8.8.4.4 4.2.2.2.- - - - ORPHANS REMOVED - - - -.HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-4253248241-2379161157-908575163-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-4253248241-2379161157-908575163-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]@Denied: (A 2) (Everyone)@="IFlashBroker3".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-11-26 12:23:23ComboFix-quarantined-files.txt 2013-11-26 18:23.Pre-Run: 67,557,228,544 bytes freePost-Run: 68,374,978,560 bytes free.- - End Of File - - D898FC0D0BED42C8B250816E7C032EDAA36C5E4F47E84449FF07ED3517B43A31
  6. After computer restart from running Combofix the "Illegal operation attempted" error came up (I think two times), so I immediately restarted my computer and cannot find the log file. Going to attempt to run it again.
  7. I left my computer open while I was letting a game I was downloading through Steam to continue to download. I came back after almost an hour and it seemed I could not click on anything at all. Ended up having to manually shut down the computer. Not sure what the cause was.
  8. Ran both program and am posting .txt files below. Computer is running optimally. No noticeable problems. # AdwCleaner v3.013 - Report created 26/11/2013 at 08:02:09# Updated 24/11/2013 by Xplode# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)# Username : Andrew - ANDREW-PC# Running from : C:\Users\Andrew\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Andrew\AppData\Local\Temp\OCS ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}Key Deleted : HKCU\Software\OCS ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Google Chrome v31.0.1650.57 [ File : C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1049 octets] - [26/11/2013 08:00:37]AdwCleaner[s0].txt - [941 octets] - [26/11/2013 08:02:09] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1000 octets] ########## And the JRT.txt: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 7 Ultimate x64Ran by Andrew on Tue 11/26/2013 at 8:07:56.20~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 11/26/2013 at 8:11:11.59End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  9. I should also point out, after running Malwarebytes and Revo uninstaller the first time, I just now updated Malwarebytes and re-ran the full scan, but this time only on the originally infected C drive. No infections were found.
  10. And the attach.txt file: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1Install Date: 11/1/2013 8:24:27 PMSystem Uptime: 11/25/2013 11:58:23 PM (1 hours ago).Motherboard: ASUSTeK COMPUTER INC. | | M5A97 LE R2.0Processor: AMD FX-4350 Quad-Core Processor | Socket 942 | 4200/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 112 GiB total, 62.95 GiB free.D: is CDROM ()E: is FIXED (NTFS) - 1397 GiB total, 988.371 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP39: 11/25/2013 11:56:13 PM - Revo Uninstaller's restore point - ScorpionSaverRP40: 11/25/2013 11:56:22 PM - Removed ScorpionSaverRP41: 11/25/2013 11:57:19 PM - Revo Uninstaller's restore point - Dxtory version 2.0.119.==== Installed Programs ======================.2.4GHz Wireless N Client Installation ProgramAdobe Flash Player 10 ActiveXAdobe Flash Player 11 PluginAI Suite IIAMD Accelerated Video TranscodingAMD APP SDK RuntimeAMD Catalyst Install ManagerAMD Drag and Drop TranscodingAMD FuelAMD Media Foundation DecodersAMD Steady Video Plug-In AMD VISION Engine Control CenterAsmedia ASM104x USB 3.0 Host Controller DriverCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanerCrysis 2 Maximum EditionGoogle ChromeGoogle Update HelperJava 7 Update 45Java Auto UpdaterMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Mount & Blade: WarbandMSI Afterburner 2.3.1outobox 2013.11.12.181539Realtek Ethernet Controller DriverRealtek High Definition Audio DriverRevo Uninstaller 1.95RNX-N250PC2 DriverSaints Row IVSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)SteamUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939v3)Windows Live ID Sign-in AssistantWinRAR 5.00 (64-bit).==== Event Viewer Messages From Past Week ========.11/25/2013 4:25:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.11/25/2013 4:25:17 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/25/2013 12:46:41 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: Andrew-PC\Andrew Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007042c Error description: The dependency service or group failed to start. 11/25/2013 12:46:38 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: Andrew-PC\Andrew Error Code: 0x8007042c Error description: The dependency service or group failed to start. 11/25/2013 12:46:38 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: Andrew-PC\Andrew Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. 11/25/2013 12:46:31 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.511.0).11/25/2013 12:46:26 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.511.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x80070643 Error description: Fatal error during installation. 11/25/2013 12:46:19 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\SYSTEM Error Code: 0x8007042c Error description: The dependency service or group failed to start. 11/25/2013 12:46:19 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. 11/25/2013 12:34:33 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).11/25/2013 11:58:24 PM, Error: volmgr [46] - Crash dump initialization failed!11/25/2013 11:55:30 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.11/25/2013 11:55:30 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.11/25/2013 11:08:28 AM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread11/25/2013 1:49:56 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.11/25/2013 1:38:55 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The service has not been started.11/25/2013 1:02:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Windows Live Essentials 2011 (KB2434419).11/25/2013 1:02:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2789644).11/25/2013 1:02:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2729451).11/25/2013 1:02:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2656355).11/25/2013 1:02:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2604114).11/25/2013 1:02:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Microsoft Security Essentials - KB2866470.11/24/2013 11:30:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024000b: Windows Update Aux (partial).11/24/2013 10:01:33 PM, Error: Service Control Manager [7023] - .==== End Of File ===========================
  11. Hello Gringo, Thank you so much for your help! Here are those 2 logs: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2Run by Andrew at 0:22:02 on 2013-11-26Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8092.5530 [GMT -6:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exeC:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exeC:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exeC:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exeC:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exec:\Program Files\Microsoft Security Client\NisSrv.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\taskeng.exeC:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exeC:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exeC:\Windows\DAODx.exeC:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exeC:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exeC:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exeC:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exeC:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exeC:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exec:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\24GHZW~1.LNK - C:\Program Files (x86)\Rosewill\Wireless N Client Utility\RW-Utility.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0TCP: NameServer = 8.8.8.8 8.8.4.4 4.2.2.2TCP: Interfaces\{6EE06587-EBA1-426A-B164-9B3B90138CDC} : DHCPNameServer = 8.8.8.8 8.8.4.4 4.2.2.2Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dllFilter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -sx64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dllx64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-11-1 82560]R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-11-1 42624]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2013-11-25 32400]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-6-1 920736]R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-6-1 951936]R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-11-25 149120]R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [2013-11-25 1475744]R2 Level Quality Watcher;Level Quality Watcher;C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=F5D333A8-C748-4686-AE0A-9E008F670C22 --> C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=F5D333A8-C748-4686-AE0A-9E008F670C22 [?]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-25 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-25 701512]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 134944]R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]R3 ASUSstpt;ASUS USB 3.0 Boost Storage Driver (Storage Driver);C:\Windows\System32\drivers\ASUSstpt.sys [2013-11-25 24648]R3 ASUSumsc;ASUS USB 3.0 Boost Storage Driver (WDM);C:\Windows\System32\drivers\ASUSumsc.sys [2013-11-25 141896]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-11-1 96256]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-25 25928]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-11-1 726160]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-11-1 58536]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-25 111616]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-25 19456]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-25 57856]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-24 1255736].=============== Created Last 30 ================.2013-11-26 02:12:37 -------- d-----w- C:\temp2013-11-26 02:12:24 -------- d-----w- C:\Program Files\Level Quality Watcher2013-11-26 02:11:58 -------- d-----w- C:\Program Files (x86)\VS Revo Group2013-11-26 02:06:54 -------- d-----w- C:\Program Files\CCleaner2013-11-26 01:03:52 -------- d-----w- C:\Users\Andrew\AppData\Local\Dxtory Software2013-11-25 17:56:37 -------- d-----w- C:\Windows\AsDmiHtm2013-11-25 17:55:07 5320800 ----a-w- C:\Windows\PE_Rom.dll2013-11-25 17:50:49 -------- d-----w- C:\ProgramData\ASUS OC Profiles2013-11-25 17:49:32 24648 ----a-w- C:\Windows\System32\drivers\ASUSstpt.sys2013-11-25 17:49:32 16456 ----a-w- C:\Windows\System32\drivers\ASUSwh.sys2013-11-25 17:49:32 14920 ----a-w- C:\Windows\System32\drivers\ASUScr.sys2013-11-25 17:49:32 141896 ----a-w- C:\Windows\System32\drivers\ASUSumsc.sys2013-11-25 17:49:31 -------- d-----w- C:\Program Files\ASUS2013-11-25 17:47:57 32400 ----a-r- C:\Windows\System32\drivers\ndisrd.sys2013-11-25 17:46:14 14848 ----a-w- C:\Windows\SysWow64\drivers\AiChargerPlus.sys2013-11-25 17:45:38 184320 ----a-w- C:\Windows\SysWow64\drivers\UpdateHelper.dll2013-11-25 17:45:23 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll2013-11-25 17:45:23 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll2013-11-25 17:45:23 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll2013-11-25 17:45:23 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll2013-11-25 17:44:53 -------- d-----w- C:\ProgramData\ASUS2013-11-25 17:44:41 929844 ------w- C:\Windows\SysWow64\drivers\MFDLL\MFC42D.DLL2013-11-25 17:44:41 385100 ------w- C:\Windows\SysWow64\drivers\MFDLL\MSVCRTD.DLL2013-11-25 17:44:41 343040 ------w- C:\Windows\SysWow64\drivers\MFDLL\msvcrt.dll2013-11-25 17:44:41 28672 ----a-r- C:\Windows\SysWow64\AsIO.dll2013-11-25 17:44:41 15232 ----a-r- C:\Windows\SysWow64\drivers\AsIO.sys2013-11-25 17:44:41 -------- d-----w- C:\Program Files (x86)\ASUS2013-11-25 17:44:40 1028096 ------w- C:\Windows\SysWow64\drivers\MFDLL\MFC42.DLL2013-11-25 17:44:39 11832 ------w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys2013-11-25 17:44:39 -------- d-----w- C:\Windows\SysWow64\drivers\MFDLL2013-11-25 17:13:47 -------- d-----w- C:\Windows\Panther2013-11-25 16:41:53 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll2013-11-25 16:41:53 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll2013-11-25 16:41:53 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Mount&Blade Warband2013-11-25 16:41:52 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll2013-11-25 16:41:52 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll2013-11-25 10:03:25 -------- d-----w- C:\Program Files (x86)\Common Files\Steam2013-11-25 10:03:24 -------- d-----w- C:\Program Files (x86)\Steam2013-11-25 09:22:36 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Malwarebytes2013-11-25 09:22:29 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-11-25 09:22:29 -------- d-----w- C:\ProgramData\Malwarebytes2013-11-25 09:22:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-11-25 09:22:09 -------- d-----w- C:\Users\Andrew\AppData\Local\Programs2013-11-25 08:54:40 965000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9A0178F4-121A-4CC9-9DCF-DD8A97E862DA}\gapaengine.dll2013-11-25 08:54:24 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D963FA71-D0DF-4519-BD06-86B24EF22D3D}\mpengine.dll2013-11-25 08:54:11 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2013-11-25 08:54:11 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2013-11-25 08:54:10 2871808 ----a-w- C:\Windows\explorer.exe2013-11-25 08:54:09 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe2013-11-25 08:54:08 67072 ----a-w- C:\Windows\splwow64.exe2013-11-25 08:54:08 559104 ----a-w- C:\Windows\System32\spoolsv.exe2013-11-25 08:28:23 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2013-11-25 08:28:23 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys2013-11-25 08:28:23 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2013-11-25 08:28:22 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2013-11-25 08:28:22 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2013-11-25 08:28:22 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2013-11-25 08:28:22 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2013-11-25 08:08:46 -------- d-----w- C:\ProgramData\Oracle2013-11-25 08:08:23 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-11-25 07:44:59 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll2013-11-25 07:20:03 70144 ----a-w- C:\Windows\System32\appinfo.dll2013-11-25 07:20:03 111448 ----a-w- C:\Windows\System32\consent.exe2013-11-25 07:18:40 197120 ----a-w- C:\Windows\System32\credui.dll2013-11-25 07:18:40 1930752 ----a-w- C:\Windows\System32\authui.dll2013-11-25 07:18:40 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll2013-11-25 07:18:40 1796096 ----a-w- C:\Windows\SysWow64\authui.dll2013-11-25 07:18:40 168960 ----a-w- C:\Windows\SysWow64\credui.dll2013-11-25 07:18:40 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll2013-11-25 07:15:59 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll2013-11-25 07:14:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-11-25 07:13:29 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL2013-11-25 07:13:29 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll2013-11-25 07:13:28 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll2013-11-25 07:13:28 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll2013-11-25 07:13:28 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll2013-11-25 07:13:15 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys2013-11-25 07:13:14 497152 ----a-w- C:\Windows\System32\drivers\afd.sys2013-11-25 07:13:14 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe2013-11-25 07:13:12 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys2013-11-25 07:13:12 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys2013-11-25 07:13:12 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys2013-11-25 07:13:12 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys2013-11-25 07:13:12 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys2013-11-25 07:11:50 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll2013-11-25 07:11:50 366592 ----a-w- C:\Windows\System32\qdvd.dll2013-11-25 07:11:30 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll2013-11-25 07:11:30 230400 ----a-w- C:\Windows\System32\wwansvc.dll2013-11-25 07:11:19 624128 ----a-w- C:\Windows\System32\qedit.dll2013-11-25 07:11:19 509440 ----a-w- C:\Windows\SysWow64\qedit.dll2013-11-25 07:11:12 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll2013-11-25 07:11:12 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll2013-11-25 07:10:51 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL2013-11-25 07:10:51 830464 ----a-w- C:\Windows\System32\nshwfp.dll2013-11-25 07:10:51 68608 ----a-w- C:\Windows\System32\taskhost.exe2013-11-25 07:10:51 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll2013-11-25 07:10:51 404480 ----a-w- C:\Windows\System32\gdi32.dll2013-11-25 07:10:51 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL2013-11-25 07:10:51 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-11-25 07:10:51 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL2013-11-25 06:46:16 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-11-25 06:33:28 2560 ----a-w- C:\Windows\System32\drivers\el-GR\wdf01000.sys.mui2013-11-25 06:33:28 2560 ----a-w- C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui2013-11-25 06:32:15 -------- d-----w- C:\Windows\System32\SPReview2013-11-25 06:32:00 -------- d-----w- C:\Windows\System32\EventProviders2013-11-25 06:31:42 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client2013-11-25 06:31:41 -------- d-----w- C:\Program Files\Microsoft Security Client2013-11-25 06:07:01 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll2013-11-25 06:07:01 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll2013-11-25 06:07:01 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll2013-11-25 06:07:01 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll2013-11-25 06:07:00 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8defc1131cee9a403\DSETUP.dll2013-11-25 06:07:00 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8defc1131cee9a403\DXSETUP.exe2013-11-25 06:07:00 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8defc1131cee9a403\dsetup32.dll2013-11-25 06:06:42 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll2013-11-25 06:06:42 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll2013-11-25 06:06:40 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\81ff5a361cee9a402\DSETUP.dll2013-11-25 06:06:40 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\81ff5a361cee9a402\DXSETUP.exe2013-11-25 06:06:40 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\81ff5a361cee9a402\dsetup32.dll2013-11-25 06:04:59 -------- d-----w- C:\Users\Andrew\AppData\Local\Windows Live2013-11-25 06:04:59 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live2013-11-25 05:38:22 96768 ----a-w- C:\Windows\System32\fsutil.exe2013-11-25 05:38:22 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe2013-11-25 05:38:22 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys2013-11-25 05:38:22 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys2013-11-25 05:38:22 2565632 ----a-w- C:\Windows\System32\esent.dll2013-11-25 05:38:22 189824 ----a-w- C:\Windows\System32\drivers\storport.sys2013-11-25 05:38:22 1699328 ----a-w- C:\Windows\SysWow64\esent.dll2013-11-25 05:38:22 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys2013-11-25 05:38:22 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys2013-11-25 05:38:22 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys2013-11-25 05:26:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-11-25 05:26:11 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-11-25 05:23:22 -------- d-----w- C:\Users\Andrew\AppData\Local\Adobe2013-11-25 05:15:39 -------- d-----w- C:\Users\Andrew\AppData\Local\Google2013-11-25 05:10:04 -------- d-----w- C:\Users\Andrew\AppData\Local\WindowsUpdate2013-11-25 05:07:16 -------- d-----w- C:\Users\Andrew\AppData\Local\Diagnostics2013-11-25 04:56:10 6656 ----a-w- C:\Windows\System32\drivers\UMDF\de-DE\WUDFUsbccidDriver.dll.mui2013-11-25 04:55:35 -------- d-----w- C:\Windows\el-GR2013-11-25 04:55:33 -------- d-----w- C:\Windows\SysWow64\XPSViewer2013-11-25 04:55:33 -------- d-----w- C:\Windows\SysWow64\wbem\el-GR2013-11-25 04:55:33 -------- d-----w- C:\Windows\SysWow64\el2013-11-25 04:55:33 -------- d-----w- C:\Windows\SysWow64\drivers\el-GR2013-11-25 04:55:32 -------- d-----w- C:\Windows\System32\el2013-11-25 04:55:32 -------- d-----w- C:\Windows\System32\drivers\UMDF\el-GR2013-11-25 04:55:32 -------- d-----w- C:\Windows\System32\drivers\el-GR2013-11-25 04:55:31 -------- d-----w- C:\Windows\System32\wbem\el-GR2013-11-25 03:40:23 9728 ----a-w- C:\Windows\System32\Wdfres.dll2013-11-25 03:40:23 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys2013-11-25 03:40:23 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui2013-11-25 03:24:35 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys2013-11-25 03:24:35 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll2013-11-25 03:24:35 744448 ----a-w- C:\Windows\System32\WUDFx.dll2013-11-25 03:24:35 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll2013-11-25 03:24:35 229888 ----a-w- C:\Windows\System32\WUDFHost.exe2013-11-25 03:24:35 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys2013-11-25 03:24:35 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll2013-11-25 03:22:18 -------- d-----w- C:\Windows\System32\MRT2013-11-25 03:17:49 81408 ----a-w- C:\Windows\System32\imagehlp.dll2013-11-25 03:17:49 5120 ----a-w- C:\Windows\SysWow64\wmi.dll2013-11-25 03:17:49 5120 ----a-w- C:\Windows\System32\wmi.dll2013-11-25 03:17:49 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys2013-11-25 03:17:49 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll2013-11-02 03:02:08 267936 ------w- C:\Windows\System32\MpSigStub.exe2013-11-02 03:02:08 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9AB67AF6-9580-47A6-9F4F-44155B6C1A5D}\mpengine.dll2013-11-02 02:46:33 -------- d-----w- C:\Users\Andrew\AppData\Local\Deployment2013-11-02 02:46:33 -------- d-----w- C:\Users\Andrew\AppData\Local\Apps2013-11-02 02:33:36 362496 ----a-w- C:\Windows\System32\wow64win.dll2013-11-02 02:33:36 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2013-11-02 02:33:36 13312 ----a-w- C:\Windows\System32\wow64cpu.dll2013-11-02 02:31:09 376688 ----a-w- C:\Windows\System32\drivers\netio.sys2013-11-02 02:31:09 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS2013-11-02 02:28:18 509952 ----a-w- C:\Windows\System32\ntshrui.dll2013-11-02 02:28:18 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll2013-11-02 02:27:26 142336 ----a-w- C:\Windows\System32\poqexec.exe2013-11-02 02:27:26 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe2013-11-02 02:26:44 1395712 ----a-w- C:\Windows\System32\mfc42.dll2013-11-02 02:26:44 1359872 ----a-w- C:\Windows\System32\mfc42u.dll2013-11-02 02:26:44 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll2013-11-02 02:26:44 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll2013-11-02 02:25:38 64512 ----a-w- C:\Windows\SysWow64\devobj.dll2013-11-02 02:25:38 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll2013-11-02 02:25:38 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll2013-11-02 02:25:38 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe2013-11-02 02:25:38 207872 ----a-w- C:\Windows\System32\cfgmgr32.dll2013-11-02 02:25:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll2013-11-02 02:25:37 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys2013-11-02 02:25:30 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys2013-11-02 02:25:19 95744 ----a-w- C:\Windows\System32\synceng.dll2013-11-02 02:25:19 78336 ----a-w- C:\Windows\SysWow64\synceng.dll2013-11-02 02:24:04 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll2013-11-02 02:24:04 634880 ----a-w- C:\Windows\System32\msvcrt.dll2013-11-02 02:21:36 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll2013-11-02 02:20:56 395776 ----a-w- C:\Windows\System32\webio.dll2013-11-02 02:19:49 642944 ----a-w- C:\Windows\System32\winload.efi2013-11-02 02:18:56 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys2013-11-02 02:17:48 723456 ----a-w- C:\Windows\System32\EncDec.dll2013-11-02 02:16:27 77312 ----a-w- C:\Windows\System32\packager.dll2013-11-02 02:16:27 67072 ----a-w- C:\Windows\SysWow64\packager.dll2013-11-02 02:15:33 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll2013-11-02 02:15:33 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys2013-11-02 02:15:33 1031680 ----a-w- C:\Windows\System32\rdpcore.dll2013-11-02 02:12:01 2622464 ----a-w- C:\Windows\System32\wucltux.dll2013-11-02 02:12:00 99840 ----a-w- C:\Windows\System32\wudriver.dll2013-11-02 02:11:59 36864 ----a-w- C:\Windows\System32\wuapp.exe2013-11-02 02:11:59 186752 ----a-w- C:\Windows\System32\wuwebv.dll2013-11-02 01:57:06 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Wireless2013-11-02 01:56:51 -------- d-----w- C:\Program Files (x86)\Rosewill2013-11-02 01:56:36 1579520 ----a-w- C:\Windows\System32\drivers\athrx.sys2013-11-02 01:56:36 1579520 ----a-w- C:\Windows\System32\athrx.sys2013-11-02 01:51:20 -------- d--h--w- C:\Windows\msdownld.tmp2013-11-02 01:51:20 -------- d-----w- C:\Windows\SysWow64\directx2013-11-02 01:51:15 -------- d-----w- C:\Program Files (x86)\MSI Afterburner2013-11-02 01:51:00 -------- d-----w- C:\Users\Andrew\AppData\Local\AMD2013-11-02 01:50:56 -------- d-----w- C:\Users\Andrew\AppData\Local\ATI2013-11-02 01:50:11 0 ----a-w- C:\Windows\ativpsrm.bin2013-11-02 01:49:33 -------- d-----w- C:\Program Files (x86)\AMD AVT2013-11-02 01:49:31 -------- d-----w- C:\Program Files\Common Files\ATI Technologies2013-11-02 01:49:31 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies2013-11-02 01:49:19 -------- d-----w- C:\ProgramData\AMD2013-11-02 01:49:15 96256 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys2013-11-02 01:49:11 70144 ----a-w- C:\Windows\System32\coinst_9.012.dll2013-11-02 01:49:11 442368 ----a-w- C:\Windows\System32\atidemgy.dll2013-11-02 01:48:55 -------- d-----w- C:\Program Files (x86)\ATI Technologies2013-11-02 01:44:06 -------- d-----w- C:\Program Files (x86)\ASM104xUSB32013-11-02 01:43:13 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll2013-11-02 01:43:13 726160 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys2013-11-02 01:43:12 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll2013-11-02 01:41:59 -------- d--h--w- C:\Program Files (x86)\Temp2013-11-02 01:40:14 -------- d-sh--w- C:\Windows\Installer2013-11-02 01:39:55 -------- d-----w- C:\Program Files\ATI Technologies2013-11-02 01:39:52 -------- d-----w- C:\Program Files\ATI2013-11-02 01:39:15 16896 ----a-w- C:\Windows\AsTaskSched.dll2013-11-02 01:38:59 296320 ----a-w- C:\Windows\System32\drivers\volsnap.sys2013-11-02 01:26:31 -------- d-----w- C:\Users\Andrew\AppData\Local\VirtualStore.==================== Find3M ====================.2013-11-25 06:55:11 175616 ----a-w- C:\Windows\System32\msclmd.dll2013-11-25 06:55:11 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-09-27 15:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys2013-09-27 15:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe.============= FINISH: 0:22:16.10 ===============
  12. I managed to get Scorpion Saver and Outobox on my just build computer, presumably from a download. As soon as I saw the extensions under Google Chrome I knew something wasn't right, so I removed them from chrome, did a complete scan of all of my drives with Malwarebytes, removed the listed files (all 100+ of them!), restarted and ran revo uninstaller to uninstall the Scorpion Saver file. I am sure that that in itself most likely isn't going to cut it, so I was wondering how I should go about completely clearing my system of the virus, or how to even go about figuring out what is left of it? Any and all help would be tremendously appreciated! Thank you
  13. After I ran the clean up tool and rebooted my computer, my finger scanner started working again, so I ended up not having to utilize the links you provided, although I will be keeping them in mind if I have problems with it in the future. I still have the .exe files from OTL, HijackThis, and RogueKiller on my desktop. Not sure if these are as important to get rid of, but if so let me know. Otherwise I presume I can use Revo to uninstall them? Other than that, the computer is running a billion times better now thanks to you! I will let you know if any problems arise in the meantime. I have read your instructions and am now going through and downloading all of your recommendations. Really, thank you so much! Although I am a poor college student, I will be happy to send some donation your way as soon as possible! Thank you for your help!
  14. My computer is an HP pavilion m6-1035dx. When I open HP Simple Pass it says "Sensor not connected. Please connect sensor and try again." So not sure if that info helps. Unless you are referring to the ESET scan?
  15. Ah, thank you! Here it is: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK On a side note, not sure if this is related, but I now am unable to sign-in to my computer using the fingerprint scanner anymore. It was working yesterday.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.