FalseStream

Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` JavaFX 2.1.1 Java 7 Update 67 Adobe Flash Player 14.0.0.145 Mozilla Firefox (31.0) Google Chrome 36.0.1985.125 Google Chrome 36.0.1985.143 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````

PC seems to be running great. Everything already feels much faster and snappier to load. Your help has been very much appreciated!

Ok done with all 3 of them to your instructions. I'll attach all 3 logs here. AdwCleanerS0.txt JRT.txt MBAM.txt

OK Before I seen your most recent post ComboFix randomly just popped up and started working! Let me know if you still want me to run aswMBR. ComboFix 14-08-21.01 - James 08/22/2014 11:42:16.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.5429 [GMT -7:00] Running from: c:\users\James\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\users\James\AppData\Roaming\inst.exe c:\windows\SysWow64\DEBUG.log c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2014-07-22 to 2014-08-22 ))))))))))))))))))))))))))))))) . . 2014-08-22 18:52 . 2014-08-22 18:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-08-22 15:55 . 2014-08-22 15:55 -------- d-----w- c:\windows\ERUNT 2014-08-22 13:42 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0947EA22-3FC5-4336-9C9E-743BEA8100C8}\mpengine.dll 2014-08-22 12:50 . 2014-08-22 12:51 -------- d-----w- C:\FRST 2014-08-22 12:06 . 2014-08-22 14:42 33512 ----a-w- c:\windows\SysWow64\drivers\TrueSight.sys 2014-08-22 12:06 . 2014-08-22 12:06 -------- d-----w- c:\programdata\RogueKiller 2014-08-21 21:25 . 2014-08-21 21:43 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2014-08-21 17:30 . 2014-08-22 16:05 -------- d-----w- C:\TDSSKiller_Quarantine 2014-08-21 15:55 . 2014-08-22 17:55 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-08-21 15:54 . 2014-08-21 21:25 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-08-21 15:54 . 2014-08-21 15:54 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-08-21 15:54 . 2014-05-12 14:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-08-21 02:53 . 2014-08-21 02:53 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C94199D-486D-4FB0-8EF3-519C024993E9}\gapaengine.dll 2014-08-21 02:53 . 2014-08-07 08:59 11319200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-08-17 21:01 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll 2014-08-17 21:01 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll 2014-08-17 21:01 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax 2014-08-17 21:01 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax 2014-08-17 21:01 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll 2014-08-17 21:01 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll 2014-08-15 19:19 . 2014-08-15 19:19 -------- d-----w- c:\users\James\AppData\Roaming\Opera Software 2014-08-15 19:19 . 2014-08-15 19:19 -------- d-----w- c:\users\James\AppData\Local\Opera Software 2014-08-15 19:19 . 2014-08-19 19:20 -------- d-----w- c:\program files (x86)\Opera 2014-08-14 04:06 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll 2014-08-14 04:06 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe 2014-08-14 04:06 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll 2014-08-14 04:06 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe 2014-08-14 04:06 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll 2014-08-14 04:06 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll 2014-08-14 04:06 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe 2014-08-14 04:06 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe 2014-08-14 04:04 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll 2014-08-14 04:03 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll 2014-08-14 04:03 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2014-08-14 04:03 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll 2014-08-14 04:03 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll 2014-08-07 20:12 . 2014-08-07 20:12 -------- d-----w- c:\program files (x86)\Common Files\Skype 2014-08-07 17:14 . 2014-08-07 17:14 -------- d-----w- c:\users\James\AppData\Local\Skype 2014-08-07 17:14 . 2014-08-07 20:12 -------- d-----r- c:\program files (x86)\Skype 2014-08-03 19:42 . 2014-08-03 19:47 -------- d-----w- c:\users\James\AppData\Local\pangu 2014-08-02 03:47 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll 2014-08-02 03:47 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe 2014-08-02 03:47 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll 2014-08-02 03:47 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll 2014-08-02 03:46 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll 2014-08-02 03:46 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll 2014-08-02 03:46 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll 2014-08-02 03:46 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll 2014-08-02 03:46 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll 2014-08-02 03:46 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll 2014-08-02 03:46 . 2014-05-14 16:23 198600 ----a-w- c:\windows\system32\wuwebv.dll 2014-08-02 03:46 . 2014-05-14 16:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll 2014-08-02 03:46 . 2014-05-14 16:20 36864 ----a-w- c:\windows\system32\wuapp.exe 2014-08-02 03:46 . 2014-05-14 16:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-08-22 16:11 . 2010-11-21 03:24 512000 ----a-w- c:\windows\system32\rpcss.dll 2014-08-21 18:16 . 2012-05-28 15:59 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2014-08-14 04:10 . 2012-02-02 07:15 99218768 ----a-w- c:\windows\system32\MRT.exe 2014-07-21 03:14 . 2012-04-12 16:45 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-07-21 03:14 . 2012-02-02 17:18 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-07-11 10:02 . 2014-07-20 23:19 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-06-29 17:53 . 2012-02-02 16:40 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2014-06-29 17:53 . 2012-02-02 16:40 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2014-06-29 17:53 . 2012-02-02 16:40 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2014-06-29 17:53 . 2012-02-02 16:40 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2014-06-18 02:18 . 2014-07-21 03:02 692736 ----a-w- c:\windows\system32\osk.exe 2014-06-18 01:51 . 2014-07-21 03:02 646144 ----a-w- c:\windows\SysWow64\osk.exe 2014-06-13 23:56 . 2014-06-13 23:56 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2014-06-13 23:56 . 2013-01-23 14:15 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2014-06-13 23:56 . 2014-06-13 23:56 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2014-06-06 10:10 . 2014-07-21 03:01 624128 ----a-w- c:\windows\system32\qedit.dll 2014-06-06 09:44 . 2014-07-21 03:01 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-06-05 14:45 . 2014-07-21 03:02 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-06-05 14:26 . 2014-07-21 03:02 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-06-05 14:25 . 2014-07-21 03:02 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2014-05-30 08:08 . 2014-07-21 03:02 210944 ----a-w- c:\windows\system32\wdigest.dll 2014-05-30 08:08 . 2014-07-21 03:02 86528 ----a-w- c:\windows\system32\TSpkg.dll 2014-05-30 08:08 . 2014-07-21 03:02 340992 ----a-w- c:\windows\system32\schannel.dll 2014-05-30 08:08 . 2014-07-21 03:02 314880 ----a-w- c:\windows\system32\msv1_0.dll 2014-05-30 08:08 . 2014-07-21 03:02 307200 ----a-w- c:\windows\system32\ncrypt.dll 2014-05-30 08:08 . 2014-07-21 03:02 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-05-30 08:08 . 2014-07-21 03:02 22016 ----a-w- c:\windows\system32\credssp.dll 2014-05-30 07:52 . 2014-07-21 03:02 172032 ----a-w- c:\windows\SysWow64\wdigest.dll 2014-05-30 07:52 . 2014-07-21 03:02 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll 2014-05-30 07:52 . 2014-07-21 03:02 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2014-05-30 07:52 . 2014-07-21 03:02 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2014-05-30 07:52 . 2014-07-21 03:02 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll 2014-05-30 07:52 . 2014-07-21 03:02 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-05-30 07:52 . 2014-07-21 03:02 17408 ----a-w- c:\windows\SysWow64\credssp.dll 2014-05-30 06:45 . 2014-07-21 03:01 497152 ----a-w- c:\windows\system32\drivers\afd.sys 2014-05-27 08:13 . 2014-05-27 08:13 34016 ----a-w- c:\windows\system32\drivers\xb1usb.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2014-08-13 1937600] "Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-08-20 55568] "Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2013-10-31 2990304] "uTorrent"="c:\users\James\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-10 1329744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2013-09-09 490480] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536] "KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2013-07-20 2010624] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-18 767200] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe -minimize [2014-7-18 521216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 AEAudioL;AE USB Audio Driver-Lower (WDM);c:\windows\system32\drivers\AEAudioL64.sys;c:\windows\SYSNATIVE\drivers\AEAudioL64.sys [x] R3 ALSysIO;ALSysIO;c:\users\James\AppData\Local\Temp\ALSysIO64.sys;c:\users\James\AppData\Local\Temp\ALSysIO64.sys [x] R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x] R3 BRDriver64;BRDriver64;c:\programdata\bitraider\BRDriver64.sys;c:\programdata\bitraider\BRDriver64.sys [x] R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x] R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 xb1usb;Microsoft Xbox One Controller Driver;c:\windows\system32\DRIVERS\xb1usb.sys;c:\windows\SYSNATIVE\DRIVERS\xb1usb.sys [x] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S2 AEFilters;Andrea Filters Service64;c:\windows\system32\AEFiltersSrv64.exe;c:\windows\SYSNATIVE\AEFiltersSrv64.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AVerRECentral;AVerRECentral;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe [x] S2 CouponPrinterService;Coupon Printer Service;c:\program files (x86)\Coupons\CouponPrinterService.exe;c:\program files (x86)\Coupons\CouponPrinterService.exe [x] S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x] S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 AVer330;AVer330;c:\windows\system32\DRIVERS\AVer330.sys;c:\windows\SYSNATIVE\DRIVERS\AVer330.sys [x] S3 CMUSBDAC;USB Audio Class 1.0 and 2.0 DAC Device Driver;c:\windows\system32\DRIVERS\CMUSBDAC.sys;c:\windows\SYSNATIVE\DRIVERS\CMUSBDAC.sys [x] S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x] S3 ipadtst;ipadtst;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys [x] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x] S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys;c:\windows\SYSNATIVE\Drivers\LGPBTDD.sys [x] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x] S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-08-15 18:50 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-19 15:09] . 2014-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-19 15:09] . 2014-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2457200468-230173834-797787707-1001Core.job - c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-23 19:23] . 2014-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2457200468-230173834-797787707-1001UA.job - c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-23 19:23] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-08-10 6548112] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184] "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\cysf2oha.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-AdobeBridge - (no file) Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe SafeBoot-03721107.sys SafeBoot-18373969.sys HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-GOGPACKPAPERSPLEASE_is1 - c:\gog games\Papers . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{964CCFF4-2078-4C39-A466-DD4AE8F3329E}"=hex:51,66,7a,6c,4c,1d,38,12,9a,cc,5f, 92,4a,6e,57,09,db,70,9e,0a,ed,ad,76,8a "{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,38,12,c0,08,7b, 68,6e,2b,53,0b,f0,d2,a5,e5,25,9d,9d,3c "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}"=hex:51,66,7a,6c,4c,1d,3b,1b,64,78,53, 54,75,5c,8a,34,aa,62,82,42,ba,d5,f4,71 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:7d,34,04,6a,b0,ce,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,16,f6,5a,8d,6f,51,45,9d,44,8b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,16,f6,5a,8d,6f,51,45,9d,44,8b,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-08-22 11:54:54 ComboFix-quarantined-files.txt 2014-08-22 18:54 . Pre-Run: 54,724,071,424 bytes free Post-Run: 54,794,911,744 bytes free . - - End Of File - - 3BB512D9573EB6ACD1A29816963F0FF8 A36C5E4F47E84449FF07ED3517B43A31

No dice. Ran that un-installer. Deleted ComboFix. Restarted my PC. Downloaded ComboFix and it ran through the install then just sort of dissappeared again.

OK I retried and that didn't work. Ignored and it went past. ComboFix loaded. I clicked I Agree and it went through backing up the registry, then it sort of dissappeared. I left my computer for a bit but nothing ever re-appeared. I checked task manager and it seems like the ComboFix processes are there running but nothing.

Created a Restore Point in Windows. Downloaded Delfix and used it to backup the registry as described. Downloaded TDSSKiller and used it to cure 2 items regarding rpcss.dll. Log file attached. Next I downloaded Combofix and disabled all my anti-malware stuff etc. but when I tried to open it I get a weird error. TDSSKiller.3.0.0.40_22.08.2014_08.59.48_log.txt

Ran RogueKiller again and got the same result. Grabbed a screen shot though. My computer restarts before the prescan can complete. Screenshot attached.

Completed MBAM threat scan. Here's the log. Will try to run RogueKiller again right now. If it causes a reboot during prescan this time I'll try to grab a screenshot. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 8/22/2014 Scan Time: 7:18:11 AM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.08.22.05 Rootkit Database: v2014.08.21.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: James Scan Type: Threat Scan Result: Completed Objects Scanned: 323150 Time Elapsed: 16 min, 36 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

So I've been trying to figure out how to get rid of some nasty malware. I'll do my best to explain what I have done since yesterday to figure this one out. Started by running MBAM and getting rid of SweetIM. Then enabled free trial of the real time protection. Started getting pop-ups about it blocking outgoing connections to 88.214.193.212 from svchost.exe (Protection log attached) MBAM scan is not picking up anything else even when completely a full scan. Microsoft Security Essentials is also not picking up anything when completing full scan. Installed and ran RogueKiller just to see what came up. RogueKiller detected something I believe was root.zekos but as soon as it doesn I get a windows popup that said something along the lines of plug and play service has failed and windows must reboot. At which point my PC just reboots itself. It doesn't seem RogueKiller makes a log of this? At this point I have just ran FRST and the logs are attached also. Any help MUCH appreciated. Addition.txt FRST.txt MBAMProtectionLog.txt