Malwarebytes "has successfully blocked access to a potentially malicious website"

TJP · July 6, 2013

I keep getting this message every 10 mins or so since I downloaded Malwarebytes seems to be predominately from differant IP addresses each time.

MrCharlie · July 6, 2013

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

TJP · July 7, 2013

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Tim at 11:42:48 on 2013-07-07
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3982.1178 [GMT 10:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Windows\system32\dashost.exe
C:\Windows\system32\DptfParticipantProcessorService.exe
C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Users\Tim\AppData\Roaming\uTorrent\uTorrent.exe
C:\Windows\system32\igfxpers.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\calc.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{1C553042-4C9C-464C-9ED6-B57801414CE5} : DHCPNameServer = 127.0.0.1
TCP: Interfaces\{E227AA00-55E6-4C0F-9B16-E21C15775550} : DHCPNameServer = 192.168.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: news.net: {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} -
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [DptfPolicyLpmServiceHelper] C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
x64-Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
x64-Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe
x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l3nzizsn.default-1372162192811\
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-06-03 13:35; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-6-3 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-6-3 189936]
R0 excsd;ExpressCache Storage Filter Driver;C:\Windows\System32\Drivers\excsd.sys [2012-11-27 95024]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-6 645952]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-6-3 1030952]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-6-3 378944]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-8 17536]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\Drivers\ctxusbm.sys [2012-12-5 98888]
R1 excfs;ExpressCache File System Filter Driver;C:\Windows\System32\Drivers\excfs.sys [2012-11-27 23344]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-14 277120]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-6-3 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-6-3 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-3 46808]
R2 DptfParticipantProcessorService;Intel® Dynamic Platform & Thermal Framework Processor Participant Service Application;C:\Windows\System32\DptfParticipantProcessorService.exe [2012-9-28 29056]
R2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-3-31 79664]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-21 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-11-27 129856]
R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-11-27 193576]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-27 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-27 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-27 701512]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-6-30 1153368]
R2 Start8;Stardock Start8;C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [2013-3-20 142960]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-27 365376]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-9-28 27792]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-25 17152]
R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-11-1 61824]
R3 DptfDevDram;DptfDevDram;C:\Windows\System32\Drivers\DptfDevDram.sys [2012-9-28 107328]
R3 DptfDevFan;DptfDevFan;C:\Windows\System32\Drivers\DptfDevFan.sys [2012-9-28 42816]
R3 DptfDevGen;DptfDevGen;C:\Windows\System32\Drivers\DptfDevGen.sys [2012-9-28 64832]
R3 DptfDevPch;DptfDevPch;C:\Windows\System32\Drivers\DptfDevPch.sys [2012-9-28 96064]
R3 DptfDevProc;DptfDevProc;C:\Windows\System32\Drivers\DptfDevProc.sys [2012-9-28 228672]
R3 DptfManager;DptfManager;C:\Windows\System32\Drivers\DptfManager.sys [2012-9-28 361792]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-9-28 21152]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-9-28 342528]
R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\Drivers\irstrtdv.sys [2012-11-27 43800]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-9-28 110744]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-6-27 25928]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\Drivers\viahduaa.sys [2012-9-28 2203792]
S2 DptfPolicyLpmService;Intel® Dynamic Platform & Thermal Framework Low Power Mode Service Application;C:\Windows\System32\DptfPolicyLpmService.exe [2012-9-28 36224]
S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-3 589824]
.
=============== Created Last 30 ================
.
2013-07-05 03:21:09   237744   ----a-w-   C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10209.bin
2013-06-29 14:46:43   --------   d-----w-   C:\ProgramData\Spybot - Search & Destroy
2013-06-29 14:46:43   --------   d-----w-   C:\Program Files (x86)\Spybot - Search & Destroy
2013-06-27 23:26:54   144384   ----a-w-   C:\Windows\System32\tssdisai.dll
2013-06-27 05:03:01   --------   d-----w-   C:\ProgramData\Stardock
2013-06-27 05:02:47   --------   d-----w-   C:\Program Files (x86)\Stardock
2013-06-26 14:14:39   --------   d-----w-   C:\Users\Tim\AppData\Roaming\Malwarebytes
2013-06-26 14:14:21   --------   d-----w-   C:\ProgramData\Malwarebytes
2013-06-26 14:14:19   25928   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2013-06-26 14:14:19   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-26 14:13:54   --------   d-----w-   C:\Users\Tim\AppData\Local\Programs
2013-06-22 03:01:11   --------   d-----w-   C:\Users\Tim\AppData\Local\Diagnostics
2013-06-20 03:00:38   --------   d-s---w-   C:\Users\Tim\Google Drive
2013-06-16 20:17:22   1300992   ----a-w-   C:\Windows\System32\gdi32.dll
2013-06-16 20:17:22   1022464   ----a-w-   C:\Windows\SysWow64\gdi32.dll
2013-06-16 18:47:50   888320   ----a-w-   C:\Windows\System32\autochk.exe
2013-06-16 18:47:50   793088   ----a-w-   C:\Windows\SysWow64\autochk.exe
2013-06-16 18:47:50   542208   ----a-w-   C:\Windows\System32\untfs.dll
2013-06-16 18:47:50   482816   ----a-w-   C:\Windows\SysWow64\untfs.dll
2013-06-13 04:14:06   25920   ----a-w-   C:\Windows\System32\dopdfmn7.dll
2013-06-13 04:14:06   21312   ----a-w-   C:\Windows\System32\dopdfmi7.dll
2013-06-13 04:14:06   --------   d-----w-   C:\Users\Tim\AppData\Roaming\Softland
2013-06-13 04:14:04   --------   d-----w-   C:\Program Files\doPDF 7
2013-06-13 04:05:37   --------   d-----w-   C:\Users\Tim\AppData\Roaming\PrimoPDF
2013-06-13 04:02:12   95008   ----a-w-   C:\Windows\System32\Primomonnt.dll
2013-06-13 04:02:08   --------   d-----w-   C:\Program Files (x86)\Nitro PDF
2013-06-12 18:55:51   17271808   ----a-w-   C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-12 18:55:50   16642560   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-12 17:43:05   2233600   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2013-06-12 17:04:31   1889280   ----a-w-   C:\Windows\System32\crypt32.dll
2013-06-12 17:04:31   1569792   ----a-w-   C:\Windows\SysWow64\crypt32.dll
2013-06-12 17:04:30   141312   ----a-w-   C:\Windows\System32\cryptnet.dll
2013-06-12 17:04:30   1255936   ----a-w-   C:\Windows\System32\certutil.exe
2013-06-12 17:04:30   1013248   ----a-w-   C:\Windows\SysWow64\certutil.exe
2013-06-12 17:04:29   68096   ----a-w-   C:\Windows\System32\cryptsvc.dll
2013-06-12 17:04:29   109056   ----a-w-   C:\Windows\SysWow64\cryptnet.dll
2013-06-12 16:23:02   733184   ----a-w-   C:\Windows\System32\win32spl.dll
2013-06-12 14:29:03   30720   ----a-w-   C:\Windows\System32\cryptdlg.dll
2013-06-12 14:29:03   25088   ----a-w-   C:\Windows\SysWow64\cryptdlg.dll
2013-06-11 22:51:25   9089416   ----a-w-   C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-06-09 07:36:53   --------   d-----w-   C:\Users\Tim\AppData\Roaming\uTorrent
.
==================== Find3M ====================
.
2013-07-06 02:50:06   401   ----a-w-   C:\Users\Tim\AppData\Roaming\sp_data.sys
2013-06-27 23:47:37   189936   ----a-w-   C:\Windows\System32\drivers\aswVmm.sys
2013-06-27 23:47:37   1030952   ----a-w-   C:\Windows\System32\drivers\aswSnx.sys
2013-06-04 22:09:22   78200   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-04 22:09:22   693112   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-15 22:37:03   44032   ----a-w-   C:\Windows\SysWow64\UXInit.dll
2013-05-15 22:35:49   53760   ----a-w-   C:\Windows\System32\UXInit.dll
2013-05-14 13:14:01   2706432   ----a-w-   C:\Windows\System32\mshtml.tlb
2013-05-14 09:23:31   2706432   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2013-05-09 08:59:07   72016   ----a-w-   C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07   65336   ----a-w-   C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:06   80816   ----a-w-   C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37   41664   ----a-w-   C:\Windows\avastSS.scr
2013-05-04 07:58:17   120736   ----a-w-   C:\Windows\System32\AuthHost.exe
2013-05-04 07:34:17   446720   ----a-w-   C:\Windows\System32\drivers\USBHUB3.SYS
2013-05-04 07:34:17   213248   ----a-w-   C:\Windows\System32\drivers\UCX01000.SYS
2013-05-04 07:34:15   284416   ----a-w-   C:\Windows\System32\drivers\spaceport.sys
2013-05-04 06:59:56   39424   ----a-w-   C:\Windows\System32\wuapp.exe
2013-05-04 06:59:51   1483776   ----a-w-   C:\Windows\System32\VSSVC.exe
2013-05-04 06:59:36   812544   ----a-w-   C:\Windows\System32\Magnify.exe
2013-05-04 06:59:25   98304   ----a-w-   C:\Windows\System32\wudriver.dll
2013-05-04 06:59:25   251904   ----a-w-   C:\Windows\System32\WUSettingsProvider.dll
2013-05-04 06:59:25   141824   ----a-w-   C:\Windows\System32\wuwebv.dll
2013-05-04 06:59:24   1619968   ----a-w-   C:\Windows\System32\wucltux.dll
2013-05-04 06:59:08   13644288   ----a-w-   C:\Windows\System32\Windows.UI.Xaml.dll
2013-05-04 06:58:54   328192   ----a-w-   C:\Windows\System32\ubpm.dll
2013-05-04 06:58:54   10116096   ----a-w-   C:\Windows\System32\twinui.dll
2013-05-04 06:58:49   173568   ----a-w-   C:\Windows\System32\storewuauth.dll
2013-05-04 06:58:49   1332736   ----a-w-   C:\Windows\System32\sysmain.dll
2013-05-04 06:58:48   330240   ----a-w-   C:\Windows\System32\stobject.dll
2013-05-04 06:58:28   93696   ----a-w-   C:\Windows\System32\psmsrv.dll
2013-05-04 06:58:02   470528   ----a-w-   C:\Windows\System32\netprofmsvc.dll
2013-05-04 06:58:02   151552   ----a-w-   C:\Windows\System32\netprofm.dll
2013-05-04 06:58:01   169984   ----a-w-   C:\Windows\System32\netplwiz.dll
2013-05-04 06:57:59   17408   ----a-w-   C:\Windows\System32\muifontsetup.dll
2013-05-04 06:57:46   560640   ----a-w-   C:\Windows\System32\mfmp4srcsnk.dll
2013-05-04 06:57:15   501760   ----a-w-   C:\Windows\System32\DevicePairing.dll
2013-05-04 06:57:05   179712   ----a-w-   C:\Windows\System32\bisrv.dll
2013-05-04 06:57:05   122368   ----a-w-   C:\Windows\System32\biwinrt.dll
2013-05-04 06:57:04   389120   ----a-w-   C:\Windows\System32\BCP47Langs.dll
2013-05-04 06:57:04   2305024   ----a-w-   C:\Windows\System32\authui.dll
2013-05-04 06:57:00   708096   ----a-w-   C:\Windows\System32\AppXDeploymentExtensions.dll
2013-05-04 06:57:00   1131520   ----a-w-   C:\Windows\System32\AppXDeploymentServer.dll
2013-05-04 06:56:53   419840   ----a-w-   C:\Windows\System32\intl.cpl
2013-05-04 04:58:34   34304   ----a-w-   C:\Windows\SysWow64\wuapp.exe
2013-05-04 04:58:14   758784   ----a-w-   C:\Windows\SysWow64\Magnify.exe
2013-05-04 04:58:02   83968   ----a-w-   C:\Windows\SysWow64\wudriver.dll
2013-05-04 04:58:02   125952   ----a-w-   C:\Windows\SysWow64\wuwebv.dll
2013-05-04 04:57:49   10788864   ----a-w-   C:\Windows\SysWow64\Windows.UI.Xaml.dll
2013-05-04 04:57:39   8857088   ----a-w-   C:\Windows\SysWow64\twinui.dll
2013-05-04 04:57:39   247296   ----a-w-   C:\Windows\SysWow64\ubpm.dll
2013-05-04 04:57:35   303616   ----a-w-   C:\Windows\SysWow64\stobject.dll
2013-05-04 04:57:16   18432   ----a-w-   C:\Windows\SysWow64\npmproxy.dll
2013-05-04 04:57:04   151040   ----a-w-   C:\Windows\SysWow64\netplwiz.dll
2013-05-04 04:57:04   115712   ----a-w-   C:\Windows\SysWow64\netprofm.dll
2013-05-04 04:57:02   14336   ----a-w-   C:\Windows\SysWow64\muifontsetup.dll
2013-05-04 04:56:48   411136   ----a-w-   C:\Windows\SysWow64\mfmp4srcsnk.dll
2013-05-04 04:56:14   449536   ----a-w-   C:\Windows\SysWow64\DevicePairing.dll
2013-05-04 04:56:06   92160   ----a-w-   C:\Windows\SysWow64\biwinrt.dll
2013-05-04 04:56:05   309760   ----a-w-   C:\Windows\SysWow64\BCP47Langs.dll
2013-05-04 04:56:05   2035712   ----a-w-   C:\Windows\SysWow64\authui.dll
2013-05-04 04:55:58   389632   ----a-w-   C:\Windows\SysWow64\intl.cpl
2013-05-04 04:51:38   14848   ----a-w-   C:\Windows\System32\rars.rs
2013-05-04 04:48:33   83968   ----a-w-   C:\Windows\System32\drivers\hidclass.sys
2013-05-04 04:48:26   27648   ----a-w-   C:\Windows\System32\drivers\hidusb.sys
2013-05-04 04:47:02   427520   ----a-w-   C:\Windows\System32\drivers\rdbss.sys
2013-05-04 04:10:47   14848   ----a-w-   C:\Windows\SysWow64\rars.rs
2013-04-28 22:30:55   1767936   ----a-w-   C:\Windows\SysWow64\wininet.dll
2013-04-28 22:30:12   2877440   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2013-04-28 22:28:33   2241024   ----a-w-   C:\Windows\System32\wininet.dll
2013-04-28 22:28:29   915968   ----a-w-   C:\Windows\System32\uxtheme.dll
2013-04-28 22:28:00   3958784   ----a-w-   C:\Windows\System32\jscript9.dll
2013-04-16 02:34:44   1455368   ----a-w-   C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-13 05:56:35   444416   ----a-w-   C:\Windows\apppatch\AcSpecfc.dll
2013-04-11 06:40:48   6987528   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2013-04-09 05:33:02   489576   ----a-w-   C:\Windows\System32\AudioEng.dll
2013-04-09 05:33:02   446792   ----a-w-   C:\Windows\System32\AudioSes.dll
2013-04-09 05:33:02   253544   ----a-w-   C:\Windows\System32\audiodg.exe
2013-04-09 05:20:02   86280   ----a-w-   C:\Windows\System32\kdnet.dll
2013-04-09 05:20:02   306952   ----a-w-   C:\Windows\System32\kd_02_10ec.dll
2013-04-09 05:18:05   77960   ----a-w-   C:\Windows\System32\kdvm.dll
2013-04-09 05:17:57   1829408   ----a-w-   C:\Windows\System32\ntdll.dll
2013-04-09 04:52:07   816128   ----a-w-   C:\Windows\System32\SearchIndexer.exe
2013-04-09 04:52:07   373760   ----a-w-   C:\Windows\System32\SearchProtocolHost.exe
2013-04-09 04:52:07   197120   ----a-w-   C:\Windows\System32\SearchFilterHost.exe
2013-04-09 04:52:07   126464   ----a-w-   C:\Windows\System32\Robocopy.exe
2013-04-09 04:52:06   804352   ----a-w-   C:\Windows\System32\RecoveryDrive.exe
2013-04-09 04:51:51   367616   ----a-w-   C:\Windows\System32\conhost.exe
2013-04-09 04:51:45   523264   ----a-w-   C:\Windows\System32\XpsGdiConverter.dll
2013-04-09 04:51:41   99840   ----a-w-   C:\Windows\System32\wscsvc.dll
2013-04-09 04:51:41   456704   ----a-w-   C:\Windows\System32\wpncore.dll
2013-04-09 04:51:17   595456   ----a-w-   C:\Windows\System32\Windows.Networking.dll
2013-04-09 04:51:17   391168   ----a-w-   C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51:03   3552768   ----a-w-   C:\Windows\System32\tquery.dll
2013-04-09 04:50:53   414720   ----a-w-   C:\Windows\System32\GenuineCenter.dll
2013-04-09 04:50:39   422400   ----a-w-   C:\Windows\System32\schannel.dll
2013-04-09 04:50:39   1285632   ----a-w-   C:\Windows\System32\schedsvc.dll
2013-04-09 04:50:03   96256   ----a-w-   C:\Windows\System32\mssprxy.dll
2013-04-09 04:50:03   745984   ----a-w-   C:\Windows\System32\mssvp.dll
2013-04-09 04:50:03   2107904   ----a-w-   C:\Windows\System32\mssrch.dll
.
============= FINISH: 11:43:15.15 ===============

TJP · July 7, 2013

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 03-06-13 12:26:26 PM
System Uptime: 06-07-13 12:48:30 PM (23 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | S400CA
Processor: Intel® Core i5-3317U CPU @ 1.70GHz | SOCKET 0 | 1701/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 186 GiB total, 143.205 GiB free.
D: is FIXED (NTFS) - 258 GiB total, 149.882 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP4: 17-06-13 8:15:18 AM - Windows Update
RP5: 24-06-13 9:19:23 AM - Scheduled Checkpoint
RP6: 28-06-13 11:19:52 AM - Windows Update
RP7: 05-07-13 6:20:20 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7) MUI
Alcor Micro USB Card Reader
ASUS Instant Connect
ASUS InstantOn
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Smart Gesture
ASUS Splendid Video Enhancement Technology
ASUS Tutor
ASUS USB Charger Plus
ASUS VivoBook
ASUS WebStorage Sync Agent
AsusVibe2.0
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATK Package
avast! Free Antivirus
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
doPDF 7.3 printer
ExpressCache
Google Chrome
Google Drive
Google Update Helper
Intel® Dynamic Platform and Thermal Framework
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Start Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 22.0 (x86 en-GB)
Mozilla Maintenance Service
Online Plug-in
Platform
PrimoPDF -- brought to you by Nitro PDF Software
Qualcomm Atheros Client Installation Program
Self-service Plug-in
Shared C Run-time for x64
Spybot - Search & Destroy
Stardock Start8
VIA Platform Device Manager
Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)
WinFlash
.
==== Event Viewer Messages From Past Week ========
.
06-07-13 12:48:33 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
.
==== End Of File ===========================

TJP · July 7, 2013

RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Tim [Admin rights]
Mode : Scan -- Date : 07/07/2013 11:59:29
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

MrCharlie · July 7, 2013

Download Malwarebytes Anti-Rootkit from HERE

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

AdvancedSetup · July 10, 2013

Are you still with us?

TJP · July 10, 2013

Yep still here, just havent been able to get back to it for the last couple of days sorry.

--------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16599

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 4175003648, free: 1719046144

Downloaded database version: v2013.07.08.04
Initializing...
------------ Kernel report ------------
     07/08/2013 23:19:56
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\excsd.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\excfs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\DptfDevProc.sys
\SystemRoot\system32\DRIVERS\AiCharger.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C63x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\AsusTP.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbfiltr.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\DptfDevFan.sys
\SystemRoot\system32\DRIVERS\DptfDevGen.sys
\SystemRoot\system32\DRIVERS\DptfDevPch.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\system32\DRIVERS\DptfDevDram.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\AsHIDSwitch64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\DptfManager.sys
\SystemRoot\System32\drivers\irstrtdv.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\umpass.sys
\SystemRoot\System32\drivers\WSDPrint.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8006793060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000042\
Lower Device Object: 0xfffffa80043eb060
Lower Device Driver Name: \Driver\iaStorA\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006795060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000041\
Lower Device Object: 0xfffffa80043ec7f0
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Device number: 0, partition: 4
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006795060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006795b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006794060, DeviceName: \Device\excsd0\, DriverName: \Driver\excsd\
DevicePointer: 0xfffffa8006795060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80044c2550, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80043ec7f0, DeviceName: \Device\00000041\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\excsd0\, DriverName: \Driver\excsd\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 4
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 4
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "c:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\Windows\system32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: CDFAD22C

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1 Numsec = 976773167

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 950861300
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34 LastUsableLba 976773134
    GPT Header Guid a6e9090d-b5ab-412a-8568-2eee8fa3fa8
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 950861300
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34 LastUsableLba 976773134
    Backup GPT header Guid a6e9090d-b5ab-412a-8568-2eee8fa3fa8
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128

    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 272b1762-6388-4215-a727-17f846f78473
    FirstLBA 2048 Last LBA 616447
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 0 is bootable
    Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID f8cf9fde-3933-44d4-a767-60219ef24fae
    FirstLBA 616448 Last LBA 1845247
    Attributes 1
    Partition Name                 Basic data partition

    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 2f6e83b7-8a24-49eb-91ce-b79681b556ad
    FirstLBA 1845248 Last LBA 2107391
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 3391d0dd-52c-4a3b-a442-302fdd33563
    FirstLBA 2107392 Last LBA 392816639
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID b9c9a4f1-fe1a-4c81-9561-ff56562c8df
    FirstLBA 392816640 Last LBA 934809599
    Attributes 0
    Partition Name                 Basic data partition

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 2ef8acd1-833c-4056-ae4d-6b151fb7f7ee
    FirstLBA 934809600 Last LBA 976773119
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8006793060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006793b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006792060, DeviceName: \Device\excsd1\, DriverName: \Driver\excsd\
DevicePointer: 0xfffffa8006793060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80043eb8e0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80043eb060, DeviceName: \Device\00000042\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\excsd1\, DriverName: \Driver\excsd\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 9E7836A

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1 Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3795450573
    GPT Header CurrentLba = 1 BackupLba 46905263
    GPT Header FirstUsableLba 34 LastUsableLba 46905230
    GPT Header Guid 6c3eb661-eabd-4217-9fd6-40845fbcfecb
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3795450573
    Backup GPT header CurrentLba = 46905263 BackupLba 1
    Backup GPT header FirstUsableLba 34 LastUsableLba 46905230
    Backup GPT header Guid 6c3eb661-eabd-4217-9fd6-40845fbcfecb
    Backup GPT header Contains 128 partition entries starting at LBA 46905231
    Backup GPT header Partition entry size = 128

    Partition 0 Type b8cb5058-c187-4719-baf0-379ca2d4c97e
    Partition ID 4613ee39-4727-4347-8134-173f59f716f
    FirstLBA 8392704 Last LBA 46903295
    Attributes 0
    Partition Name                                  HFS

    Partition 1 Type d3bfe2de-3daf-11df-ba40-e3a556d89593
    Partition ID 70b27636-53a2-4f71-bca-5387ed757b65
    FirstLBA 2048 Last LBA 8390655
    Attributes 1
    Partition Name                 EFI system partition

Disk Size: 24015495168 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.08.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16599
Tim :: ASUS-ULTRABOOK [administrator]

08-07-13 11:20:00 PM
mbar-log-2013-07-08 (23-20-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 223278
Time elapsed: 12 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

MrCharlie · July 10, 2013

OK...Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

MrCharlie · July 15, 2013

How are we doing??

Do you still need help or can I close this post??

MrC

TJP · July 16, 2013

ComboFix 13-07-15.01 - Tim 16-07-13   9:56.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3982.1015 [GMT 10:00]
Running from: c:\users\Tim\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SetStretch.exe
c:\users\Tim\AppData\Local\Temp\_MEI52642\_ctypes.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\_elementtree.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\_hashlib.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\_multiprocessing.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\_socket.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\_ssl.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\pyexpat.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\pysqlite2._sqlite.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\python27.dll
c:\users\Tim\AppData\Local\Temp\_MEI52642\pythoncom27.dll
c:\users\Tim\AppData\Local\Temp\_MEI52642\PyWinTypes27.dll
c:\users\Tim\AppData\Local\Temp\_MEI52642\select.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\unicodedata.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\win32api.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\win32com.shell.shell.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\win32crypt.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\win32event.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\win32file.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\win32inet.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\win32pdh.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\win32process.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\win32profile.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\win32security.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\win32ts.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\windows._cacheinvalidation.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\wx._controls_.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\wx._core_.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\wx._gdi_.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\wx._html2.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\wx._misc_.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\wx._windows_.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\wx._wizard.pyd
c:\users\Tim\AppData\Local\Temp\_MEI52642\wxbase294u_net_vc90.dll
c:\users\Tim\AppData\Local\Temp\_MEI52642\wxbase294u_vc90.dll
c:\users\Tim\AppData\Local\Temp\_MEI52642\wxmsw294u_adv_vc90.dll
c:\users\Tim\AppData\Local\Temp\_MEI52642\wxmsw294u_core_vc90.dll
c:\users\Tim\AppData\Local\Temp\_MEI52642\wxmsw294u_html_vc90.dll
c:\users\Tim\AppData\Local\Temp\_MEI52642\wxmsw294u_webview_vc90.dll
c:\windows\msvcr71.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-16 to 2013-07-16 )))))))))))))))))))))))))))))))
.
.
2013-07-16 00:01 . 2013-07-16 00:05   --------   d-----w-   c:\users\Tim\AppData\Local\temp
2013-07-16 00:01 . 2013-07-16 00:01   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-07-15 22:55 . 2013-07-15 22:55   --------   d-----w-   c:\program files (x86)\Common Files\Adobe
2013-07-10 09:46 . 2013-04-10 22:35   2035200   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-07-10 09:46 . 2013-04-10 22:35   1272320   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 09:46 . 2013-04-10 22:35   1617920   ----a-w-   c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 09:46 . 2013-04-10 22:35   1318912   ----a-w-   c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 09:46 . 2013-04-10 22:35   1306112   ----a-w-   c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 09:46 . 2013-04-11 04:12   1413632   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-07-10 09:46 . 2013-04-11 04:12   1029632   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-07-10 09:44 . 2013-05-04 06:59   2842112   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-07-10 09:44 . 2013-05-04 04:57   2620928   ----a-w-   c:\windows\SysWow64\WMVDECOD.DLL
2013-07-08 13:19 . 2013-07-08 21:23   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-05 03:21 . 2013-07-05 03:21   237744   ----a-w-   c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10209.bin
2013-06-29 14:46 . 2013-07-05 02:37   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2013-06-29 14:46 . 2013-06-29 14:46   --------   d-----w-   c:\program files (x86)\Spybot - Search & Destroy
2013-06-27 23:26 . 2013-05-15 22:35   144384   ----a-w-   c:\windows\system32\tssdisai.dll
2013-06-27 05:03 . 2013-06-27 05:03   --------   d-----w-   c:\programdata\Stardock
2013-06-27 05:02 . 2013-06-27 05:02   --------   d-----w-   c:\program files (x86)\Stardock
2013-06-26 14:14 . 2013-06-26 14:14   --------   d-----w-   c:\users\Tim\AppData\Roaming\Malwarebytes
2013-06-26 14:14 . 2013-06-26 14:14   --------   d-----w-   c:\programdata\Malwarebytes
2013-06-26 14:14 . 2013-06-26 14:14   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-26 14:14 . 2013-04-04 04:50   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-06-26 14:13 . 2013-06-26 14:13   --------   d-----w-   c:\users\Tim\AppData\Local\Programs
2013-06-22 03:01 . 2013-06-23 03:37   --------   d-----w-   c:\users\Tim\AppData\Local\Diagnostics
2013-06-20 03:00 . 2013-07-15 23:31   --------   d-s---w-   c:\users\Tim\Google Drive
2013-06-16 22:01 . 2013-05-30 23:24   1257472   ----a-w-   c:\windows\system32\kernel32.dll
2013-06-16 20:17 . 2013-05-23 23:01   1300992   ----a-w-   c:\windows\system32\gdi32.dll
2013-06-16 20:17 . 2013-05-23 22:27   1022464   ----a-w-   c:\windows\SysWow64\gdi32.dll
2013-06-16 18:47 . 2013-05-15 02:25   888320   ----a-w-   c:\windows\system32\autochk.exe
2013-06-16 18:47 . 2013-05-15 02:25   542208   ----a-w-   c:\windows\system32\untfs.dll
2013-06-16 18:47 . 2013-05-15 02:24   793088   ----a-w-   c:\windows\SysWow64\autochk.exe
2013-06-16 18:47 . 2013-05-15 02:24   482816   ----a-w-   c:\windows\SysWow64\untfs.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-12 08:41 . 2013-06-03 02:28   401   ----a-w-   c:\users\Tim\AppData\Roaming\sp_data.sys
2013-07-10 10:09 . 2013-06-03 17:00   78185248   ----a-w-   c:\windows\system32\MRT.exe
2013-07-05 15:00 . 2013-06-03 23:00   50784   ----a-w-   c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-05 15:00 . 2013-06-03 23:00   17536   ----a-w-   c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-06-27 23:47 . 2013-06-03 03:36   378944   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2013-06-27 23:47 . 2013-06-03 03:36   189936   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
2013-06-27 23:47 . 2013-06-03 03:36   1030952   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2013-06-27 22:04 . 2012-07-26 08:14   78200   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04 . 2012-07-26 08:14   693112   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 22:51 . 2013-06-11 22:51   9089416   ----a-w-   c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-03 02:26 . 2012-07-26 08:13   22240   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-15 22:37 . 2013-06-12 12:48   44032   ----a-w-   c:\windows\SysWow64\UXInit.dll
2013-05-15 22:35 . 2013-06-12 12:48   53760   ----a-w-   c:\windows\system32\UXInit.dll
2013-05-14 13:14 . 2013-06-12 12:48   2706432   ----a-w-   c:\windows\system32\mshtml.tlb
2013-05-14 09:23 . 2013-06-12 12:48   2706432   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2013-05-09 08:59 . 2013-06-03 03:36   72016   ----a-w-   c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2013-06-03 03:36   64288   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-06-03 03:36   65336   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-06-03 03:36   33400   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2013-06-03 03:36   80816   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2013-06-03 03:35   41664   ----a-w-   c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-06-03 03:36   287840   ----a-w-   c:\windows\system32\aswBoot.exe
2013-05-04 07:45 . 2013-06-12 17:43   2233600   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-04-28 22:28 . 2013-06-12 12:48   915968   ----a-w-   c:\windows\system32\uxtheme.dll
2013-04-27 05:20 . 2013-06-12 16:23   733184   ----a-w-   c:\windows\system32\win32spl.dll
2013-04-23 23:13 . 2013-06-12 17:04   1013248   ----a-w-   c:\windows\SysWow64\certutil.exe
2013-04-23 23:12 . 2013-06-12 17:04   1569792   ----a-w-   c:\windows\SysWow64\crypt32.dll
2013-04-23 23:12 . 2013-06-12 17:04   109056   ----a-w-   c:\windows\SysWow64\cryptnet.dll
2013-04-23 22:56 . 2013-06-12 17:04   1255936   ----a-w-   c:\windows\system32\certutil.exe
2013-04-23 22:55 . 2013-06-12 17:04   1889280   ----a-w-   c:\windows\system32\crypt32.dll
2013-04-23 22:55 . 2013-06-12 17:04   141312   ----a-w-   c:\windows\system32\cryptnet.dll
2013-04-23 22:55 . 2013-06-12 17:04   68096   ----a-w-   c:\windows\system32\cryptsvc.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-06 19676256]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe" [2012-08-28 3417984]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-12-14 383544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-11-27 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 DptfPolicyLpmService;Intel® Dynamic Platform & Thermal Framework Low Power Mode Service Application;c:\windows\system32\DptfPolicyLpmService.exe;c:\windows\SYSNATIVE\DptfPolicyLpmService.exe [x]
R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys;c:\windows\SYSNATIVE\DRIVERS\excfs.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DptfParticipantProcessorService;Intel® Dynamic Platform & Thermal Framework Processor Participant Service Application;c:\windows\system32\DptfParticipantProcessorService.exe;c:\windows\SYSNATIVE\DptfParticipantProcessorService.exe [x]
S2 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 irstrtsv;Intel® Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Start8;Stardock Start8;c:\program files (x86)\Stardock\Start8\Start8Srv.exe;c:\program files (x86)\Stardock\Start8\Start8Srv.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 DptfDevDram;DptfDevDram;c:\windows\system32\DRIVERS\DptfDevDram.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevDram.sys [x]
S3 DptfDevFan;DptfDevFan;c:\windows\system32\DRIVERS\DptfDevFan.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevFan.sys [x]
S3 DptfDevGen;DptfDevGen;c:\windows\system32\DRIVERS\DptfDevGen.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevGen.sys [x]
S3 DptfDevPch;DptfDevPch;c:\windows\system32\DRIVERS\DptfDevPch.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevPch.sys [x]
S3 DptfDevProc;DptfDevProc;c:\windows\system32\DRIVERS\DptfDevProc.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevProc.sys [x]
S3 DptfManager;DptfManager;c:\windows\system32\DRIVERS\DptfManager.sys;c:\windows\SYSNATIVE\DRIVERS\DptfManager.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 irstrtdv;Intel® Rapid Start Technology Driver;c:\windows\System32\drivers\irstrtdv.sys;c:\windows\SYSNATIVE\drivers\irstrtdv.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 00:56   1173456   ----a-w-   c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-05-11 10:37   215264   ----a-w-   c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-03 08:44]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-03 03:36]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-03 03:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58   133840   ----a-w-   c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-13 09:23   1500672   ----a-w-   c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-13 09:23   1500672   ----a-w-   c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-13 09:23   1500672   ----a-w-   c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-06 13:57   778192   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 13:57   778192   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-06 13:57   778192   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-06 13:57   778192   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-06 13:57   778192   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-31 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-31 398656]
"DptfPolicyLpmServiceHelper"="c:\windows\system32\DptfPolicyLpmServiceHelper.exe" [2012-07-30 21888]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-09-24 5292664]
"VIAAUD"="c:\program files (x86)\VIA\VIAudioi\VDeck\viaaud.exe" [2012-09-24 2538616]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-08-25 107192]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l3nzizsn.default-1372162192811\
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - ExtSQL: 2013-06-03 13:35; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-07-10 10:54; en-AU@dictionaries.addons.mozilla.org; c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l3nzizsn.default-1372162192811\extensions\en-AU@dictionaries.addons.mozilla.org
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Wow6432Node-HKLM-Run-CitrixReceiver - c:\programdata\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk
BHO-{BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - c:\program files\BreakingNews\x64\ScriptHost.dll
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\windows\SysWOW64\ACEngSvr.exe
c:\program files (x86)\Citrix\Receiver\Receiver.exe
c:\program files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
.
**************************************************************************
.
Completion time: 2013-07-16 10:09:24 - machine was rebooted
ComboFix-quarantined-files.txt 2013-07-16 00:09
.
Pre-Run: 149,201,248,256 bytes free
Post-Run: 149,298,106,368 bytes free
.
- - End Of File - - 9BA8F7BFCA334C266D78CE4B36D8B5B1
D41D8CD98F00B204E9800998ECF8427E

MrCharlie · July 16, 2013

OK.....Next:

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.
AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)
It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
Now click on the Search tab.
Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.
You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:
/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

TJP · July 16, 2013

# AdwCleaner v2.305 - Logfile created 07/16/2013 at 11:52:50
# Updated 11/07/2013 by Xplode
# Operating system : Windows 8 (64 bits)
# User : Tim - ASUS-ULTRABOOK
# Boot Mode : Normal
# Running from : C:\Users\Tim\Downloads\adwcleaner.exe
# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Found : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-GB)

File : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l3nzizsn.default-1372162192811\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

MrCharlie · July 16, 2013

Some adware found....lets clear it out.....

Please re-run AdwCleaner
Click on Delete button.
Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

MrC

TJP · July 16, 2013

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.1 (07.15.2013:2)
OS: Windows 8 x64
Ran by Tim on 16-07-13 at 14:27:40.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

TJP · July 16, 2013

# AdwCleaner v2.305 - Logfile created 07/16/2013 at 14:16:56
# Updated 11/07/2013 by Xplode
# Operating system : Windows 8 (64 bits)
# User : Tim - ASUS-ULTRABOOK
# Boot Mode : Normal
# Running from : C:\Users\Tim\Downloads\adwcleaner.exe
# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-GB)

File : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l3nzizsn.default-1372162192811\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1905 octets] - [16/07/2013 11:52:50]
AdwCleaner[R2].txt - [1965 octets] - [16/07/2013 14:15:59]
AdwCleaner[s1].txt - [1930 octets] - [16/07/2013 14:16:56]

########## EOF - C:\AdwCleaner[s1].txt - [1990 octets] ##########

MrCharlie · July 16, 2013

Looks Good.....

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

MrCharlie · July 18, 2013

How are we doing?? MrC

Maurice Naggar · July 20, 2013

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Malwarebytes "has successfully blocked access to a potentially malicious website"

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information