NSCodeRed Posted November 11, 2013 ID:752155 Share Posted November 11, 2013 I've been fighting with this thing the past few days and I know that if I don't do something soon it is probably going to get worse but I don't feel like taking my laptop somewhere unless I have to so any help I can get on here would be awesome! Anyway, I have an Asus G74 that has been clean just until a few days ago when Microsoft Security Essentials picked up Virus:Win64/Alureon.gen!A. It's recommendation was of course to use their windows defender offline but I can't get my laptop to boot from any of the multiple usb's or the cd I made, and I have doubts as to whether it would work or not either. I'm sure it would help if I zipped some log files on here but I don't really have any idea what or from where lol (I'm hardware savvy but not when it comes to software or the inner workings of windows. So I guess I need some help with even the first steps... Link to post Share on other sites More sharing options...
Psychotic Posted November 11, 2013 ID:752184 Share Posted November 11, 2013 Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. Scan with DDSDownload DDS and save it to your desktop from here or here orhere.Disable any script blocker, and then double click dds.scr to run the tool.When done, DDS will open two (2) logsDDS.txt: save to your desktop then post its contents in your topicAttach.txt: save to your desktop then attach it to your next reply Scan with Gmer rootkit scannerPlease download Gmer from here by clicking on the "Download EXE" Button.Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. In the right panel, you will see several boxes that have been checked. Uncheck the following ...Sections IAT/EAT Show All ( should be unchecked by default )[*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Link to post Share on other sites More sharing options...
NSCodeRed Posted November 11, 2013 Author ID:752282 Share Posted November 11, 2013 Thank you very much, I will do everything exactly as instructed. Link to post Share on other sites More sharing options...
NSCodeRed Posted November 11, 2013 Author ID:752287 Share Posted November 11, 2013 I can't seem to figure out how to post the DDS.txt to my topic but here is the text from Gmer with the attach.txt from DDS attached. GMER 2.1.19163 - http://www.gmer.netRootkit scan 2013-11-11 10:04:18Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698.64GBRunning: 7qlg5su8.exe; Driver: C:\Users\Nick\AppData\Local\Temp\pxldqpoc.sys ---- Devices - GMER 2.1 ----Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 fffffa800c7315e8 ---- Trace I/O - GMER 2.1 ----Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800c7315e8]<< fffffa800c7315e8Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a811790] fffffa800a811790Trace 3 CLASSPNP.SYS[fffff88001b9943f] -> nt!IofCallDriver -> [0xfffffa800a23a520] fffffa800a23a520Trace 5 ACPI.sys[fffff88000f127a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800a239050] fffffa800a239050Trace \Driver\iaStor[0xfffffa800a728b40] -> IRP_MJ_CREATE -> 0xfffffa800c7315e8 fffffa800c7315e8 ---- Threads - GMER 2.1 ----Thread C:\Windows\SysWOW64\regsvr32.exe [7004:6388] 000000006e3d2f10Thread C:\Windows\SysWOW64\regsvr32.exe [7004:7132] 000000006e3d2f10Thread C:\Windows\SysWOW64\regsvr32.exe [7004:2428] 000000006e3d2f10Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [10160:10196] 0000000003ac2f10Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [10160:10152] 0000000003ac2f10Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [608:4956] 00000000034a2f10Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [608:5852] 00000000034a2f10Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [608:8288] 00000000034a2f10Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [608:9916] 00000000034a2f10Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [608:9016] 00000000034a2f10 ---- Registry - GMER 2.1 ----Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\485d6021838a Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68846d15 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68846d15@fca13e3af15d 0x25 0x2F 0x5C 0x8F ...Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68846d15@fca13e9e093f 0x9D 0x4E 0x37 0x29 ...Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68846d15@c819f70d1d17 0x80 0xC7 0xF4 0x09 ...Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68846d15@7c8ee4a06798 0x8C 0x3C 0x31 0xD5 ...Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\485d6021838a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68846d15 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68846d15@fca13e3af15d 0x25 0x2F 0x5C 0x8F ...Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68846d15@fca13e9e093f 0x9D 0x4E 0x37 0x29 ...Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68846d15@c819f70d1d17 0x80 0xC7 0xF4 0x09 ...Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68846d15@7c8ee4a06798 0x8C 0x3C 0x31 0xD5 ...---- EOF - GMER 2.1 ----attach.txt Link to post Share on other sites More sharing options...
Psychotic Posted November 11, 2013 ID:752288 Share Posted November 11, 2013 CombofixCombofix should only be run when adviced by a team member!LinkImportant - Save the file to your desktop! Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work. Run Combofix.exeWhen finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this. Link to post Share on other sites More sharing options...
NSCodeRed Posted November 11, 2013 Author ID:752294 Share Posted November 11, 2013 ComboFix 13-11-10.02 - Nick 11/11/2013 10:35:48.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12265.9197 [GMT -5:00] Running from: c:\users\Nick\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\AsPatch10430001.exe . . ((((((((((((((((((((((((( Files Created from 2013-10-11 to 2013-11-11 ))))))))))))))))))))))))))))))) . . 2013-11-11 15:42 . 2013-11-11 15:42 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-11-11 15:42 . 2013-11-11 15:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-11-11 15:42 . 2013-11-11 15:42 -------- d-----w- c:\users\Nick\AppData\Local\temp 2013-11-11 15:42 . 2013-11-11 15:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-11 14:25 . 2013-11-11 14:25 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1AD25AF-4FF7-4C76-9EFB-3A079E0242F4}\offreg.dll 2013-11-11 14:25 . 2013-11-11 14:25 46768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1AD25AF-4FF7-4C76-9EFB-3A079E0242F4}\MpKsl36b90f39.sys 2013-11-11 04:58 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1AD25AF-4FF7-4C76-9EFB-3A079E0242F4}\mpengine.dll 2013-11-10 00:34 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-11-08 16:53 . 2013-11-08 17:06 -------- d-----w- c:\users\Nick\AppData\Local\Bgtion 2013-11-07 02:36 . 2013-10-18 06:58 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{69F15E0A-4EC0-4FB0-8EF6-C33DB3315AFD}\gapaengine.dll 2013-10-31 11:05 . 2013-10-31 11:05 -------- d-----w- c:\users\Nick\AppData\Roaming\Guild Wars 2 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-11 14:28 . 2012-03-29 06:45 376 ----a-w- c:\users\Nick\AppData\Roaming\sp_data.sys 2013-10-18 06:58 . 2012-06-13 15:45 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-10-15 15:48 . 2012-03-29 05:01 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-10-15 15:48 . 2012-02-17 21:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-04 19:09 . 2011-08-24 03:54 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe 2013-09-26 06:46 . 2012-02-18 06:47 80541720 ----a-w- c:\windows\system32\MRT.exe 2013-09-22 23:28 . 2013-10-10 00:07 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-09-22 23:27 . 2013-10-10 00:07 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-09-22 23:27 . 2013-10-10 00:07 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-09-22 23:27 . 2013-10-10 00:07 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-09-22 22:55 . 2013-10-10 00:07 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-09-22 22:55 . 2013-10-10 00:07 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-09-22 22:55 . 2013-10-10 00:07 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-09-22 22:54 . 2013-10-10 00:07 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-09-22 22:54 . 2013-10-10 00:07 19252224 ----a-w- c:\windows\system32\mshtml.dll 2013-09-22 22:54 . 2013-10-10 00:07 855552 ----a-w- c:\windows\system32\jscript.dll 2013-09-22 22:54 . 2013-10-10 00:07 3959296 ----a-w- c:\windows\system32\jscript9.dll 2013-09-22 22:54 . 2013-10-10 00:07 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-09-22 22:54 . 2013-10-10 00:07 526336 ----a-w- c:\windows\system32\ieui.dll 2013-09-22 22:54 . 2013-10-10 00:07 67072 ----a-w- c:\windows\system32\iesetup.dll 2013-09-22 22:54 . 2013-10-10 00:07 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-09-22 22:54 . 2013-10-10 00:07 2647552 ----a-w- c:\windows\system32\iertutil.dll 2013-09-22 22:54 . 2013-10-10 00:07 136704 ----a-w- c:\windows\system32\iesysprep.dll 2013-09-22 22:54 . 2013-10-10 00:07 15404544 ----a-w- c:\windows\system32\ieframe.dll 2013-09-21 03:38 . 2013-10-10 00:07 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-09-21 03:30 . 2013-10-10 00:07 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-09-21 02:48 . 2013-10-10 00:07 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-09-21 02:39 . 2013-10-10 00:07 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-09-14 01:10 . 2013-10-09 23:20 497152 ----a-w- c:\windows\system32\drivers\afd.sys 2013-09-08 02:30 . 2013-10-09 23:20 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-09-08 02:27 . 2013-10-09 23:20 327168 ----a-w- c:\windows\system32\mswsock.dll 2013-09-08 02:03 . 2013-10-09 23:20 231424 ----a-w- c:\windows\SysWow64\mswsock.dll 2013-09-04 12:12 . 2013-10-11 05:14 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-09-04 12:11 . 2013-10-11 05:14 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-09-04 12:11 . 2013-10-11 05:14 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-09-04 12:11 . 2013-10-11 05:14 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-09-04 12:11 . 2013-10-11 05:14 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-09-04 12:11 . 2013-10-11 05:14 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-09-04 12:11 . 2013-10-11 05:14 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-08-29 02:17 . 2013-10-09 23:20 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-29 02:16 . 2013-10-09 23:20 1732032 ----a-w- c:\windows\system32\ntdll.dll 2013-08-29 02:16 . 2013-10-09 23:20 243712 ----a-w- c:\windows\system32\wow64.dll 2013-08-29 02:16 . 2013-10-09 23:20 859648 ----a-w- c:\windows\system32\tdh.dll 2013-08-29 02:13 . 2013-10-09 23:20 878080 ----a-w- c:\windows\system32\advapi32.dll 2013-08-29 01:51 . 2013-10-09 23:20 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51 . 2013-10-09 23:20 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50 . 2013-10-09 23:20 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-08-29 01:50 . 2013-10-09 23:20 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll 2013-08-29 01:50 . 2013-10-09 23:20 619520 ----a-w- c:\windows\SysWow64\tdh.dll 2013-08-29 01:48 . 2013-10-09 23:20 640512 ----a-w- c:\windows\SysWow64\advapi32.dll 2013-08-29 01:48 . 2013-10-09 23:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-08-29 00:49 . 2013-10-09 23:20 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-08-29 00:49 . 2013-10-09 23:20 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-08-29 00:49 . 2013-10-09 23:20 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-08-29 00:49 . 2013-10-09 23:20 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-08-28 01:21 . 2013-10-09 23:20 3155968 ----a-w- c:\windows\system32\win32k.sys 2013-08-28 01:12 . 2013-10-09 23:20 461312 ----a-w- c:\windows\system32\scavengeui.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SearchProtection"="c:\users\Nick\AppData\Roaming\Search Protection\SearchProtection.EXE" [2013-09-03 832360] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE" [2013-01-24 297024] "Bgtion Update"="c:\users\Nick\AppData\Local\Bgtion\pkcs11-helper-1.dll" [2013-11-08 795136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992] "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032] "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-08-24 3058304] "THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-03-17 909312] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-04-08 45448] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-06 102568] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2012-07-19 48128] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2013-03-28 1058880] . c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288] . c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-1 548528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 elzurman;elzurman;c:\windows\system32\drivers\elzurman.sys;c:\windows\SYSNATIVE\drivers\elzurman.sys [x] R1 jrpkxolv;jrpkxolv;c:\windows\system32\drivers\jrpkxolv.sys;c:\windows\SYSNATIVE\drivers\jrpkxolv.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] R3 HawkesUpdater;Hawkes Unattended Updater;c:\program files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe;c:\program files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [x] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x] S1 MpKsl36b90f39;MpKsl36b90f39;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1AD25AF-4FF7-4C76-9EFB-3A079E0242F4}\MpKsl36b90f39.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1AD25AF-4FF7-4C76-9EFB-3A079E0242F4}\MpKsl36b90f39.sys [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x] S2 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [x] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x] S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe;c:\expressgateutil\VAWinService.exe [x] S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x] S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x] S3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;c:\windows\system32\DRIVERS\fspad_win764.sys;c:\windows\SYSNATIVE\DRIVERS\fspad_win764.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL36B90F39 *NewlyCreated* - PXLDQPOC *Deregistered* - pxldqpoc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-10-16 07:15 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-11-11 c:\windows\Tasks\EPSON XP-310 Series Invitation {000F3676-290B-4C0B-BEB2-A06E917FD94D}.job - c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-10-04 05:20] . 2013-11-11 c:\windows\Tasks\EPSON XP-310 Series Update {000F3676-290B-4C0B-BEB2-A06E917FD94D}.job - c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-10-04 05:20] . 2013-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-15 21:54] . 2013-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-15 21:54] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-fspuip - c:\program files (x86)\FSP\fspuip.exe HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1909249093-874876743-655935046-1000\Software\SecuROM\License information*] "datasecu"=hex:44,12,e0,d6,5a,52,4c,3c,1c,84,41,41,52,11,4d,df,3c,38,35,ca,1c, 72,90,d0,9c,13,63,04,68,f8,f1,df,7a,cb,98,03,08,64,27,52,96,6e,e6,65,cc,4c,\ "rkeysecu"=hex:ac,c1,19,fa,90,50,f6,03,d2,b5,8b,39,8c,ad,6d,6d . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-11-11 10:51:31 ComboFix-quarantined-files.txt 2013-11-11 15:51 . Pre-Run: 118,543,765,504 bytes free Post-Run: 120,662,986,752 bytes free . - - End Of File - - 0D420C39E08FE3FD4751DEEE62FD6B88 Link to post Share on other sites More sharing options...
Psychotic Posted November 12, 2013 ID:752589 Share Posted November 12, 2013 Combofix scripting1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Download the attached CFScript.txt and save it to the location where Combofix is.Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.CFScript.txt Link to post Share on other sites More sharing options...
NSCodeRed Posted November 12, 2013 Author ID:752641 Share Posted November 12, 2013 I am trying too but even though all virus/malware programs are turned off every attachment I try to download won't go though because windows says it has a virus and deletes it (part of the virus?). Will try to download it from another computer and use a usb... Link to post Share on other sites More sharing options...
NSCodeRed Posted November 12, 2013 Author ID:752656 Share Posted November 12, 2013 I got it to work, ComboFix said it had an update available but I ran it without updating. Partway though the process I got a notification saying "pev.3XE" has stopped working. After closing the window on that the process continued and then while it was preparing the logs my laptop restarted and presented me with an Asus application error to which I closed and continued to wait for the logs. ComboFix asked that I send a submission of my logs but I didn't, it did save the submission form. Here is what I got... ComboFix 13-11-10.02 - Nick 11/12/2013 10:00:17.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12265.10252 [GMT -5:00] Running from: c:\users\Nick\Desktop\ComboFix.exe Command switches used :: c:\users\Nick\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Nick\AppData\Roaming\Search Protection c:\users\Nick\AppData\Roaming\Search Protection\SearchProtection.exe c:\users\Nick\AppData\Roaming\Search Protection\Uninstall.exe c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_elzurman -------\Service_jrpkxolv . . ((((((((((((((((((((((((( Files Created from 2013-10-12 to 2013-11-12 ))))))))))))))))))))))))))))))) . . 2013-11-12 15:19 . 2013-11-12 15:19 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-11-12 15:19 . 2013-11-12 15:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-11-12 15:19 . 2013-11-12 15:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-11 19:08 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3C1FFEF-567D-4384-890A-2CA52D550EA0}\mpengine.dll 2013-11-11 15:51 . 2013-11-12 15:21 -------- d-----w- c:\users\Nick\AppData\Local\temp 2013-11-10 00:34 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-11-08 16:53 . 2013-11-08 17:06 -------- d-----w- c:\users\Nick\AppData\Local\Bgtion 2013-11-07 02:36 . 2013-10-18 06:58 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{69F15E0A-4EC0-4FB0-8EF6-C33DB3315AFD}\gapaengine.dll 2013-10-31 11:05 . 2013-10-31 11:05 -------- d-----w- c:\users\Nick\AppData\Roaming\Guild Wars 2 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-12 14:43 . 2012-03-29 06:45 376 ----a-w- c:\users\Nick\AppData\Roaming\sp_data.sys 2013-10-18 06:58 . 2012-06-13 15:45 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-10-15 15:48 . 2012-03-29 05:01 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-10-15 15:48 . 2012-02-17 21:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-04 19:09 . 2011-08-24 03:54 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe 2013-09-26 06:46 . 2012-02-18 06:47 80541720 ----a-w- c:\windows\system32\MRT.exe 2013-09-22 23:28 . 2013-10-10 00:07 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-09-22 23:27 . 2013-10-10 00:07 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-09-22 23:27 . 2013-10-10 00:07 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-09-22 23:27 . 2013-10-10 00:07 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-09-22 22:55 . 2013-10-10 00:07 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-09-22 22:55 . 2013-10-10 00:07 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-09-22 22:55 . 2013-10-10 00:07 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-09-22 22:54 . 2013-10-10 00:07 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-09-22 22:54 . 2013-10-10 00:07 19252224 ----a-w- c:\windows\system32\mshtml.dll 2013-09-22 22:54 . 2013-10-10 00:07 855552 ----a-w- c:\windows\system32\jscript.dll 2013-09-22 22:54 . 2013-10-10 00:07 3959296 ----a-w- c:\windows\system32\jscript9.dll 2013-09-22 22:54 . 2013-10-10 00:07 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-09-22 22:54 . 2013-10-10 00:07 526336 ----a-w- c:\windows\system32\ieui.dll 2013-09-22 22:54 . 2013-10-10 00:07 67072 ----a-w- c:\windows\system32\iesetup.dll 2013-09-22 22:54 . 2013-10-10 00:07 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-09-22 22:54 . 2013-10-10 00:07 2647552 ----a-w- c:\windows\system32\iertutil.dll 2013-09-22 22:54 . 2013-10-10 00:07 136704 ----a-w- c:\windows\system32\iesysprep.dll 2013-09-22 22:54 . 2013-10-10 00:07 15404544 ----a-w- c:\windows\system32\ieframe.dll 2013-09-21 03:38 . 2013-10-10 00:07 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-09-21 03:30 . 2013-10-10 00:07 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-09-21 02:48 . 2013-10-10 00:07 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-09-21 02:39 . 2013-10-10 00:07 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-09-14 01:10 . 2013-10-09 23:20 497152 ----a-w- c:\windows\system32\drivers\afd.sys 2013-09-08 02:30 . 2013-10-09 23:20 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-09-08 02:27 . 2013-10-09 23:20 327168 ----a-w- c:\windows\system32\mswsock.dll 2013-09-08 02:03 . 2013-10-09 23:20 231424 ----a-w- c:\windows\SysWow64\mswsock.dll 2013-09-04 12:12 . 2013-10-11 05:14 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-09-04 12:11 . 2013-10-11 05:14 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-09-04 12:11 . 2013-10-11 05:14 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-09-04 12:11 . 2013-10-11 05:14 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-09-04 12:11 . 2013-10-11 05:14 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-09-04 12:11 . 2013-10-11 05:14 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-09-04 12:11 . 2013-10-11 05:14 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-08-29 02:17 . 2013-10-09 23:20 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-29 02:16 . 2013-10-09 23:20 1732032 ----a-w- c:\windows\system32\ntdll.dll 2013-08-29 02:16 . 2013-10-09 23:20 243712 ----a-w- c:\windows\system32\wow64.dll 2013-08-29 02:16 . 2013-10-09 23:20 859648 ----a-w- c:\windows\system32\tdh.dll 2013-08-29 02:13 . 2013-10-09 23:20 878080 ----a-w- c:\windows\system32\advapi32.dll 2013-08-29 01:51 . 2013-10-09 23:20 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51 . 2013-10-09 23:20 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50 . 2013-10-09 23:20 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-08-29 01:50 . 2013-10-09 23:20 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll 2013-08-29 01:50 . 2013-10-09 23:20 619520 ----a-w- c:\windows\SysWow64\tdh.dll 2013-08-29 01:48 . 2013-10-09 23:20 640512 ----a-w- c:\windows\SysWow64\advapi32.dll 2013-08-29 01:48 . 2013-10-09 23:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-08-29 00:49 . 2013-10-09 23:20 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-08-29 00:49 . 2013-10-09 23:20 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-08-29 00:49 . 2013-10-09 23:20 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-08-29 00:49 . 2013-10-09 23:20 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-08-28 01:21 . 2013-10-09 23:20 3155968 ----a-w- c:\windows\system32\win32k.sys 2013-08-28 01:12 . 2013-10-09 23:20 461312 ----a-w- c:\windows\system32\scavengeui.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE" [2013-01-24 297024] "Bgtion Update"="c:\users\Nick\AppData\Local\Bgtion\pkcs11-helper-1.dll" [2013-11-08 795136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992] "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032] "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-08-24 3058304] "THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-03-17 909312] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-04-08 45448] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-06 102568] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2012-07-19 48128] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2013-03-28 1058880] . c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288] . c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-1 548528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 hgqiglzk;hgqiglzk;c:\windows\system32\drivers\hgqiglzk.sys;c:\windows\SYSNATIVE\drivers\hgqiglzk.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x] R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] R3 HawkesUpdater;Hawkes Unattended Updater;c:\program files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe;c:\program files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [x] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x] S2 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [x] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x] S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe;c:\expressgateutil\VAWinService.exe [x] S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x] S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x] S3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;c:\windows\system32\DRIVERS\fspad_win764.sys;c:\windows\SYSNATIVE\DRIVERS\fspad_win764.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-10-16 07:15 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-11-12 c:\windows\Tasks\EPSON XP-310 Series Invitation {000F3676-290B-4C0B-BEB2-A06E917FD94D}.job - c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-10-04 05:20] . 2013-11-12 c:\windows\Tasks\EPSON XP-310 Series Update {000F3676-290B-4C0B-BEB2-A06E917FD94D}.job - c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-10-04 05:20] . 2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-15 21:54] . 2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-15 21:54] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552] "fspuip"="c:\program files (x86)\FSP\fspuip.exe" [bU] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600] "Setwallpaper"="c:\programdata\SetWallpaper.cmd" [bU] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 LSP: mswsock.dll TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe AddRemove-Search Protection - c:\users\Nick\AppData\Roaming\Search Protection\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1909249093-874876743-655935046-1000\Software\SecuROM\License information*] "datasecu"=hex:44,12,e0,d6,5a,52,4c,3c,1c,84,41,41,52,11,4d,df,3c,38,35,ca,1c, 72,90,d0,9c,13,63,04,68,f8,f1,df,7a,cb,98,03,08,64,27,52,96,6e,e6,65,cc,4c,\ "rkeysecu"=hex:ac,c1,19,fa,90,50,f6,03,d2,b5,8b,39,8c,ad,6d,6d . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\syswow64\dllhost.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe c:\windows\SysWOW64\regsvr32.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2013-11-12 10:26:54 - machine was rebooted ComboFix-quarantined-files.txt 2013-11-12 15:26 ComboFix2.txt 2013-11-11 15:51 . Pre-Run: 118,799,007,744 bytes free Post-Run: 119,084,711,936 bytes free . - - End Of File - - CFE42F50934DEF8CE65ACE8DC04FD103 Link to post Share on other sites More sharing options...
Psychotic Posted November 13, 2013 ID:752938 Share Posted November 13, 2013 I told combofix to upload some files to me because I need to analyze them. Please upload the files now. Link to post Share on other sites More sharing options...
NSCodeRed Posted November 13, 2013 Author ID:752979 Share Posted November 13, 2013 I've tried to upload it a few times but it cannot connect to the host server. I will attach it here at least until you get back to me...CFScript_used_2013-11-13_07.04.41.txt Link to post Share on other sites More sharing options...
NSCodeRed Posted November 13, 2013 Author ID:752980 Share Posted November 13, 2013 I've tried to upload it a few times but it cannot connect to the host server. I will attach it here at least until you get back to me...Selected wrong file by mistake lol.156-Submit_2013-11-13_07.04.41.zip Link to post Share on other sites More sharing options...
Psychotic Posted November 13, 2013 ID:752982 Share Posted November 13, 2013 I cannot use this from here, so please upload the file here: http://www.bleepingcomputer.com/submit-malware.php?channel=156 Link to post Share on other sites More sharing options...
NSCodeRed Posted November 13, 2013 Author ID:753002 Share Posted November 13, 2013 Every time I try to submit I get an error # 524 from cloudflare saying the server is timing out. https://support.cloudflare.com/hc/en-us/articles/200171926-Error-524 Link to post Share on other sites More sharing options...
Psychotic Posted November 13, 2013 ID:753005 Share Posted November 13, 2013 What is cloudflare? What happens when you use the web site I´ve linked? Link to post Share on other sites More sharing options...
NSCodeRed Posted November 13, 2013 Author ID:753012 Share Posted November 13, 2013 From what I can see Cloudflare is who hosts the server to the website (bleepingcomputer) that you linked for me. Link to post Share on other sites More sharing options...
Psychotic Posted November 13, 2013 ID:753023 Share Posted November 13, 2013 OK, I´ve got the file. Combofix scripting1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Download the attached CFScript.txt and save it to the location where Combofix is.Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Full System Scan with Malwarebytes Antimalware If not existing, please download Malwarebytes' Anti-Malware to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If the program is already installed:Run Malwarebytes AntimalwareIf an update is found, it will download and install the latest version.Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Please save it to a convenient location.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txtPost that log back here. CFScript.txt Link to post Share on other sites More sharing options...
NSCodeRed Posted November 13, 2013 Author ID:753234 Share Posted November 13, 2013 Here is the log from ComboFix ComboFix 13-11-12.01 - Nick 11/13/2013 14:49:50.4.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12265.10404 [GMT -5:00] Running from: c:\users\Nick\Desktop\ComboFix.exe Command switches used :: c:\users\Nick\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . FILE :: "c:\windows\system32\drivers\hgqiglzk.sys" "c:\windows\system32\drivers\hgqiglzk.sys" . . ((((((((((((((((((((((((( Files Created from 2013-10-13 to 2013-11-13 ))))))))))))))))))))))))))))))) . . 2013-11-13 19:56 . 2013-11-13 19:56 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-11-13 19:56 . 2013-11-13 19:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-11-13 19:56 . 2013-11-13 19:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-13 19:40 . 2013-11-13 19:40 46768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF71AD65-1930-4BFD-8650-162D36210323}\MpKslfe149707.sys 2013-11-13 13:42 . 2013-11-13 13:42 46768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF71AD65-1930-4BFD-8650-162D36210323}\MpKslc95a29de.sys 2013-11-13 13:23 . 2013-11-13 19:40 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF71AD65-1930-4BFD-8650-162D36210323}\offreg.dll 2013-11-13 13:23 . 2013-11-13 13:23 46768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF71AD65-1930-4BFD-8650-162D36210323}\MpKsl89426992.sys 2013-11-13 12:24 . 2013-11-13 19:56 -------- d-----w- c:\users\Nick\AppData\Local\temp 2013-11-12 22:56 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF71AD65-1930-4BFD-8650-162D36210323}\mpengine.dll 2013-11-11 19:08 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-11-08 16:53 . 2013-11-08 17:06 -------- d-----w- c:\users\Nick\AppData\Local\Bgtion 2013-11-07 02:36 . 2013-10-18 06:58 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{69F15E0A-4EC0-4FB0-8EF6-C33DB3315AFD}\gapaengine.dll 2013-10-31 11:05 . 2013-10-31 11:05 -------- d-----w- c:\users\Nick\AppData\Roaming\Guild Wars 2 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-13 19:41 . 2012-03-29 06:45 376 ----a-w- c:\users\Nick\AppData\Roaming\sp_data.sys 2013-10-18 06:58 . 2012-06-13 15:45 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-10-15 15:48 . 2012-02-17 21:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-04 19:09 . 2011-08-24 03:54 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe 2013-09-26 06:46 . 2012-02-18 06:47 80541720 ----a-w- c:\windows\system32\MRT.exe 2013-09-22 23:28 . 2013-10-10 00:07 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-09-22 23:27 . 2013-10-10 00:07 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-09-22 23:27 . 2013-10-10 00:07 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-09-22 23:27 . 2013-10-10 00:07 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-09-22 22:55 . 2013-10-10 00:07 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-09-22 22:55 . 2013-10-10 00:07 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-09-22 22:55 . 2013-10-10 00:07 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-09-22 22:54 . 2013-10-10 00:07 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-09-22 22:54 . 2013-10-10 00:07 19252224 ----a-w- c:\windows\system32\mshtml.dll 2013-09-22 22:54 . 2013-10-10 00:07 855552 ----a-w- c:\windows\system32\jscript.dll 2013-09-22 22:54 . 2013-10-10 00:07 3959296 ----a-w- c:\windows\system32\jscript9.dll 2013-09-22 22:54 . 2013-10-10 00:07 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-09-22 22:54 . 2013-10-10 00:07 526336 ----a-w- c:\windows\system32\ieui.dll 2013-09-22 22:54 . 2013-10-10 00:07 67072 ----a-w- c:\windows\system32\iesetup.dll 2013-09-22 22:54 . 2013-10-10 00:07 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-09-22 22:54 . 2013-10-10 00:07 2647552 ----a-w- c:\windows\system32\iertutil.dll 2013-09-22 22:54 . 2013-10-10 00:07 136704 ----a-w- c:\windows\system32\iesysprep.dll 2013-09-22 22:54 . 2013-10-10 00:07 15404544 ----a-w- c:\windows\system32\ieframe.dll 2013-09-21 03:38 . 2013-10-10 00:07 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-09-21 03:30 . 2013-10-10 00:07 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-09-21 02:48 . 2013-10-10 00:07 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-09-21 02:39 . 2013-10-10 00:07 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-09-14 01:10 . 2013-10-09 23:20 497152 ----a-w- c:\windows\system32\drivers\afd.sys 2013-09-08 02:30 . 2013-10-09 23:20 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-09-08 02:27 . 2013-10-09 23:20 327168 ----a-w- c:\windows\system32\mswsock.dll 2013-09-08 02:03 . 2013-10-09 23:20 231424 ----a-w- c:\windows\SysWow64\mswsock.dll 2013-09-04 12:12 . 2013-10-11 05:14 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-09-04 12:11 . 2013-10-11 05:14 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-09-04 12:11 . 2013-10-11 05:14 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-09-04 12:11 . 2013-10-11 05:14 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-09-04 12:11 . 2013-10-11 05:14 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-09-04 12:11 . 2013-10-11 05:14 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-09-04 12:11 . 2013-10-11 05:14 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-08-29 02:17 . 2013-10-09 23:20 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-29 02:16 . 2013-10-09 23:20 1732032 ----a-w- c:\windows\system32\ntdll.dll 2013-08-29 02:16 . 2013-10-09 23:20 243712 ----a-w- c:\windows\system32\wow64.dll 2013-08-29 02:16 . 2013-10-09 23:20 859648 ----a-w- c:\windows\system32\tdh.dll 2013-08-29 02:13 . 2013-10-09 23:20 878080 ----a-w- c:\windows\system32\advapi32.dll 2013-08-29 01:51 . 2013-10-09 23:20 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51 . 2013-10-09 23:20 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50 . 2013-10-09 23:20 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-08-29 01:50 . 2013-10-09 23:20 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll 2013-08-29 01:50 . 2013-10-09 23:20 619520 ----a-w- c:\windows\SysWow64\tdh.dll 2013-08-29 01:48 . 2013-10-09 23:20 640512 ----a-w- c:\windows\SysWow64\advapi32.dll 2013-08-29 01:48 . 2013-10-09 23:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-08-29 00:49 . 2013-10-09 23:20 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-08-29 00:49 . 2013-10-09 23:20 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-08-29 00:49 . 2013-10-09 23:20 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-08-29 00:49 . 2013-10-09 23:20 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-08-28 01:21 . 2013-10-09 23:20 3155968 ----a-w- c:\windows\system32\win32k.sys 2013-08-28 01:12 . 2013-10-09 23:20 461312 ----a-w- c:\windows\system32\scavengeui.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE" [2013-01-24 297024] "Bgtion Update"="c:\users\Nick\AppData\Local\Bgtion\pkcs11-helper-1.dll" [2013-11-08 795136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992] "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032] "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-08-24 3058304] "THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-03-17 909312] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-04-08 45448] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-06 102568] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2012-07-19 48128] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2013-03-28 1058880] . c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288] . c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-1 548528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] R3 HawkesUpdater;Hawkes Unattended Updater;c:\program files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe;c:\program files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [x] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x] S1 MpKsl89426992;MpKsl89426992;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF71AD65-1930-4BFD-8650-162D36210323}\MpKsl89426992.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF71AD65-1930-4BFD-8650-162D36210323}\MpKsl89426992.sys [x] S1 MpKslc95a29de;MpKslc95a29de;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF71AD65-1930-4BFD-8650-162D36210323}\MpKslc95a29de.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF71AD65-1930-4BFD-8650-162D36210323}\MpKslc95a29de.sys [x] S1 MpKslfe149707;MpKslfe149707;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF71AD65-1930-4BFD-8650-162D36210323}\MpKslfe149707.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF71AD65-1930-4BFD-8650-162D36210323}\MpKslfe149707.sys [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x] S2 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [x] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x] S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe;c:\expressgateutil\VAWinService.exe [x] S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x] S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x] S3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;c:\windows\system32\DRIVERS\fspad_win764.sys;c:\windows\SYSNATIVE\DRIVERS\fspad_win764.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSLFE149707 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-10-16 07:15 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-11-12 c:\windows\Tasks\EPSON XP-310 Series Invitation {000F3676-290B-4C0B-BEB2-A06E917FD94D}.job - c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-10-04 05:20] . 2013-11-12 c:\windows\Tasks\EPSON XP-310 Series Update {000F3676-290B-4C0B-BEB2-A06E917FD94D}.job - c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-10-04 05:20] . 2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-15 21:54] . 2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-15 21:54] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552] "fspuip"="c:\program files (x86)\FSP\fspuip.exe" [bU] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600] "Setwallpaper"="c:\programdata\SetWallpaper.cmd" [bU] "MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [bU] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1909249093-874876743-655935046-1000\Software\SecuROM\License information*] "datasecu"=hex:44,12,e0,d6,5a,52,4c,3c,1c,84,41,41,52,11,4d,df,3c,38,35,ca,1c, 72,90,d0,9c,13,63,04,68,f8,f1,df,7a,cb,98,03,08,64,27,52,96,6e,e6,65,cc,4c,\ "rkeysecu"=hex:ac,c1,19,fa,90,50,f6,03,d2,b5,8b,39,8c,ad,6d,6d . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-11-13 14:57:20 ComboFix-quarantined-files.txt 2013-11-13 19:57 ComboFix2.txt 2013-11-13 12:18 ComboFix3.txt 2013-11-12 15:26 ComboFix4.txt 2013-11-11 15:51 . Pre-Run: 117,389,119,488 bytes free Post-Run: 117,481,771,008 bytes free . - - End Of File - - 9DFE9A56B32C11D116D7EF3BF2945CC2 Link to post Share on other sites More sharing options...
NSCodeRed Posted November 13, 2013 Author ID:753237 Share Posted November 13, 2013 Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.13.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 Nick :: NICK-PC [administrator] 11/13/2013 3:02:32 PM mbam-log-2013-11-13 (15-02-32).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|Q:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 773125 Time elapsed: 1 hour(s), 8 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 1 C:\Users\Nick\AppData\Local\Bgtion\pkcs11-helper-1.dll (VirTool.Vbcrypt) -> Delete on reboot. Registry Keys Detected: 3 HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GOOGLEUPDATE.EXE (Rootkit.0Access.EM) -> Quarantined and deleted successfully. HKCU\SOFTWARE\IMINENT (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKCU\Software\Iminent|SearchEngineOptin (PUP.Optional.Iminent.A) -> Data: 0 -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 6 C:\Users\Nick\AppData\Local\Bgtion\pkcs11-helper-1.dll (VirTool.Vbcrypt) -> Delete on reboot. c:\program files (x86)\google\desktop\install\{80aa28bd-953b-0d79-ac52-59b01480de54}\ \...\ﯹ๛\{80aa28bd-953b-0d79-ac52-59b01480de54}\googleupdate.exe (Rootkit.0Access.EM) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\[156]-Submit_2013-11-12_10.00.01.zip (VirTool.Vbcrypt) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\[156]-Submit_2013-11-13_07.04.41.zip (VirTool.Vbcrypt) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Users\Nick\AppData\Local\Google\Desktop\Install\{80aa28bd-953b-0d79-ac52-59b01480de54}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{80aa28bd-953b-0d79-ac52-59b01480de54}\GoogleUpdate.exe (Rootkit.0Access.EM) -> Quarantined and deleted successfully. (end) Link to post Share on other sites More sharing options...
Psychotic Posted November 14, 2013 ID:753424 Share Posted November 14, 2013 Scan with ESET Online ScanPlease go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
NSCodeRed Posted November 14, 2013 Author ID:753499 Share Posted November 14, 2013 Trying my best to do run the ESET scan. Windows Explorer is having issues loading fully and Internet Explorer won't run at all but I've been able to get Google Chrome to work so I'll see how that goes... Link to post Share on other sites More sharing options...
Psychotic Posted November 14, 2013 ID:753501 Share Posted November 14, 2013 Skip that. Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk: Click the "Windows Orb" Start button, then click Computer. Right-click on the drive that you wish to check > Properties > Tools tab In the "Error checking" section, click on Check now. Place a checkmark in both boxes > Start. If the disk you have chosen is the Windows system disk: A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?". Click Schedule disk check > OK and close all windows. Re-start the computer. The disk will be checked when the system boots. This will take some time to run and at times may appear stalled but just let it run. When the disk check is complete, the system will re-start automatically and load Windows.A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.To open Event Viewer and view the log: Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key. The Event Viewer window will open. In the left pane, expand "Windows Logs" and then click on Application. In the right pane, at the top, click on the column heading Source to sort the list alphabetically. Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check. Click on that Wininit entry to select it. On the top main menu, click Action > Copy > Copy Details as Text. Paste the contents into your next reply. Link to post Share on other sites More sharing options...
NSCodeRed Posted November 14, 2013 Author ID:753687 Share Posted November 14, 2013 Log Name: ApplicationSource: Microsoft-Windows-WininitDate: 11/14/2013 1:51:30 PMEvent ID: 1001Task Category: NoneLevel: InformationKeywords: ClassicUser: N/AComputer: Nick-PCDescription: Checking file system on C:The type of the file system is NTFS.Volume label is OS. A disk check has been scheduled.Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 403200 file records processed. File verification completed. 524 large file records processed. 0 bad file records processed. 4 EA records processed. 60 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 459790 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 403200 file SDs/SIDs processed. Cleaning up 806 unused index entries from index $SII of file 0x9.Cleaning up 806 unused index entries from index $SDH of file 0x9.Cleaning up 806 unused security descriptors.Security descriptor verification completed. 28296 data files processed. CHKDSK is verifying Usn Journal... 37419488 USN bytes processed. Usn Journal verification completed.CHKDSK is verifying file data (stage 4 of 5)... 403184 files processed. File data verification completed.CHKDSK is verifying free space (stage 5 of 5)... 28081939 free clusters processed. Free space verification is complete.CHKDSK discovered free space marked as allocated in themaster file table (MFT) bitmap.CHKDSK discovered free space marked as allocated in the volume bitmap.Windows has made corrections to the file system.293028863 KB total disk space.179979908 KB in 374209 files. 204688 KB in 28297 indexes. 4 KB in bad sectors. 516503 KB in use by the system. 65536 KB occupied by the log file.112327760 KB available on disk. 4096 bytes in each allocation unit. 73257215 total allocation units on disk. 28081940 allocation units available on disk.Internal Info:00 27 06 00 50 24 06 00 14 dc 0b 00 00 00 00 00 .'..P$..........dc 05 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 ....<...........00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk.Please wait while your computer restarts.Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" /> <EventID Qualifiers="16384">1001</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2013-11-14T18:51:30.000000000Z" /> <EventRecordID>34526</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>Nick-PC</Computer> <Security /> </System> <EventData> <Data> Checking file system on C:The type of the file system is NTFS.Volume label is OS. A disk check has been scheduled.Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 403200 file records processed. File verification completed. 524 large file records processed. 0 bad file records processed. 4 EA records processed. 60 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 459790 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 403200 file SDs/SIDs processed. Cleaning up 806 unused index entries from index $SII of file 0x9.Cleaning up 806 unused index entries from index $SDH of file 0x9.Cleaning up 806 unused security descriptors.Security descriptor verification completed. 28296 data files processed. CHKDSK is verifying Usn Journal... 37419488 USN bytes processed. Usn Journal verification completed.CHKDSK is verifying file data (stage 4 of 5)... 403184 files processed. File data verification completed.CHKDSK is verifying free space (stage 5 of 5)... 28081939 free clusters processed. Free space verification is complete.CHKDSK discovered free space marked as allocated in themaster file table (MFT) bitmap.CHKDSK discovered free space marked as allocated in the volume bitmap.Windows has made corrections to the file system.293028863 KB total disk space.179979908 KB in 374209 files. 204688 KB in 28297 indexes. 4 KB in bad sectors. 516503 KB in use by the system. 65536 KB occupied by the log file.112327760 KB available on disk. 4096 bytes in each allocation unit. 73257215 total allocation units on disk. 28081940 allocation units available on disk.Internal Info:00 27 06 00 50 24 06 00 14 dc 0b 00 00 00 00 00 .'..P$..........dc 05 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 ....<...........00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk.Please wait while your computer restarts.</Data> </EventData></Event> Link to post Share on other sites More sharing options...
NSCodeRed Posted November 14, 2013 Author ID:753690 Share Posted November 14, 2013 I was able to get ESET to work before I used that windows utility but windows shut down right before I could copy the log :\ Link to post Share on other sites More sharing options...
Psychotic Posted November 15, 2013 ID:753882 Share Posted November 15, 2013 System File CheckFor Windows XP: Press the Windows- and the R-key simultanously. Within the text box that jus opened, write cmd and hit Enter.For Windows Vista/7: Press the Windows key to open the start menu. Don´t highlight anything, just write cmd. The start menu will offer you an entry named cmd. Right click it and select "run as administrator"Within the opening window, write the following:sfc /scannow(See the blank within). Hit enter. Your system will be checked for damaged system files. Tell me the result of that scan in here (as the tool produces no log). Link to post Share on other sites More sharing options...
Recommended Posts