Jump to content

westonreed

Members
 View Profile  See their activity

  • Posts

    14

  • Joined

  • Last visited

Reputation

0 Neutral
  1. westonreed
    Will do! I was under the impression that MSE was one of the best, but clearly not. There are no other signs of infection, so that must be it. Thank you so much for all of your help! You are a lifesaver!
  2. westonreed
    Checkup.txt Results of screen317's Security Check version 0.99.78 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Mozilla Firefox 20.0.1 Firefox out of Date! Google Chrome 31.0.1650.57 Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  3. westonreed
    Fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-12-2013 01 Ran by Free TV at 2013-12-31 17:25:50 Run:2 Running from C:\Users\Free TV\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Free TV\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 C:\Users\Free TV\Downloads\hwmonitor_1.22-setup.exe ***************** C:\Users\Free TV\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 => Moved successfully. C:\Users\Free TV\Downloads\hwmonitor_1.22-setup.exe => Moved successfully. ==== End of Fixlog ====
  4. westonreed
    ESET Antivirus Scan C:\Users\Free TV\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 Win32/AdWare.1ClickDownload.AP application C:\Users\Free TV\Downloads\hwmonitor_1.22-setup.exe a variant of Win32/Bundled.Toolbar.Ask.D application
  5. westonreed
    JavaRa JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Dec 31 14:14:52 2013 Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting.
  6. westonreed
    Sorry it took me so long to post this. Also, I am now able to connect to the internet again. Combofix.txt ComboFix 13-12-31.01 - Free TV 12/31/2013 11:30:25.1.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4074.2726 [GMT -6:00]Running from: c:\users\Free TV\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\MyNetDashboard.icoc:\programdata\WDInternetSecurityAndParentalControl.icoc:\users\Free TV\AppData\Local\Temp\nvSCPAPI64.dllc:\users\FREETV~1\AppData\Local\Temp\nvSCPAPI64.dllc:\windows\SysWow64\SETF801.tmp..((((((((((((((((((((((((( Files Created from 2013-11-28 to 2013-12-31 )))))))))))))))))))))))))))))))..2013-12-31 17:34 . 2013-12-31 17:34 -------- d-----w- c:\users\Default\AppData\Local\temp2013-12-31 17:27 . 2013-12-31 17:27 -------- d-----w- c:\program files (x86)\AGEIA Technologies2013-12-31 17:25 . 2013-12-31 17:26 -------- d-----w- c:\windows\LastGood2013-12-31 17:18 . 2013-12-31 17:18 -------- d-----w- c:\users\Free TV\AppData\Local\NVIDIA Corporation2013-12-31 17:17 . 2010-05-26 17:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll2013-12-31 17:17 . 2013-12-10 02:15 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll2013-12-31 17:17 . 2013-12-10 02:14 1100248 ----a-w- c:\windows\system32\nvspcap64.dll2013-12-31 17:17 . 2013-12-31 17:18 -------- d-----w- c:\users\Free TV\AppData\Local\NVIDIA2013-12-31 17:17 . 2013-12-05 08:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys2013-12-31 17:17 . 2013-12-05 08:42 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll2013-12-31 17:17 . 2013-12-05 08:42 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll2013-12-31 17:13 . 2013-12-31 17:13 -------- d-----w- c:\program files (x86)\Common Files\Java2013-12-31 17:13 . 2013-12-31 17:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-12-31 17:13 . 2013-12-31 17:13 -------- d-----w- c:\program files (x86)\Java2013-12-31 17:05 . 2013-12-31 17:26 -------- d-----w- c:\programdata\NVIDIA2013-12-31 17:05 . 2013-11-11 15:02 6674208 ----a-w- c:\windows\system32\nvcpl.dll2013-12-31 17:05 . 2013-11-11 15:02 3490080 ----a-w- c:\windows\system32\nvsvc64.dll2013-12-31 17:05 . 2013-11-11 15:01 922912 ----a-w- c:\windows\system32\nvvsvc.exe2013-12-31 17:05 . 2013-11-11 15:01 63776 ----a-w- c:\windows\system32\nvshext.dll2013-12-31 17:05 . 2013-11-11 15:01 219424 ----a-w- c:\windows\system32\nvmctray.dll2013-12-31 17:05 . 2013-11-11 15:01 3467927 ----a-w- c:\windows\system32\nvcoproc.bin2013-12-31 17:05 . 2013-02-10 01:04 2555680 ----a-w- c:\windows\system32\nvsvcr.dll2013-12-31 17:03 . 2013-12-31 17:17 -------- d-----w- c:\program files\NVIDIA Corporation2013-12-31 17:02 . 2013-12-31 17:02 -------- d-----w- C:\NVIDIA2013-12-31 05:57 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67F98E10-B0E2-469D-8CD3-5C7C95695F06}\mpengine.dll2013-12-31 03:02 . 2013-12-31 05:44 -------- d-----w- C:\FRST2013-12-31 02:12 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-12-31 02:05 . 2013-12-31 02:05 -------- d-----w- c:\windows\ERUNT2013-12-31 01:09 . 2013-12-31 01:57 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-12-31 00:49 . 2013-12-31 00:49 70224 ----a-w- c:\windows\system32\drivers\fileinfo.sys.bak2013-12-31 00:44 . 2013-12-31 00:44 -------- d-----w- c:\program files (x86)\ERUNT2013-12-28 05:12 . 2013-12-31 02:15 -------- d-----w- C:\AdwCleaner2013-12-28 05:06 . 2013-12-28 05:06 -------- d-----w- c:\users\Free TV\AppData\Roaming\Malwarebytes2013-12-28 05:06 . 2013-12-28 05:06 -------- d-----w- c:\programdata\Malwarebytes2013-12-28 05:06 . 2013-12-28 05:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-12-28 05:06 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-12-11 05:26 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL2013-12-11 05:26 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe2013-12-11 05:26 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe2013-12-11 05:26 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL2013-12-11 05:26 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll2013-12-11 01:03 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll2013-12-11 01:03 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll2013-12-11 01:03 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll2013-12-11 01:03 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll2013-12-11 01:03 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys2013-12-11 01:03 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll2013-12-11 01:03 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll2013-12-11 01:03 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll2013-12-11 01:03 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll2013-12-11 01:02 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx2013-12-11 01:02 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll2013-12-11 01:02 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx2013-12-11 01:02 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe2013-12-11 01:02 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe2013-12-11 01:02 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys2013-12-11 01:02 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys2013-12-11 01:02 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll2013-12-11 01:02 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe2013-12-11 01:02 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe2013-12-06 03:33 . 2013-12-06 03:33 -------- d-----w- c:\windows\Migration2013-12-06 03:32 . 2013-10-18 13:15 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7B39661B-E8C8-499F-9010-A11FC06863E9}\gapaengine.dll2013-12-04 09:03 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-12-15 09:00 . 2013-05-04 13:00 90708896 ----a-w- c:\windows\system32\MRT.exe2013-12-11 00:54 . 2013-05-03 05:28 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-11 00:54 . 2013-05-03 05:28 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-11-30 00:47 . 2013-11-30 00:47 40960 ----a-r- c:\users\Free TV\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe2013-11-30 00:47 . 2013-11-30 00:47 40960 ----a-r- c:\users\Free TV\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe2013-11-11 14:59 . 2013-11-11 14:59 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe2013-10-18 13:15 . 2013-05-27 02:02 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-10-12 02:30 . 2013-11-13 00:20 830464 ----a-w- c:\windows\system32\nshwfp.dll2013-10-12 02:29 . 2013-11-13 00:20 859648 ----a-w- c:\windows\system32\IKEEXT.DLL2013-10-12 02:29 . 2013-11-13 00:20 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL2013-10-12 02:03 . 2013-11-13 00:20 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll2013-10-12 02:01 . 2013-11-13 00:20 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL2013-10-05 20:25 . 2013-11-13 00:20 1474048 ----a-w- c:\windows\system32\crypt32.dll2013-10-05 19:57 . 2013-11-13 00:20 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll2013-10-04 02:28 . 2013-11-13 00:20 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll2013-10-04 02:25 . 2013-11-13 00:20 197120 ----a-w- c:\windows\system32\credui.dll2013-10-04 02:24 . 2013-11-13 00:20 1930752 ----a-w- c:\windows\system32\authui.dll2013-10-04 01:58 . 2013-11-13 00:20 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll2013-10-04 01:56 . 2013-11-13 00:20 168960 ----a-w- c:\windows\SysWow64\credui.dll2013-10-04 01:56 . 2013-11-13 00:20 1796096 ----a-w- c:\windows\SysWow64\authui.dll2013-10-03 02:23 . 2013-11-13 00:20 404480 ----a-w- c:\windows\system32\gdi32.dll2013-10-03 02:00 . 2013-11-13 00:20 311808 ----a-w- c:\windows\SysWow64\gdi32.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Spotify Web Helper"="c:\users\Free TV\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-12-31 1168896]"GoogleChromeAutoLaunch_54E497D87E8753C46097A65A24C6167F"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-12-04 863184].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]R3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]S3 netr7364;Belkin Wireless 54G USB Network Adapter Driver;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-12-05 23:59 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-03 00:54]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuSTART PAGE = https://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmTCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\Free TV\AppData\Roaming\Mozilla\Firefox\Profiles\ozveqk2f.default-1388206397904\.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-12-31 11:37:03ComboFix-quarantined-files.txt 2013-12-31 17:37.Pre-Run: 428,776,521,728 bytes freePost-Run: 428,400,082,944 bytes free.- - End Of File - - 723F7454CE217C218180A21522FFE9C7A36C5E4F47E84449FF07ED3517B43A31
  7. westonreed
    I apologize, I just realized what I was missing. Sorry for the mixup! Fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-12-2013 01 Ran by Free TV at 2013-12-30 23:44:53 Run:1Running from C:\Users\Free TV\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************DeleteJunctionsInDirectory: C:\Program Files\Windows DefenderDeleteJunctionsInDirectory: C:\Program Files\Microsoft Security ClientWinsock: Catalog9 01 C:\Windows\system32\AdpeakProxy.dll File Not found ()Winsock: Catalog9 02 C:\Windows\system32\AdpeakProxy.dll File Not found ()Winsock: Catalog9 03 C:\Windows\system32\AdpeakProxy.dll File Not found ()Winsock: Catalog9 04 C:\Windows\system32\AdpeakProxy.dll File Not found ()Winsock: Catalog9 15 C:\Windows\system32\AdpeakProxy.dll File Not found ()Winsock: Catalog9-x64 01 C:\Windows\system32\AdpeakProxy64.dll File Not found ()Winsock: Catalog9-x64 02 C:\Windows\system32\AdpeakProxy64.dll File Not found ()Winsock: Catalog9-x64 03 C:\Windows\system32\AdpeakProxy64.dll File Not found ()Winsock: Catalog9-x64 04 C:\Windows\system32\AdpeakProxy64.dll File Not found ()Winsock: Catalog9-x64 15 C:\Windows\system32\AdpeakProxy64.dll File Not found ()C:\Users\Free TV\AppData\Local\Temp\ntdll_dump.dllC:\Users\Free TV\AppData\Local\Temp\Quarantine.exeC:\Users\Free TV\AppData\Local\Temp\SpOrder.dllTask: {0EB28CAE-D834-4315-8644-FD732BBBB925} - System32\Tasks\bench-Updater removingTask: {36A2B0B8-1565-47DF-AC59-7FD1325F82E7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2615036311-676016454-2974206876-1000Task: {447C9E61-056C-4BB0-8F13-83FE8B182C27} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-02] (Google Inc.)Task: {4A15A189-3045-4311-A5DD-0EDCD30BC66E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-02] (Google Inc.)Task: {6E656419-29DD-4AB7-8A1C-61BA90D73E4B} - System32\Tasks\bench-sys => C:\Program Files (x86)\Bench\Updater\Updater.exe <==== ATTENTIONTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Bench ***************** "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started."C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed."C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started."C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.Winsock: Catalog entry 000000000001 => Deleted successfully.Winsock: Catalog entry 000000000002 => Deleted successfully.Winsock: Catalog entry 000000000003 => Deleted successfully.Winsock: Catalog entry 000000000004 => Deleted successfully.Winsock: Catalog entry 000000000015 => Deleted successfully.Winsock: Catalog entry 000000000001 => Deleted successfully.Winsock: Catalog entry 000000000002 => Deleted successfully.Winsock: Catalog entry 000000000003 => Deleted successfully.Winsock: Catalog entry 000000000004 => Deleted successfully.Winsock: Catalog entry 000000000015 => Deleted successfully.C:\Users\Free TV\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.C:\Users\Free TV\AppData\Local\Temp\Quarantine.exe => Moved successfully.C:\Users\Free TV\AppData\Local\Temp\SpOrder.dll => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0EB28CAE-D834-4315-8644-FD732BBBB925} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EB28CAE-D834-4315-8644-FD732BBBB925} => Key deleted successfully.C:\Windows\System32\Tasks\bench-Updater removing => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-Updater removing => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{36A2B0B8-1565-47DF-AC59-7FD1325F82E7} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36A2B0B8-1565-47DF-AC59-7FD1325F82E7} => Key deleted successfully.C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-2615036311-676016454-2974206876-1000 => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-2615036311-676016454-2974206876-1000 => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{447C9E61-056C-4BB0-8F13-83FE8B182C27} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{447C9E61-056C-4BB0-8F13-83FE8B182C27} => Key deleted successfully.C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4A15A189-3045-4311-A5DD-0EDCD30BC66E} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A15A189-3045-4311-A5DD-0EDCD30BC66E} => Key deleted successfully.C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E656419-29DD-4AB7-8A1C-61BA90D73E4B} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E656419-29DD-4AB7-8A1C-61BA90D73E4B} => Key deleted successfully.C:\Windows\System32\Tasks\bench-sys => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-sys => Key deleted successfully.C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully."C:\Program Files (x86)\Bench" => File/Directory not found. The system needs a manual reboot. ==== End of Fixlog ====
  8. westonreed
    I'm a bit confused. What do I use to run the fixlist.txt file? And the fixlist.txt file has to be in the same location as the FRST.txt file that I posted in my last message, correct?
  9. westonreed
    These were too long to copy & paste. Addition.txt FRST.txt
  10. westonreed
    I made it through Step 5, but was unable to access the online scanner in Step 6 since I still cannot connect to the internet. Should I skip Step 6 and continue onto Step 7? Below are the log files: mbar-log (Scan 1 - Step 3) Malwarebytes Anti-Rootkit BETA 1.07.0.1008www.malwarebytes.org Database version: v2013.10.02.12 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476Free TV :: FREETV-PC [administrator] 12/30/2013 7:48:38 PMmbar-log-2013-12-30 (19-48-38).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 209622Time elapsed: 6 minute(s), 7 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\WINDOWS\SYSTEM32\drivers\atikmdag.sys.bak (Unknown.Rootkit.Driver) -> Replace on reboot. Physical Sectors Detected: 0(No malicious items detected) (end) mbar-log (Scan 2 - Step 3) Malwarebytes Anti-Rootkit BETA 1.07.0.1008www.malwarebytes.org Database version: v2013.10.02.12 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476Free TV :: FREETV-PC [administrator] 12/30/2013 7:57:31 PMmbar-log-2013-12-30 (19-57-31).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 209569Time elapsed: 6 minute(s), 24 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) system-log (Step 3) ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.695000 GHzMemory total: 4003078144, free: 2860539904 ======================================= ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.695000 GHzMemory total: 4003078144, free: 2867851264 DNS errorDNS errorDNS error======================================= ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.695000 GHzMemory total: 4003078144, free: 2844839936 DNS error======================================= ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.695000 GHzMemory total: 4003078144, free: 2833010688 DNS error======================================= ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.695000 GHzMemory total: 4003078144, free: 2833022976 DNS error=======================================Initializing...------------ Kernel report ------------ 12/30/2013 19:48:34------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_AuthenticAMD.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\pciide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\DRIVERS\amd_sata.sys\SystemRoot\system32\DRIVERS\storport.sys\SystemRoot\system32\DRIVERS\amd_xata.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\DRIVERS\MpFilter.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\serial.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\atikmpag.sys\SystemRoot\system32\DRIVERS\atikmdag.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\usbohci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\serenum.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\amdppm.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\AtihdW76.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\MBfilt64.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_diskdump.sys\SystemRoot\System32\Drivers\dump_amd_sata.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\system32\DRIVERS\WUDFRd.sys\SystemRoot\system32\DRIVERS\netr7364.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\nsi.dll\Windows\System32\urlmon.dll\Windows\System32\shlwapi.dll\Windows\System32\msctf.dll\Windows\System32\usp10.dll\Windows\System32\imagehlp.dll\Windows\System32\gdi32.dll\Windows\System32\shell32.dll\Windows\System32\psapi.dll\Windows\System32\sechost.dll\Windows\System32\setupapi.dll\Windows\System32\msvcrt.dll\Windows\System32\imm32.dll\Windows\System32\ws2_32.dll\Windows\System32\clbcatq.dll\Windows\System32\normaliz.dll\Windows\System32\wininet.dll\Windows\System32\iertutil.dll\Windows\System32\rpcrt4.dll\Windows\System32\Wldap32.dll\Windows\System32\comdlg32.dll\Windows\System32\advapi32.dll\Windows\System32\difxapi.dll\Windows\System32\ole32.dll\Windows\System32\kernel32.dll\Windows\System32\user32.dll\Windows\System32\oleaut32.dll\Windows\System32\lpk.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\wintrust.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\comctl32.dll\Windows\System32\crypt32.dll\Windows\System32\devobj.dll\Windows\System32\KernelBase.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\cfgmgr32.dll\Windows\System32\msasn1.dll\Windows\SysWOW64\normaliz.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk1\DR4Upper Device Object: 0xfffffa800479f790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000085\Lower Device Object: 0xfffffa8003b59880Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa80048db060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000005c\Lower Device Object: 0xfffffa8004634060Lower Device Driver Name: \Driver\amd_sata\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa80048db060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa80048da570, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80048db060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800462f040, DeviceName: Unknown, DriverName: \Driver\amd_xata\DevicePointer: 0xfffffa8004634060, DeviceName: \Device\0000005c\, DriverName: \Driver\amd_sata\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesFile C:\WINDOWS\SYSTEM32\drivers\atikmdag.sys.bak --> [Forged file]Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\atikmdag.sys.bakInfected: C:\WINDOWS\SYSTEM32\drivers\atikmdag.sys.bak --> [unknown.Rootkit.Driver]Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 9160F1BA Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 976564224 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Physical Sector Size: 512Drive: 1, DevicePointer: 0xfffffa800479f790, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8004508940, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800479f790, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8003b59880, DeviceName: \Device\00000085\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: 0 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 31946752 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 16358768640 bytesSector size: 512 bytes Done!Scan finishedCreating System Restore point...Cleaning up...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesRemoval scheduling successful. System shutdown needed.System shutdown occurred======================================= ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.695000 GHzMemory total: 4003078144, free: 2917695488 =======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.695000 GHzMemory total: 4003078144, free: 2583875584 DNS error=======================================Initializing...------------ Kernel report ------------ 12/30/2013 19:57:26------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_AuthenticAMD.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\pciide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\DRIVERS\amd_sata.sys\SystemRoot\system32\DRIVERS\storport.sys\SystemRoot\system32\DRIVERS\amd_xata.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\DRIVERS\MpFilter.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\serial.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\atikmpag.sys\SystemRoot\system32\DRIVERS\atikmdag.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\usbohci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\serenum.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\amdppm.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\AtihdW76.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\MBfilt64.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_diskdump.sys\SystemRoot\System32\Drivers\dump_amd_sata.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\netr7364.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\imagehlp.dll\Windows\System32\sechost.dll\Windows\System32\advapi32.dll\Windows\System32\iertutil.dll\Windows\System32\psapi.dll\Windows\System32\wininet.dll\Windows\System32\user32.dll\Windows\System32\urlmon.dll\Windows\System32\ole32.dll\Windows\System32\setupapi.dll\Windows\System32\nsi.dll\Windows\System32\usp10.dll\Windows\System32\kernel32.dll\Windows\System32\Wldap32.dll\Windows\System32\shell32.dll\Windows\System32\gdi32.dll\Windows\System32\difxapi.dll\Windows\System32\shlwapi.dll\Windows\System32\clbcatq.dll\Windows\System32\comdlg32.dll\Windows\System32\ws2_32.dll\Windows\System32\rpcrt4.dll\Windows\System32\oleaut32.dll\Windows\System32\msvcrt.dll\Windows\System32\normaliz.dll\Windows\System32\imm32.dll\Windows\System32\lpk.dll\Windows\System32\msctf.dll\Windows\System32\comctl32.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\cfgmgr32.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xfffffa80059b1060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000006b\Lower Device Object: 0xfffffa80059b4b60Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa80044e9060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000005c\Lower Device Object: 0xfffffa8004394060Lower Device Driver Name: \Driver\amd_sata\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa80044e9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa80044e9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80044e9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800438e040, DeviceName: Unknown, DriverName: \Driver\amd_xata\DevicePointer: 0xfffffa8004394060, DeviceName: \Device\0000005c\, DriverName: \Driver\amd_sata\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesFile user open failed: C:\WINDOWS\SYSTEM32\drivers\atikmdag.sys.bak (0x00000570)Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 9160F1BA Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 976564224 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Physical Sector Size: 512Drive: 1, DevicePointer: 0xfffffa80059b1060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa800598d040, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80059b1060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa80059b4b60, DeviceName: \Device\0000006b\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: 0 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 31946752 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 16358768640 bytesSector size: 512 bytes Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_1_0_2048_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...Removal finished JRT (Step 4) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 7 Home Premium x64Ran by Free TV on Mon 12/30/2013 at 20:05:35.62~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\Users\Free TV\appdata\locallow\SkwConfig.bin" ~~~ Folders Successfully deleted: [Folder] "C:\Users\Free TV\appdata\local\cre" ~~~ Chrome Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaffSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 12/30/2013 at 20:10:25.33End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner[s0] (Step 5) # AdwCleaner v3.016 - Report created 30/12/2013 at 20:15:05# Updated 23/12/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Free TV - FREETV-PC# Running from : C:\Users\Free TV\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v20.0.1 (en-US) [ File : C:\Users\Free TV\AppData\Roaming\Mozilla\Firefox\Profiles\ozveqk2f.default-1388206397904\prefs.js ] -\\ Google Chrome v31.0.1650.63 [ File : C:\Users\Free TV\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [920 octets] - [30/12/2013 20:13:28]AdwCleaner[s0].txt - [842 octets] - [30/12/2013 20:15:05] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [901 octets] ########## mbam-log (Step 5) Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.12.28.02 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476Free TV :: FREETV-PC [administrator] 12/30/2013 8:20:46 PMmbam-log-2013-12-30 (20-20-46).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 205211Time elapsed: 2 minute(s), 28 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  11. westonreed
    I extracted the files in Step 3 and opened the file "mbar.exe", but when I clicked "update" this message appeared: "Failed: DNS error"
  12. westonreed
    Thank you for your quick reply! Below are two reports. I wasn't sure if you meant for me to post the log from Step 0, but I posted it just in case. Thanks! Report 1 (Step 0): Rkill Rkill 2.6.4 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2013 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 12/30/2013 06:38:43 PM in x64 mode.Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * Explorer Policy Removed: NoActiveDesktopChanges [HKLM] Backup Registry file created at: C:\Users\Free TV\Desktop\rkill\rkill-12-30-2013-06-38-49.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * Windows Update (wuauserv) is not Running. Startup Type set to: Automatic (Delayed Start) Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 12/30/2013 06:39:22 PMExecution time: 0 hours(s), 0 minute(s), and 39 seconds(s) Report 2 (Step 3): RogueKiller RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Free TV [Admin rights]Mode : Scan -- Date : 12/30/2013 18:50:34| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD50 00AZRX-00A8LB0 SATA Disk Device +++++--- User ---[MBR] 9f465ba2521fa2f780d913c3b94c71fa[bSP] 44fcccf5c24edcd4e295614aeba8f15f : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) PNY USB 2.0 FD USB Device +++++--- User ---[MBR] 02dbd0654d7896eb339ccec1fa321dda[bSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 15599 MoUser = LL1 ... OK!Error reading LL2 MBR! ([0x32] The request is not supported. ) Finished : << RKreport[0]_S_12302013_185034.txt >>
  13. westonreed
    48 Hour Bump I know I'm not supposed to reply to my post, but I am really frustrated that I cannot access the internet with my computer! My computer was infected, but at least I was able to connect to the internet before using Malwarebytes. I don't mean to be rude, but I would very much appreciate someone's help with this issue. I use this computer as an HTPC and do not have satellite or cable so I really would like to have the internet running asap. I have also attached the "attach.txt" and "dds.txt" files. Maybe this is why I have yet to receive assistance? attach.txt dds.txt
  14. westonreed
    I ran a Malwarebytes scan last night. It found roughly 10 adware files on my computer so I selected each and removed them using Malwarebytes. I then restarted my computer, per a Malwarebytes message. Once my computer restarted, I noticed that I could no longer connect to the internet and this is still the case 12 hours later, I saw a couple conversations on this forum that describe a similar situation, but the course of action seems to be different for each so I decided to play it safe and get directions to fix my problem, specifically. I have attached the mbam log file. mbam_log.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.