Jump to content

'name Not Available' In Audio Mixer


Recommended Posts

I noticed this today that my audio mixer has a 'Name not Available' slider, I did some digging and found out it may be an infection, I ran some stands antivirus checks and nothing came up.When I rebooted I ended up with two Name not Available' sliders.
I've tried some things but the truth is I don't really  know what I'm doing. I would really appreciate some help.

Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log

Then......

Download DDS from one of the links below and save it to your desktop:

http://download.bleepingcomputer.com/sUBs/dds.scr

http://download.bleepingcomputer.com/sUBs/dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 or Win 8 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs: DDS.txt and Attach.txt

Save both reports to your desktop

Please Copy & Paste the contents of the following logs in your next reply

You can ignore the note about zipping the Attach.txt file

(please don't put logs in code or quotes and use the default font)

Don't forget to RogueKiller below

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites
Before receiving a reply I tried a few things and the problem seems to have stopped, but I will post the reports just to be sure

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 24/04/2014

Scan Time: 04:18:34

Logfile: 

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.04.24.02

Rootkit Database: v2014.03.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Apple

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 269058

Time Elapsed: 5 min, 14 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites
DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.55.2

Run by Apple at 4:24:07 on 2014-04-24

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8156.6041 [GMT 1:00]

.

AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}

SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe

C:\Program Files\Tablet\Wacom\WacomHost.exe

C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\wmi64.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.


BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [bambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:28

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm

IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll

TCP: NameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{0C9D2F1B-4F4A-4304-AA60-0170F248C43F} : DHCPNameServer = 194.168.4.100 194.168.8.100

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Apple\AppData\Roaming\Mozilla\Firefox\Profiles\qqsabzjn.default\

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-6-8 55280]

R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-6-7 22680]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]

R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]

R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904]

R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-6-6 178272]

R2 avp;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-10-11 214512]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-6-7 166720]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-23 1809720]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-23 857912]

R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-22 1615192]

R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-30 20541216]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-4-8 411936]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-7 365376]

R2 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Apple\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2013-6-9 14544]

R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2014-3-17 621336]

R3 CMUSBDAC;USB Audio Class 1.0 and 2.0 DAC Device Driver;C:\Windows\System32\drivers\CMUSBDAC.sys [2013-10-15 386560]

R3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2013-6-9 14136]

R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-10-11 29280]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-10-11 29280]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-4-23 25816]

R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-23 119512]

R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-23 63192]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]

R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-4-8 40392]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-6-7 646248]

R3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2014-3-17 90424]

R3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2014-3-17 15160]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 ElgatoGC658Y;Elgato Game Capture;C:\Windows\System32\drivers\ElgatoGC658.sys [2012-11-12 50288]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2013-6-9 25640]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-6-23 57840]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]

S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2013-6-7 30528]

S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-6-7 160256]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-22 111616]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-4-22 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-22 56832]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-8 1255736]

S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2013-6-8 115296]

.

=============== Created Last 30 ================

.

2014-04-23 22:28:48 -------- d-----w- C:\Windows\ERUNT

2014-04-23 21:57:44 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-04-23 15:44:18 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2014-04-23 15:44:00 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2014-04-23 15:44:00 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys

2014-04-23 15:44:00 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-04-23 15:43:59 -------- d-----w- C:\ProgramData\Malwarebytes

2014-04-23 15:43:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-23 15:38:14 -------- d-----w- C:\Program Files\CCleaner

2014-04-23 15:36:14 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2014-04-23 15:30:29 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2014-04-23 15:27:19 -------- d-sh--w- C:\$RECYCLE.BIN

2014-04-23 14:00:58 98816 ----a-w- C:\Windows\sed.exe

2014-04-23 14:00:58 256000 ----a-w- C:\Windows\PEV.exe

2014-04-23 14:00:58 208896 ----a-w- C:\Windows\MBR.exe

2014-04-23 13:39:21 -------- d-----w- C:\AdwCleaner

2014-04-22 11:05:33 6574592 ----a-w- C:\Windows\System32\mstscax.dll

2014-04-22 11:05:33 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll

2014-04-22 11:05:16 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A6185D8-B8AA-4DAF-B81E-CC0347FE3CB1}\mpengine.dll

2014-04-22 10:55:44 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll

2014-04-22 10:55:41 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys

2014-04-22 10:55:39 243200 ----a-w- C:\Windows\System32\rdpudd.dll

2014-04-22 10:55:39 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll

2014-04-22 10:55:39 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll

2014-04-22 10:55:38 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll

2014-04-22 10:55:04 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll

2014-04-22 10:55:04 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll

2014-04-22 10:54:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2014-04-22 10:54:59 366592 ----a-w- C:\Windows\System32\qdvd.dll

2014-04-19 22:49:22 -------- d-----w- C:\Users\Apple\AppData\Roaming\com.adobe.amp

2014-04-13 04:11:38 -------- d-----w- C:\Users\Apple\AppData\Local\Eraser 6

2014-04-12 17:48:29 -------- d-----w- C:\Program Files\Eraser

2014-04-11 23:22:41 -------- d-----w- C:\Users\Apple\AppData\Roaming\Nidhogg

2014-04-10 11:54:03 1002728 ----a-w- C:\Windows\System32\WinUSBCoInstaller2.dll

2014-04-10 11:53:04 -------- d-----w- C:\Users\Apple\AppData\Roaming\DS Capture

2014-04-10 01:18:46 -------- d-----w- C:\Users\Apple\New folder

2014-04-10 01:16:57 -------- d-----w- C:\Users\Apple\AppData\Roaming\TrueCrypt

2014-04-10 01:16:35 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys

2014-04-10 01:16:15 -------- d-----w- C:\Program Files\TrueCrypt

2014-04-08 00:52:14 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2014-04-08 00:45:51 40392 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys

2014-04-08 00:45:51 33568 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll

2014-03-27 22:14:13 -------- d-----w- C:\Users\Apple\AppData\Local\Skype

2014-03-27 22:13:59 -------- d-----r- C:\Program Files (x86)\Skype

.

==================== Find3M  ====================

.

2014-04-10 11:42:32 25640 ------w- C:\Windows\gdrv.sys

2014-04-09 21:00:23 30528 ----a-w- C:\Windows\GVTDrv64.sys

2014-04-02 13:27:17 1081112 ----a-w- C:\Windows\SysWow64\nvspcap.dll

2014-04-02 13:27:05 1225920 ----a-w- C:\Windows\System32\nvspcap64.dll

2014-04-01 12:55:45 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-04-01 12:55:45 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-03-31 08:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe

2014-03-25 00:01:42 115296 ----a-w- C:\Windows\System32\drivers\klflt.sys

2014-03-21 19:43:50 37320 ----a-w- C:\Windows\System32\nvaudcap64v.dll

2014-03-06 09:32:16 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll

2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll

2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-03-06 08:32:07 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll

2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll

2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll

2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll

2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll

2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll

2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll

2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll

2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll

2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe

2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll

2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll

2014-03-04 13:05:53 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin

2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll

2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll

2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe

2014-02-18 11:05:48 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys

2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys

2014-02-04 02:35:56 190912 ----a-w- C:\Windows\System32\drivers\storport.sys

2014-02-04 02:35:49 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys

2014-02-04 02:35:35 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll

2014-02-04 02:28:36 2048 ----a-w- C:\Windows\System32\iologmsg.dll

2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2014-02-04 02:00:39 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll

2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll

2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll

2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll

.

============= FINISH:  4:24:26.13 ===============

 

 


.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 07/06/2013 01:06:00

System Uptime: 24/04/2014 04:07:53 (0 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. |  | H61M-S2PV REV 2.2

Processor: Intel® Core i5-3570 CPU @ 3.40GHz | Intel® Core i5-3570 CPU @ 3.40GHz | 2394/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 1863 GiB total, 1315.401 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP151: 22/04/2014 11:48:58 - Installed DirectX

RP152: 22/04/2014 11:55:12 - Windows Update

RP153: 22/04/2014 13:23:15 - Removed Java 7 Update 51

RP154: 22/04/2014 14:43:51 - Windows Update

RP155: 23/04/2014 16:31:27 - Revo Uninstaller's restore point - Ursa Spelling

RP156: 23/04/2014 16:35:34 - Installed Java 7 Update 55

RP157: 24/04/2014 00:29:10 - Removed Microsoft LifeCam

.

==== Installed Programs ======================

.

@BIOS

64 Bit HP CIO Components Installer

9.03m

Adobe AIR

Adobe Community Help

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 ActiveX

Adobe Flash Player 12 Plugin

Adobe Media Player

Adobe Reader XI (11.0.03)

AIM for Windows

Amnesia: A Machine for Pigs

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Assassin’s Creed® III

Assault Android Cactus

Audacity 2.0.3

AutoGreen B12.0206.1

Bamboo Dock

Batman™: Arkham Origins

BioShock Infinite

Bonjour

Broforce

Brothers - A Tale of Two Sons

Castle of Illusion

CCleaner

Cloudberry Kingdom

Company of Heroes 2

D3DX10

Democracy 3

DJ_AIO_06_F2400_SW_Min

DmC Devil May Cry

Don't Starve

DuckTales Remastered

Easy Tune 6 B12.1102.1

Elgato Game Capture HD

Eraser 6.0.10.2620

F1 2013

Far Cry® 3

Far Cry® 3 Blood Dragon

Final Hours of Tomb Raider

Foul Play

Fraps (remove only)

FTL: Faster Than Light

Gone Home

Goodbye Deponia

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

GRID 2

Gun Monkeys

Gunpoint

Half Minute Hero: Super Mega Neo Climax Ultimate Boy

HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6

ImgBurn

Intel® Management Engine Components

Intel® Trusted Connect Service Client

iTunes

Java 7 Update 55

Java Auto Updater

join.me

Junk Mail filter update

Kaspersky Internet Security

LAME v3.99.3 (for Windows)

League of Legends

LEGO MARVEL Super Heroes

Malwarebytes Anti-Malware version 2.0.1.1004

Master Reboot

Memoria

Metal Slug 3

Metro: Last Light

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Corporation

Microsoft Silverlight

Microsoft SkyDrive

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610

Microsoft XNA Framework Redistributable 4.0

Microsoft XNA Framework Redistributable 4.0 Refresh

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

MirrorMoon EP

Monaco

Montague's Mount

Movie Maker

Mozilla Firefox 21.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSVCRT110

MSVCRT110_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MultiScreen

My Game Long Name

Nidhogg

NVIDIA 3D Vision Controller Driver 335.21

NVIDIA 3D Vision Driver 335.23

NVIDIA Control Panel 335.23

NVIDIA GeForce Experience 2.0

NVIDIA Graphics Driver 335.23

NVIDIA HD Audio Driver 1.3.30.1

NVIDIA Install Application

NVIDIA LED Visualizer 1.0

NVIDIA Network Service

NVIDIA PhysX

NVIDIA PhysX System Software 9.13.1220

NVIDIA ShadowPlay 12.4.55

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 12.4.55

NVIDIA Update Core

NVIDIA Virtual Audio 1.2.22

ON_OFF Charge B12.1025.1

Open Broadcaster Software

OpenOffice 4.0.0

Pando Media Booster

Papers, Please

PAYDAY 2

Photo Common

Photo Gallery

Pokemon Showdown

PxMergeModule

Rayman Legends

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Remember Me

Revo Uninstaller 1.95

Rogue Legacy

Saints Row IV

Samsung_MonSetup

Scan

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

SHIELD Streaming

ShootMania Storm

Skullgirls

Skullgirls Beta

Skulls of the Shogun

Skype™ 6.14

South Park™: The Stick of Truth™

Spotify

Steam

Strike Suit Zero

Super Meat Boy

Surgeon Simulator 2013

System Requirements Lab for Intel

Talisman: Digital Edition

Team Fortress 2

The 39 Steps

The Night of the Rabbit

The Stanley Parable

The Walking Dead

The Walking Dead: Season Two

The Wolf Among Us

They Bleed Pixels

Tom Clancy's Splinter Cell Blacklist

Tomb Raider

Toolbox

Total War: ROME II

TrueCrypt

Unity Web Player

VLC media player 2.0.6

Wacom Tablet

WebTablet FB Plugin 32 bit

WebTablet FB Plugin 64 bit

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.20 (64-bit)

.

==== End Of File ===========================

Link to post
Share on other sites

I believe I spoke to soon as the problem returned. I also forgot to post the last report last night.

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Apple [Admin rights]
Mode : Scan -- Date : 04/24/2014 04:35:16
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD20EZRX-00DC0B0 ATA Device +++++
--- User ---
[MBR] 0424e1249de7b2683d74b28448b6658d
[bSP] 8e35dd9d12a142f2e137ce455a883e06 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_04242014_043516.txt >>
Link to post
Share on other sites

OK......
Make sure you have created a restore point and.....
bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ----------------------------------------------

    Make sure you have created that system restore point before you continue!

    Please read the directions carefully so you don't end up deleting something that is good!!

    If in doubt about an entry....please ask or choose Skip!!!!

    Don't Delete anything unless instructed to!

    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If a suspicious object is detected, the default action will be Skip, click on Continue

    Please note that TDSSKiller can be run in safe mode if needed.

    Please download the latest version of TDSSKiller from HERE and save it to your Desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

      image000q.png
    • Put a checkmark beside loaded modules.

      2012081514h0118.png
    • A reboot will be needed to apply the changes. Do it.
    • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
    • Then click on Change parameters in TDSSKiller.
    • Check all boxes then click OK.

      clip.jpg
    • Click the Start Scan button.

      19695967.jpg
    • The scan should take no longer than 2 minutes.
    • If a suspicious object is detected, the default action will be Skip, click on Continue.

      67776163.jpg

      Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

      If in doubt about an entry....please ask or choose Skip
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
      Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

      62117367.jpg

      Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
    • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
    • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    Here's a summary of what to do if you would like to print it out:

    If in doubt about an entry....please ask or choose Skip

    Don't Delete anything unless instructed to!

    If a suspicious object is detected, the default action will be Skip, click on Continue

    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    ~~~~~~~~~~~~~~~~~~~~

    You can attach the logs if they're too long:

    Bottom right corner of this page.
    reply1.jpg

    New window that comes up.
    replyer1.jpg


    Then...........

    Please download and run ComboFix.

    The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

    Please visit this webpage for download links, and instructions for running ComboFix

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

    Please make sure you click download buttons that look similar to this, not "sponsored ad links":

    bleep-crop.jpg

    Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Information on disabling your malware programs can be found Here.

    Make sure you run ComboFix from your desktop.

    Give it at least 30-45 minutes to finish if needed.

    Please include the C:\ComboFix.txt in your next reply for further review.

    ---------->NOTE<----------

    If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

    MrC

     
Link to post
Share on other sites
ComboFix 14-04-20.01 - Apple 24/04/2014  13:09:01.4.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8156.5935 [GMT 1:00]

Running from: c:\users\Apple\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}

FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((   Files Created from 2014-03-24 to 2014-04-24  )))))))))))))))))))))))))))))))

.

.

2014-04-24 12:15 . 2014-04-24 12:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-04-23 22:28 . 2014-04-24 11:43 -------- d-----w- c:\windows\ERUNT

2014-04-23 21:57 . 2014-04-23 22:05 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2014-04-23 15:44 . 2014-04-24 11:49 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-04-23 15:44 . 2014-04-23 21:57 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-04-23 15:44 . 2014-04-03 08:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-04-23 15:44 . 2014-04-03 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-04-23 15:43 . 2014-04-23 15:44 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware

2014-04-23 15:43 . 2014-04-23 15:43 -------- d-----w- c:\programdata\Malwarebytes

2014-04-23 15:38 . 2014-04-23 15:38 -------- d-----w- c:\program files\CCleaner

2014-04-23 15:36 . 2014-04-23 15:36 -------- d-----w- c:\program files (x86)\Common Files\Java

2014-04-23 15:36 . 2014-04-23 15:36 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-04-23 15:30 . 2014-04-23 15:30 -------- d-----w- c:\program files (x86)\VS Revo Group

2014-04-23 13:39 . 2014-04-23 15:06 -------- d-----w- C:\AdwCleaner

2014-04-22 11:05 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll

2014-04-22 11:05 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll

2014-04-22 11:05 . 2014-04-17 04:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A6185D8-B8AA-4DAF-B81E-CC0347FE3CB1}\mpengine.dll

2014-04-22 10:56 . 2014-03-06 08:32 574976 ----a-w- c:\windows\system32\ieui.dll

2014-04-22 10:55 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll

2014-04-22 10:55 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys

2014-04-22 10:55 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll

2014-04-22 10:55 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll

2014-04-22 10:55 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll

2014-04-22 10:55 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll

2014-04-22 10:55 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll

2014-04-22 10:55 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll

2014-04-22 10:54 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2014-04-22 10:54 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2014-04-19 23:44 . 2014-04-24 03:08 -------- d-----w- c:\program files (x86)\7-Zip

2014-04-19 22:49 . 2014-04-19 22:49 -------- d-----w- c:\users\Apple\AppData\Roaming\com.adobe.amp

2014-04-13 04:11 . 2014-04-13 04:11 -------- d-----w- c:\users\Apple\AppData\Local\Eraser 6

2014-04-12 17:48 . 2014-04-12 17:48 -------- d-----w- c:\program files\Eraser

2014-04-11 23:22 . 2014-04-11 23:38 -------- d-----w- c:\users\Apple\AppData\Roaming\Nidhogg

2014-04-10 11:54 . 2014-04-10 11:54 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll

2014-04-10 11:53 . 2014-04-10 12:08 -------- d-----w- c:\users\Apple\AppData\Roaming\DS Capture

2014-04-10 01:18 . 2014-04-10 01:18 -------- d-----w- c:\users\Apple\New folder

2014-04-10 01:16 . 2014-04-10 01:26 -------- d-----w- c:\users\Apple\AppData\Roaming\TrueCrypt

2014-04-10 01:16 . 2014-04-10 01:16 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2014-04-10 01:16 . 2014-04-10 01:16 -------- d-----w- c:\program files\TrueCrypt

2014-04-08 00:52 . 2014-04-08 00:52 -------- d-----w- c:\program files (x86)\AGEIA Technologies

2014-04-08 00:52 . 2014-03-04 11:32 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2014-04-08 00:45 . 2014-03-21 19:43 40392 ----a-w- c:\windows\system32\drivers\nvvad64v.sys

2014-04-08 00:45 . 2014-03-21 19:43 33568 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll

2014-04-05 13:22 . 2014-04-22 12:49 -------- d-----w- c:\users\Apple\AppData\Roaming\vlc

2014-03-27 22:14 . 2014-03-27 22:14 -------- d-----w- c:\users\Apple\AppData\Local\Skype

2014-03-27 22:13 . 2014-03-27 22:13 -------- d-----w- c:\program files (x86)\Common Files\Skype

2014-03-27 22:13 . 2014-03-27 22:13 -------- d-----r- c:\program files (x86)\Skype

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-04-10 11:42 . 2013-06-07 00:47 25640 ------w- c:\windows\gdrv.sys

2014-04-10 02:01 . 2013-06-08 00:49 90655440 ----a-w- c:\windows\system32\MRT.exe

2014-04-09 21:00 . 2013-06-07 00:47 30528 ----a-w- c:\windows\GVTDrv64.sys

2014-04-02 13:27 . 2014-01-22 21:04 1081112 ----a-w- c:\windows\SysWow64\nvspcap.dll

2014-04-02 13:27 . 2014-01-22 21:04 1225920 ----a-w- c:\windows\system32\nvspcap64.dll

2014-04-01 12:55 . 2013-06-07 01:08 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-04-01 12:55 . 2013-06-07 01:08 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-03-31 08:35 . 2013-06-07 00:26 270496 ------w- c:\windows\system32\MpSigStub.exe

2014-03-25 00:01 . 2013-10-11 13:25 625248 ----a-w- c:\windows\system32\drivers\klif.sys

2014-03-25 00:01 . 2013-06-08 20:18 115296 ----a-w- c:\windows\system32\drivers\klflt.sys

2014-03-21 19:43 . 2013-07-30 20:59 37320 ----a-w- c:\windows\system32\nvaudcap64v.dll

2014-03-04 14:35 . 2013-06-08 01:55 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll

2014-03-04 14:35 . 2013-06-07 00:59 62408 ----a-w- c:\windows\system32\OpenCL.dll

2014-03-04 14:35 . 2013-06-07 00:59 54216 ----a-w- c:\windows\SysWow64\OpenCL.dll

2014-03-04 14:35 . 2013-06-07 00:52 947808 ----a-w- c:\windows\system32\nvumdshimx.dll

2014-03-04 14:35 . 2013-06-07 00:51 3093280 ----a-w- c:\windows\system32\nvapi64.dll

2014-03-04 14:35 . 2013-06-07 00:51 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll

2014-03-04 14:35 . 2013-02-25 23:32 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2014-03-04 13:06 . 2013-06-07 00:59 6714312 ----a-w- c:\windows\system32\nvcpl.dll

2014-03-04 13:06 . 2013-06-07 00:59 3497816 ----a-w- c:\windows\system32\nvsvc64.dll

2014-03-04 13:05 . 2013-06-07 00:59 922968 ----a-w- c:\windows\system32\nvvsvc.exe

2014-03-04 13:05 . 2013-06-07 00:59 64968 ----a-w- c:\windows\system32\nvshext.dll

2014-03-04 13:05 . 2013-06-07 00:59 386336 ----a-w- c:\windows\system32\nvmctray.dll

2014-03-04 13:05 . 2013-06-07 00:59 3649185 ----a-w- c:\windows\system32\nvcoproc.bin

2014-03-04 09:17 . 2014-04-09 21:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2014-02-18 11:05 . 2013-10-11 13:25 29280 ----a-w- c:\windows\system32\drivers\klkbdflt.sys

2014-02-07 01:23 . 2014-03-12 23:12 3156480 ----a-w- c:\windows\system32\win32k.sys

2014-02-04 02:32 . 2014-03-12 23:12 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

2014-02-04 02:32 . 2014-03-12 23:12 624128 ----a-w- c:\windows\system32\qedit.dll

2014-02-04 02:04 . 2014-03-12 23:12 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2014-02-04 02:04 . 2014-03-12 23:12 509440 ----a-w- c:\windows\SysWow64\qedit.dll

2014-01-29 02:32 . 2014-03-12 23:12 484864 ----a-w- c:\windows\system32\wer.dll

2014-01-29 02:06 . 2014-03-12 23:12 381440 ----a-w- c:\windows\SysWow64\wer.dll

2014-01-28 02:32 . 2014-03-12 23:12 228864 ----a-w- c:\windows\system32\wwansvc.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-06-22 23:45 220632 ----a-w- c:\users\Apple\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-06-22 23:45 220632 ----a-w- c:\users\Apple\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-06-22 23:45 220632 ----a-w- c:\users\Apple\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-04-21 1826496]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-10-16 646744]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]

R3 ElgatoGC658Y;Elgato Game Capture;c:\windows\system32\Drivers\ElgatoGC658.sys;c:\windows\SYSNATIVE\Drivers\ElgatoGC658.sys [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]

R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]

S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]

S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]

S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Apple\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys;c:\users\Apple\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [x]

S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]

S3 CMUSBDAC;USB Audio Class 1.0 and 2.0 DAC Device Driver;c:\windows\system32\DRIVERS\CMUSBDAC.sys;c:\windows\SYSNATIVE\DRIVERS\CMUSBDAC.sys [x]

S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]

S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]

S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 75572011

*Deregistered* - 75572011

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-04-10 22:15 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-07 00:15]

.

2014-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-07 00:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-06-22 23:45 244696 ----a-w- c:\users\Apple\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-06-22 23:45 244696 ----a-w- c:\users\Apple\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-06-22 23:45 244696 ----a-w- c:\users\Apple\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-02 1225920]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]

"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [bU]

"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-02 2201032]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{0C9D2F1B-4F4A-4304-AA60-0170F248C43F}: DhcpNameServer = 194.168.4.100 194.168.8.100

FF - ProfilePath - c:\users\Apple\AppData\Roaming\Mozilla\Firefox\Profiles\qqsabzjn.default\

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-75572011.sys

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-295262640-194719373-3639753972-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-295262640-194719373-3639753972-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-295262640-194719373-3639753972-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{72760EB2-E2F0-5EE6-8F2C-661A01B34E53}*]

"haamfmgfakmmiknb"=hex:63,62,64,68,65,64,6e,65,64,66,70,6b,6a,65,6a,6c,63,63,

   6d,6a,62,6b,63,65,6e,6e,6a,68,6a,6a,61,67,66,68,6c,6a,6b,70,00,00

"iacmppnjgigcmomnhd"=hex:63,62,64,68,65,64,6e,65,64,66,70,6b,6a,65,6a,6c,63,63,

   6d,6a,62,6b,63,65,6e,6e,6a,68,6a,6a,61,67,66,68,6c,6a,6b,70,00,00

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-04-24  13:16:11

ComboFix-quarantined-files.txt  2014-04-24 12:16

ComboFix2.txt  2014-04-23 15:27

ComboFix3.txt  2014-04-23 14:38

ComboFix4.txt  2014-04-23 14:08

.

Pre-Run: 1,412,034,637,824 bytes free

Post-Run: 1,411,598,381,056 bytes free

.

- - End Of File - - B83CAF20D38FDF873F36C650D890A312

A36C5E4F47E84449FF07ED3517B43A31

TDSSKiller.3.0.0.33_24.04.2014_12.50.32_log.txt

Link to post
Share on other sites

I don't see the patched file that is usually involved in this problem in any of your logs.

What exactly is the problem?? Is it just the "Name not available" or is there ads playing??

What have you done on your own??

MrC

Link to post
Share on other sites

There are no adds playing, there is just the Slider in my audio mixer.
I have run all these programmes like RougueKiller combofFix and TDSKiller, and several others, I've probably done some damage to my computer by using these tools without really knowing what I'm doing.
I have noticed that as long as MalwareByte is running the slider disappears. If I deactivate it the slider tends to come back.

Link to post
Share on other sites

Run a Full Scan with ESET:

Please run a free online scan with the ESET Online Scanner (it may take a while to run)

Note: You will need to use Internet Explorer for this scan.

First please Disable any Antivirus you have active, as shown in This Topic

Note: Don't forget to re-enable it after the scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats is unchecked and the option Scan unwanted applications is checked

Click Advanced settings and select the following:

  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
Click Start

Wait for the scan to finish

If threats were found:

Click on "list of threats found"

Click on "export to text file" and save it as ESET SCAN and save to the desktop

Click on back

Put a checkmark in "Uninstall application on close"

Click on finish

Post back the log.....MrC

Link to post
Share on other sites

Yes, it's usually caused by this file being patched (infected).

c:\windows\system32\rpcss.dll

If there's no other problems......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Okay this is strange when I rebooted my computer today the slider came back, but after about 10 mins I checked again and it had gone. Before I started this 'cleaning process' it was there all the time. Anyway here's the checkup log

 

 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Kaspersky Internet Security   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 55  
 Adobe Flash Player 10 Flash Player out of Date! 
  Adobe Flash Player 12.0.0.77 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox 21.0 Firefox out of Date!  
 Google Chrome 33.0.1750.154  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 klwtblfs.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

I've never figured out what causes that, you ran a Full Scan with ESET and it came up clean.

Give this a try:

Use your CCleaner to clean out temp files...also:

Clean out temp files:

Download TFC from here and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
http://www.bleepingcomputer.com/download/tfc/dl/92/
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Then........if you haven't already, try running HItman Pro:

http://www.surfright.nl/en/hitmanpro

Let me know....MrC

==================================================

Results for Security Check:

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~

Uninstall all of these from your Programs and Features:
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 12.0.0.77 Flash Player out of Date!

Flash Player:

Check for an update if available
Downloads are at the top of the page. (don't install the McAfee toolbar)

---------------------------------------------


Mozilla Firefox 21.0 Firefox out of Date! <----please check for an update if available.
https://support.mozilla.org/en-US/kb/update-firefox-latest-version

~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (My Preventive Maintenance also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.