FalseStream

August 22, 2014

Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 7 Update 67
Adobe Flash Player 14.0.0.145
Mozilla Firefox (31.0)
Google Chrome 36.0.1985.125
Google Chrome 36.0.1985.143
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

August 22, 2014

PC seems to be running great. Everything already feels much faster and snappier to load.

Your help has been very much appreciated!

August 22, 2014

Ok done with all 3 of them to your instructions. I'll attach all 3 logs here.

AdwCleanerS0.txt

JRT.txt

MBAM.txt

August 22, 2014

OK Before I seen your most recent post ComboFix randomly just popped up and started working! Let me know if you still want me to run aswMBR.

ComboFix 14-08-21.01 - James 08/22/2014 11:42:16.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8173.5429 [GMT -7:00]
Running from: c:\users\James\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\James\AppData\Roaming\inst.exe
c:\windows\SysWow64\DEBUG.log
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-22 to 2014-08-22 )))))))))))))))))))))))))))))))
.
.
2014-08-22 18:52 . 2014-08-22 18:52   --------   d-----w-   c:\users\Default\AppData\Local\temp
2014-08-22 15:55 . 2014-08-22 15:55   --------   d-----w-   c:\windows\ERUNT
2014-08-22 13:42 . 2014-08-21 03:43   11319192   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0947EA22-3FC5-4336-9C9E-743BEA8100C8}\mpengine.dll
2014-08-22 12:50 . 2014-08-22 12:51   --------   d-----w-   C:\FRST
2014-08-22 12:06 . 2014-08-22 14:42   33512   ----a-w-   c:\windows\SysWow64\drivers\TrueSight.sys
2014-08-22 12:06 . 2014-08-22 12:06   --------   d-----w-   c:\programdata\RogueKiller
2014-08-21 21:25 . 2014-08-21 21:43   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-08-21 17:30 . 2014-08-22 16:05   --------   d-----w-   C:\TDSSKiller_Quarantine
2014-08-21 15:55 . 2014-08-22 17:55   122584   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-21 15:54 . 2014-08-21 21:25   92888   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2014-08-21 15:54 . 2014-08-21 15:54   --------   d-----w-   c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-21 15:54 . 2014-05-12 14:26   63704   ----a-w-   c:\windows\system32\drivers\mwac.sys
2014-08-21 02:53 . 2014-08-21 02:53   1169712   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C94199D-486D-4FB0-8EF3-519C024993E9}\gapaengine.dll
2014-08-21 02:53 . 2014-08-07 08:59   11319200   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-17 21:01 . 2011-05-30 13:42   240640   ----a-w-   c:\windows\SysWow64\xvidvfw.dll
2014-08-17 21:01 . 2011-05-30 13:42   255488   ----a-w-   c:\windows\system32\xvidvfw.dll
2014-08-17 21:01 . 2011-05-23 09:52   153088   ----a-w-   c:\windows\SysWow64\xvid.ax
2014-08-17 21:01 . 2011-05-23 07:49   173568   ----a-w-   c:\windows\system32\xvid.ax
2014-08-17 21:01 . 2011-05-23 07:46   645632   ----a-w-   c:\windows\SysWow64\xvidcore.dll
2014-08-17 21:01 . 2011-05-23 07:45   696832   ----a-w-   c:\windows\system32\xvidcore.dll
2014-08-15 19:19 . 2014-08-15 19:19   --------   d-----w-   c:\users\James\AppData\Roaming\Opera Software
2014-08-15 19:19 . 2014-08-15 19:19   --------   d-----w-   c:\users\James\AppData\Local\Opera Software
2014-08-15 19:19 . 2014-08-19 19:20   --------   d-----w-   c:\program files (x86)\Opera
2014-08-14 04:06 . 2014-03-09 21:48   171160   ----a-w-   c:\windows\system32\infocardapi.dll
2014-08-14 04:06 . 2014-03-09 21:48   1389208   ----a-w-   c:\windows\system32\icardagt.exe
2014-08-14 04:06 . 2014-03-09 21:47   99480   ----a-w-   c:\windows\SysWow64\infocardapi.dll
2014-08-14 04:06 . 2014-03-09 21:47   619672   ----a-w-   c:\windows\SysWow64\icardagt.exe
2014-08-14 04:06 . 2014-06-30 22:24   8856   ----a-w-   c:\windows\system32\icardres.dll
2014-08-14 04:06 . 2014-06-30 22:14   8856   ----a-w-   c:\windows\SysWow64\icardres.dll
2014-08-14 04:06 . 2014-06-06 06:16   35480   ----a-w-   c:\windows\SysWow64\TsWpfWrp.exe
2014-08-14 04:06 . 2014-06-06 06:12   35480   ----a-w-   c:\windows\system32\TsWpfWrp.exe
2014-08-14 04:04 . 2014-07-16 03:23   2048   ----a-w-   c:\windows\system32\tzres.dll
2014-08-14 04:03 . 2014-07-14 02:02   1216000   ----a-w-   c:\windows\system32\rpcrt4.dll
2014-08-14 04:03 . 2014-07-14 01:40   664064   ----a-w-   c:\windows\SysWow64\rpcrt4.dll
2014-08-14 04:03 . 2014-08-07 02:06   529920   ----a-w-   c:\windows\system32\aepdu.dll
2014-08-14 04:03 . 2014-08-07 02:01   424448   ----a-w-   c:\windows\system32\aeinv.dll
2014-08-07 20:12 . 2014-08-07 20:12   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2014-08-07 17:14 . 2014-08-07 17:14   --------   d-----w-   c:\users\James\AppData\Local\Skype
2014-08-07 17:14 . 2014-08-07 20:12   --------   d-----r-   c:\program files (x86)\Skype
2014-08-03 19:42 . 2014-08-03 19:47   --------   d-----w-   c:\users\James\AppData\Local\pangu
2014-08-02 03:47 . 2014-05-14 16:23   44512   ----a-w-   c:\windows\system32\wups2.dll
2014-08-02 03:47 . 2014-05-14 16:23   58336   ----a-w-   c:\windows\system32\wuauclt.exe
2014-08-02 03:47 . 2014-05-14 16:23   2477536   ----a-w-   c:\windows\system32\wuaueng.dll
2014-08-02 03:47 . 2014-05-14 16:21   2620928   ----a-w-   c:\windows\system32\wucltux.dll
2014-08-02 03:46 . 2014-05-14 16:23   38880   ----a-w-   c:\windows\system32\wups.dll
2014-08-02 03:46 . 2014-05-14 16:23   700384   ----a-w-   c:\windows\system32\wuapi.dll
2014-08-02 03:46 . 2014-05-14 16:20   97792   ----a-w-   c:\windows\system32\wudriver.dll
2014-08-02 03:46 . 2014-05-14 16:17   92672   ----a-w-   c:\windows\SysWow64\wudriver.dll
2014-08-02 03:46 . 2014-05-14 16:23   36320   ----a-w-   c:\windows\SysWow64\wups.dll
2014-08-02 03:46 . 2014-05-14 16:23   581600   ----a-w-   c:\windows\SysWow64\wuapi.dll
2014-08-02 03:46 . 2014-05-14 16:23   198600   ----a-w-   c:\windows\system32\wuwebv.dll
2014-08-02 03:46 . 2014-05-14 16:23   179656   ----a-w-   c:\windows\SysWow64\wuwebv.dll
2014-08-02 03:46 . 2014-05-14 16:20   36864   ----a-w-   c:\windows\system32\wuapp.exe
2014-08-02 03:46 . 2014-05-14 16:17   33792   ----a-w-   c:\windows\SysWow64\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-22 16:11 . 2010-11-21 03:24   512000   ----a-w-   c:\windows\system32\rpcss.dll
2014-08-21 18:16 . 2012-05-28 15:59   23256   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-14 04:10 . 2012-02-02 07:15   99218768   ----a-w-   c:\windows\system32\MRT.exe
2014-07-21 03:14 . 2012-04-12 16:45   699056   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-21 03:14 . 2012-02-02 17:18   71344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-11 10:02 . 2014-07-20 23:19   98216   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-29 17:53 . 2012-02-02 16:40   466456   ----a-w-   c:\windows\system32\wrap_oal.dll
2014-06-29 17:53 . 2012-02-02 16:40   444952   ----a-w-   c:\windows\SysWow64\wrap_oal.dll
2014-06-29 17:53 . 2012-02-02 16:40   122904   ----a-w-   c:\windows\system32\OpenAL32.dll
2014-06-29 17:53 . 2012-02-02 16:40   109080   ----a-w-   c:\windows\SysWow64\OpenAL32.dll
2014-06-18 02:18 . 2014-07-21 03:02   692736   ----a-w-   c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-21 03:02   646144   ----a-w-   c:\windows\SysWow64\osk.exe
2014-06-13 23:56 . 2014-06-13 23:56   281872   ----a-w-   c:\windows\SysWow64\PnkBstrB.exe
2014-06-13 23:56 . 2013-01-23 14:15   281872   ----a-w-   c:\windows\SysWow64\PnkBstrB.ex0
2014-06-13 23:56 . 2014-06-13 23:56   76888   ----a-w-   c:\windows\SysWow64\PnkBstrA.exe
2014-06-06 10:10 . 2014-07-21 03:01   624128   ----a-w-   c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-21 03:01   509440   ----a-w-   c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-21 03:02   1460736   ----a-w-   c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-21 03:02   22016   ----a-w-   c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-21 03:02   96768   ----a-w-   c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-21 03:02   210944   ----a-w-   c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-21 03:02   86528   ----a-w-   c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-21 03:02   340992   ----a-w-   c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-21 03:02   314880   ----a-w-   c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-21 03:02   307200   ----a-w-   c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-21 03:02   728064   ----a-w-   c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-21 03:02   22016   ----a-w-   c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-21 03:02   172032   ----a-w-   c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-21 03:02   65536   ----a-w-   c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-21 03:02   247808   ----a-w-   c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-21 03:02   220160   ----a-w-   c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-21 03:02   259584   ----a-w-   c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-21 03:02   550912   ----a-w-   c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-21 03:02   17408   ----a-w-   c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-21 03:01   497152   ----a-w-   c:\windows\system32\drivers\afd.sys
2014-05-27 08:13 . 2014-05-27 08:13   34016   ----a-w-   c:\windows\system32\drivers\xb1usb.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-08-13 1937600]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-08-20 55568]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2013-10-31 2990304]
"uTorrent"="c:\users\James\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-10 1329744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2013-09-09 490480]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2013-07-20 2010624]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-18 767200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe -minimize [2014-7-18 521216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AEAudioL;AE USB Audio Driver-Lower (WDM);c:\windows\system32\drivers\AEAudioL64.sys;c:\windows\SYSNATIVE\drivers\AEAudioL64.sys [x]
R3 ALSysIO;ALSysIO;c:\users\James\AppData\Local\Temp\ALSysIO64.sys;c:\users\James\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
R3 BRDriver64;BRDriver64;c:\programdata\bitraider\BRDriver64.sys;c:\programdata\bitraider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 xb1usb;Microsoft Xbox One Controller Driver;c:\windows\system32\DRIVERS\xb1usb.sys;c:\windows\SYSNATIVE\DRIVERS\xb1usb.sys [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AEFilters;Andrea Filters Service64;c:\windows\system32\AEFiltersSrv64.exe;c:\windows\SYSNATIVE\AEFiltersSrv64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVerRECentral;AVerRECentral;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe [x]
S2 CouponPrinterService;Coupon Printer Service;c:\program files (x86)\Coupons\CouponPrinterService.exe;c:\program files (x86)\Coupons\CouponPrinterService.exe [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 AVer330;AVer330;c:\windows\system32\DRIVERS\AVer330.sys;c:\windows\SYSNATIVE\DRIVERS\AVer330.sys [x]
S3 CMUSBDAC;USB Audio Class 1.0 and 2.0 DAC Device Driver;c:\windows\system32\DRIVERS\CMUSBDAC.sys;c:\windows\SYSNATIVE\DRIVERS\CMUSBDAC.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
S3 ipadtst;ipadtst;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys;c:\windows\SYSNATIVE\Drivers\LGPBTDD.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 18:50   1104200   ----a-w-   c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-19 15:09]
.
2014-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-19 15:09]
.
2014-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2457200468-230173834-797787707-1001Core.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-23 19:23]
.
2014-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2457200468-230173834-797787707-1001UA.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-23 19:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-08-10 6548112]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\cysf2oha.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe
SafeBoot-03721107.sys
SafeBoot-18373969.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-GOGPACKPAPERSPLEASE_is1 - c:\gog games\Papers
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{964CCFF4-2078-4C39-A466-DD4AE8F3329E}"=hex:51,66,7a,6c,4c,1d,38,12,9a,cc,5f,
   92,4a,6e,57,09,db,70,9e,0a,ed,ad,76,8a
"{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,38,12,c0,08,7b,
   68,6e,2b,53,0b,f0,d2,a5,e5,25,9d,9d,3c
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}"=hex:51,66,7a,6c,4c,1d,3b,1b,64,78,53,
   54,75,5c,8a,34,aa,62,82,42,ba,d5,f4,71
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:7d,34,04,6a,b0,ce,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,16,f6,5a,8d,6f,51,45,9d,44,8b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,16,f6,5a,8d,6f,51,45,9d,44,8b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-22 11:54:54
ComboFix-quarantined-files.txt 2014-08-22 18:54
.
Pre-Run: 54,724,071,424 bytes free
Post-Run: 54,794,911,744 bytes free
.
- - End Of File - - 3BB512D9573EB6ACD1A29816963F0FF8
A36C5E4F47E84449FF07ED3517B43A31

August 22, 2014

No dice. Ran that un-installer. Deleted ComboFix. Restarted my PC. Downloaded ComboFix and it ran through the install then just sort of dissappeared again.

August 22, 2014

OK I retried and that didn't work. Ignored and it went past. ComboFix loaded. I clicked I Agree and it went through backing up the registry, then it sort of dissappeared.

I left my computer for a bit but nothing ever re-appeared. I checked task manager and it seems like the ComboFix processes are there running but nothing.

August 22, 2014

Created a Restore Point in Windows.

Downloaded Delfix and used it to backup the registry as described.

Downloaded TDSSKiller and used it to cure 2 items regarding rpcss.dll. Log file attached.

Next I downloaded Combofix and disabled all my anti-malware stuff etc. but when I tried to open it I get a weird error.

TDSSKiller.3.0.0.40_22.08.2014_08.59.48_log.txt

August 22, 2014

Ran RogueKiller again and got the same result. Grabbed a screen shot though. My computer restarts before the prescan can complete. Screenshot attached.

August 22, 2014

Completed MBAM threat scan. Here's the log. Will try to run RogueKiller again right now. If it causes a reboot during prescan this time I'll try to grab a screenshot.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/22/2014
Scan Time: 7:18:11 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.22.05
Rootkit Database: v2014.08.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: James

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323150
Time Elapsed: 16 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

August 22, 2014

So I've been trying to figure out how to get rid of some nasty malware. I'll do my best to explain what I have done since yesterday to figure this one out.

Started by running MBAM and getting rid of SweetIM. Then enabled free trial of the real time protection.

Started getting pop-ups about it blocking outgoing connections to 88.214.193.212 from svchost.exe (Protection log attached)

MBAM scan is not picking up anything else even when completely a full scan.

Microsoft Security Essentials is also not picking up anything when completing full scan.

Installed and ran RogueKiller just to see what came up.

RogueKiller detected something I believe was root.zekos but as soon as it doesn I get a windows popup that said something along the lines of plug and play service has failed and windows must reboot. At which point my PC just reboots itself. It doesn't seem RogueKiller makes a log of this?

At this point I have just ran FRST and the logs are attached also.

Any help MUCH appreciated.

Addition.txt

FRST.txt

MBAMProtectionLog.txt

Sign In

FalseStream

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Posts posted by FalseStream

SVCHost contacting malicious site 88.214.193.212

SVCHost contacting malicious site 88.214.193.212

SVCHost contacting malicious site 88.214.193.212

SVCHost contacting malicious site 88.214.193.212

SVCHost contacting malicious site 88.214.193.212

SVCHost contacting malicious site 88.214.193.212

SVCHost contacting malicious site 88.214.193.212

SVCHost contacting malicious site 88.214.193.212

SVCHost contacting malicious site 88.214.193.212

SVCHost contacting malicious site 88.214.193.212

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information