Jump to content

FARBAR Results Help Please! :) Yet Another Victim :(


Recommended Posts

Hey if someone could take a peak at this and help me out I would appreciate it. I've run ESET Powelinks, Rogue Killer, MBAR, ComboFix, ADWCleaner, JRT FRST64. I can post all the logs if needed but if we can just use these for now that would save me time. Thank you ahead of time and like I said I can post others if need be or even start fresh.

 

Addition.txt

FRST.txt

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


What is your issue? Is this your computer?


Link to post
Share on other sites

Hi thanks for hopping on. My problem was that I was having some serious issues with issues being renamed and basically hijacking my system. I'm being booted into a false desktop and my CPU usage is constantly soaring into atmospheres unknown. Unfortunately I had to go to work and after doing all that I did I'm guessing that whatever it is had a recovery file that executed itself and to hold again. This time though I boot and I get to the login screen with my profile and password and I can't even do anything it's just a picture I'm guessing not the way screen

Link to post
Share on other sites

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
Link to post
Share on other sites

 

Zoek.exe v5.0.0.0 Updated 04-May-2015

Tool run by Paty on Sun 08/30/2015 at  8:42:55.59.

Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Paty\Desktop\zoek.exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

8/30/2015 8:46:59 AM Zoek.exe System Restore Point Created Successfully.

 

==== Empty Folders Check ======================

 

C:\PROGRA~2\MSXML 4.0 deleted successfully

C:\PROGRA~2\Yahoo! deleted successfully

C:\PROGRA~2\COMMON~1\LWS deleted successfully

C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully

C:\Program Files\Google deleted successfully

C:\Program Files\New folder deleted successfully

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully

C:\PROGRA~3\PCSettings deleted successfully

C:\Users\Paty\AppData\Roaming\Windows Live Writer deleted successfully

C:\Users\Guest\AppData\Local\VirtualStore deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-3100916501-919166950-1855742865-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully

HKEY_USERS\S-1-5-21-3100916501-919166950-1855742865-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== Batch Command(s) Run By Tool======================

 

 

==== Deleting Files \ Folders ======================

 

C:\PROGRA~2\Yahoo! not found

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found

C:\Users\Paty\AppData\LocalLow\Yahoo! deleted

C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted

C:\Windows\wininit.ini deleted

C:\Windows\Syswow64\REN9E2A.tmp deleted

C:\Windows\Syswow64\TBD9E24.tmp deleted

 

==== Firefox Start and Search pages ======================

 

ProfilePath: C:\Users\Paty\AppData\Roaming\Mozilla\Firefox\Profiles\23hak80x.default

user_pref("browser.startup.homepage", "https://www.google.com/?trackid=sp-006");

user_pref("browser.search.defaulturl", "https://www.google.com/search/?trackid=sp-006");

user_pref("browser.newtab.url", "about:newtab");

user_pref("browser.search.defaultenginename", "Google (avast)");

user_pref("browser.search.defaultengine", "Google (avast)");

user_pref("browser.search.selectedEngine", "Google (avast)");


 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [08/29/2015 02:47 AM]

 

==== Firefox Extensions ======================

 

==== Firefox Plugins ======================

 

 

==== Fake Chromium Profiles Check ======================

 

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted

 

==== Chromium Look ======================

 

Google Chrome Version: 44.0.2403.157

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06/22/2015 04:30 PM]

jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[10/12/2012 02:43 PM]

ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.1.204\avg.crx[]

 

Chrome Hotword Shared Module - Paty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="about:newtab"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="about:newtab"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{67A2568C-7A0A-4EED-AECC-B5405DE63B64}"

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown  Url="Not_Found"



 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-3100916501-919166950-1855742865-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully

 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Paty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Paty\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Paty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

 

==== Empty FireFox Cache ======================

 

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Mozilla\Firefox\Profiles\e2hck5ra.default\cache2 emptied successfully

 

==== Empty Chrome Cache ======================

 

C:\Users\Paty\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=41 folders=2 992148 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Administrator\AppData\Local\temp emptied successfully

C:\Users\Default\AppData\Local\temp emptied successfully

C:\Users\Default User\AppData\Local\temp emptied successfully

C:\Users\Guest\AppData\Local\temp emptied successfully

C:\Users\Paty\AppData\Local\Temp will be emptied at reboot

C:\Users\Public\AppData\Local\temp emptied successfully

C:\Users\SYSTEM\AppData\Local\temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================
Link to post
Share on other sites

It's certainly calmed down but I'm still on this desktop that I'm not too sure whether it's still simulated or the real one. Also there are files in odd places like my user is outside of the c:\user folder and then while I was waiting I looked through some files and my avast detected a comodo linked IP address that I was never informed of on August 7. I just don't want it to propagate again. Are there updates I need to get to insure or possibly clear system restore points and old detection and cleaning programs? Is there a boot diversion agent scan that will check if I am on the right desktop etc. thanks a lot I appreciate it

Link to post
Share on other sites

Probably incorrect terminology. I ran a Sysinternals chack so I'll post that for you. I have tons of tracers, I don't think my antivirus or antimalware are working correctly, I keep getting shut out of folders, I can't stop processes and services like UxSms Destop Window Manager Session Manager and COM+ Event System, I've got a problem with my DISM and some type of remote access to it, everytime the cpu reboots a process of reinstalling everything that's been removed begins and it just starts all over. I closed Taskmgr process tree and cleared out the RACTask folders so it couldnt use the same licences or whatever it was using to just do the same thing over and over.

 

 

 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       304 N/A                                         
csrss.exe                      468 N/A                                         
wininit.exe                    540 N/A                                         
csrss.exe                      548 N/A                                         
winlogon.exe                   584 N/A                                         
services.exe                   624 N/A                                         
lsass.exe                      648 EFS, KeyIso, SamSs                          
lsm.exe                        656 N/A                                         
svchost.exe                    768 DcomLaunch, PlugPlay, Power                 
svchost.exe                    864 RpcEptMapper, RpcSs                         
atiesrxx.exe                   900 AMD External Events Utility                 
svchost.exe                    340 AudioSrv, Dhcp, eventlog,                   
                                   HomeGroupProvider, lmhosts, wscsvc          
svchost.exe                    484 AudioEndpointBuilder, Netman, PcaSvc,       
                                   SysMain, TrkWks, UxSms, Wlansvc, wudfsvc    
svchost.exe                    616 Appinfo, EapHost, gpsvc, IKEEXT, iphlpsvc,  
                                   LanmanServer, ProfSvc, Schedule, SENS,      
                                   ShellHWDetection, Themes, Winmgmt, wuauserv 
svchost.exe                   1064 EventSystem, fdPHost, netprofm, nsi,        
                                   WdiServiceHost, WinHttpAutoProxySvc         
atieclxx.exe                  1096 N/A                                         
svchost.exe                   1212 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc                                      
AvastSvc.exe                  1288 avast! Antivirus                            
svchost.exe                   1420 BFE, DPS, MpsSvc                            
dwm.exe                       1556 N/A                                         
explorer.exe                  1584 N/A                                         
taskhost.exe                  1608 N/A                                         
RAVCpl64.exe                  1500 N/A                                         
ePowerTray.exe                1580 N/A                                         
mwlDaemon.exe                 1684 N/A                                         
SynTPEnh.exe                  1592 N/A                                         
flux.exe                      1872 N/A                                         
EgisUpdate.exe                2264 N/A                                         
mDNSResponder.exe             2460 Bonjour Service                             
ePowerSvc.exe                 2516 ePowerSvc                                   
svchost.exe                   2564 FDResPub, FontCache, SSDPSRV                
GregHSRW.exe                  2596 Greg_Service                                
mbae-svc.exe                  2896 MbaeSvc                                     
mbamscheduler.exe             2424 MBAMScheduler                               
mbae64.exe                    2540 N/A                                         
conhost.exe                   2744 N/A                                         
mbamservice.exe               3056 MBAMService                                 
MWLService.exe                2864 MWLService                                  
mbam.exe                      2904 N/A                                         
svchost.exe                   1156 stisvc                                      
SearchIndexer.exe             3912 WSearch                                     
unsecapp.exe                  1440 N/A                                         
svchost.exe                   3988 PolicyAgent                                 
WmiPrvSE.exe                  4032 N/A                                         
SynTPHelper.exe               2240 N/A                                         
LManager.exe                  3492 N/A                                         
ePowerEvent.exe               3768 N/A                                         
AvastUI.exe                   1604 N/A                                         
mbae.exe                      3264 N/A                                         
unsecapp.exe                   552 N/A                                         
MOM.exe                       3528 N/A                                         
WmiPrvSE.exe                  3172 N/A                                         
CCC.exe                       4724 N/A                                         
chrome.exe                    4744 N/A                                         
chrome.exe                    4436 N/A                                         
chrome.exe                    2616 N/A                                         
chrome.exe                    3752 N/A                                         
chrome.exe                    3804 N/A                                         
taskmgr.exe                   2320 N/A                                         
wuauclt.exe                   4924 N/A                                         
spoolsv.exe                   4396 Spooler                                     
chrome.exe                    4656 N/A                                         
chrome.exe                    3196 N/A                                         
chrome.exe                    4748 N/A                                         
cmd.exe                       4312 N/A                                         
conhost.exe                   2672 N/A                                         
tasklist.exe                  4580 N/A                                         
 
 
 
Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
System Idle Process              0 Services                   0         24 K
System                           4 Services                   0      1,124 K
smss.exe                       304 Services                   0         88 K
csrss.exe                      468 Services                   0      1,964 K
wininit.exe                    540 Services                   0        172 K
csrss.exe                      548 Console                    1      5,500 K
winlogon.exe                   584 Console                    1      1,792 K
services.exe                   624 Services                   0      5,844 K
lsass.exe                      648 Services                   0      6,676 K
lsm.exe                        656 Services                   0      1,868 K
svchost.exe                    768 Services                   0      3,948 K
svchost.exe                    864 Services                   0      3,952 K
atiesrxx.exe                   900 Services                   0        172 K
svchost.exe                    340 Services                   0     11,248 K
svchost.exe                    484 Services                   0    100,800 K
svchost.exe                    616 Services                   0     32,768 K
svchost.exe                   1064 Services                   0      6,856 K
atieclxx.exe                  1096 Console                    1        480 K
svchost.exe                   1212 Services                   0      8,920 K
AvastSvc.exe                  1288 Services                   0     41,128 K
svchost.exe                   1420 Services                   0      5,708 K
dwm.exe                       1556 Console                    1     26,264 K
explorer.exe                  1584 Console                    1    143,924 K
taskhost.exe                  1608 Console                    1      4,940 K
RAVCpl64.exe                  1500 Console                    1        828 K
ePowerTray.exe                1580 Console                    1        696 K
mwlDaemon.exe                 1684 Console                    1      1,424 K
SynTPEnh.exe                  1592 Console                    1      3,072 K
flux.exe                      1872 Console                    1      2,668 K
EgisUpdate.exe                2264 Console                    1        736 K
mDNSResponder.exe             2460 Services                   0      2,100 K
ePowerSvc.exe                 2516 Services                   0        256 K
svchost.exe                   2564 Services                   0     48,636 K
GregHSRW.exe                  2596 Services                   0        992 K
mbae-svc.exe                  2896 Services                   0      4,904 K
mbamscheduler.exe             2424 Services                   0        952 K
mbae64.exe                    2540 Services                   0      1,372 K
conhost.exe                   2744 Services                   0        340 K
mbamservice.exe               3056 Services                   0     91,052 K
MWLService.exe                2864 Services                   0        220 K
mbam.exe                      2904 Console                    1      4,632 K
svchost.exe                   1156 Services                   0        196 K
SearchIndexer.exe             3912 Services                   0     13,952 K
unsecapp.exe                  1440 Console                    1      1,756 K
svchost.exe                   3988 Services                   0      1,640 K
WmiPrvSE.exe                  4032 Services                   0      3,408 K
SynTPHelper.exe               2240 Console                    1        368 K
LManager.exe                  3492 Console                    1        964 K
ePowerEvent.exe               3768 Console                    1        344 K
AvastUI.exe                   1604 Console                    1     10,256 K
mbae.exe                      3264 Console                    1      1,924 K
unsecapp.exe                   552 Console                    1      2,232 K
MOM.exe                       3528 Console                    1      1,400 K
WmiPrvSE.exe                  3172 Services                   0      7,008 K
CCC.exe                       4724 Console                    1     11,440 K
chrome.exe                    4744 Console                    1    134,068 K
chrome.exe                    4436 Console                    1    144,904 K
chrome.exe                    2616 Console                    1    118,012 K
chrome.exe                    3752 Console                    1    188,072 K
chrome.exe                    3804 Console                    1    149,516 K
taskmgr.exe                   2320 Console                    1     12,480 K
wuauclt.exe                   4924 Console                    1      6,764 K
spoolsv.exe                   4396 Services                   0     12,440 K
chrome.exe                    4656 Console                    1     97,008 K
chrome.exe                    3196 Console                    1    106,980 K
chrome.exe                    4748 Console                    1     52,124 K
cmd.exe                       4312 Console                    1      3,188 K
conhost.exe                   2672 Console                    1      5,976 K
tasklist.exe                  2648 Console                    1      5,264 K
 
 

WindowsUpdate.log

setupact.log

ntbtlog.txt

PFRO.log

Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
Link to post
Share on other sites

I see nothing serious, but let's perform Check Disk:

2eyjdoj.png Check Disk

  • Press the WindowsKey.png + R on your keyboard at the same time. Type cmd and click OK.
  • Copy/Enter the command below and press Enter:
  • chkdsk C: /r
  • You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
  • All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.
Check Disk report:
  • Press the WindowsKey.png + R on your keyboard at the same time. Type eventvwr and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, check only Wininit and click OK.
  • Now you'll be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.
Link to post
Share on other sites

Boot WdfLoadGroup n/a* Wdf01000 Kernel Mode Driver Frameworks service

Boot Boot Bus Extender 1 ACPI Microsoft ACPI Driver

Boot Boot Bus Extender 2 msisadrv

Boot Boot Bus Extender 3 pci PCI Bus Driver

Boot Boot Bus Extender 6 vdrvroot Microsoft Virtual Drive Enumerator Driver

Boot Boot Bus Extender n/a* partmgr @%SystemRoot%\system32\drivers\partmgr.sys,-100

Boot System Bus Extender 7 Compbatt Microsoft Composite Battery Driver

Boot System Bus Extender 9 volmgr Volume Manager Driver

Boot System Bus Extender 10 volmgrx @%SystemRoot%\system32\drivers\volmgrx.sys,-100

Boot System Bus Extender n/a* mountmgr @%SystemRoot%\system32\drivers\mountmgr.sys,-100

Boot SCSI Miniport 33 atapi IDE Channel

Boot SCSI Miniport 64 msahci

Boot SCSI miniport n/a* amdxata

Boot FSFilter Infrastructure 1 FltMgr @%SystemRoot%\system32\drivers\fltmgr.sys,-10001

Boot FSFilter Bottom n/a* FileInfo @%SystemRoot%\system32\drivers\fileinfo.sys,-100

Boot Filter 1 CLFS @%SystemRoot%\system32\clfs.sys,-100

Boot Base 1 KSecDD

Boot Base 2 CNG

Boot Base n/a* pcw Performance Counters for Windows Driver

Boot File System n/a* Fs_Rec

Boot NDIS Wrapper n/a* NDIS @%SystemRoot%\system32\drivers\ndis.sys,-200

Boot Cryptography 2 KSecPkg

Boot PNP_TDI 3 Tcpip @%SystemRoot%\system32\tcpipcfg.dll,-50003

Boot n/a* n/a* aswRvrt avast! Revert

Boot n/a* n/a* aswVmm avast! VM Monitor

Boot PnP Filter* 6* AtiPcie AMD PCI Express (3GIO) Filter

Boot n/a* n/a* Disk Disk Driver

Boot PnP Filter* 5* fvevol @%SystemRoot%\system32\drivers\fvevol.sys,-100

Boot n/a* n/a* hwpolicy @%systemroot%\system32\drivers\hwpolicy.sys,-101

Boot Network* n/a* Mup @%systemroot%\system32\drivers\mup.sys,-101

Boot PnP Filter* 2* rdyboost ReadyBoost

Boot n/a* n/a* spldr Security Processor Loader Driver

Boot n/a* n/a* volsnap Storage volumes

System SCSI CDROM Class 3 cdrom CD-ROM Driver

System FSFilter Virtualization 2 aswSnx aswSnx

System FSFilter Activity Monitor 2 mwlPSDFilter mwlPSDFilter

System FSFilter Activity Monitor n/a* aswSP aswSP

System Base 1 Null

System Base 2 Beep Beep

System Keyboard Port 8 aswKbd aswKbd

System Video Save 1 VgaSave

System Video Save n/a* RDPCDD @%systemroot%\system32\DRIVERS\RDPCDD.sys,-100

System Video Save n/a* RDPENCDD @%systemroot%\system32\drivers\RDPENCDD.sys,-101

System Video Save n/a* RDPREFMP @%systemroot%\system32\drivers\RdpRefMp.sys,-101

System File system n/a* Msfs

System File system n/a* Npfs

System PNP_TDI 4 tdx @%SystemRoot%\system32\tcpipcfg.dll,-50004

System PNP_TDI n/a* AFD @%systemroot%\system32\drivers\afd.sys,-1000

System PNP_TDI n/a* aswRdr aswRdr

System PNP_TDI n/a* NetBT NetBT

System NDIS 16 WfpLwf WFP Lightweight Filter

System NDIS 18 Psched @%SystemRoot%\System32\drivers\pacer.sys,-101

System NDIS 23 vwififlt Virtual WiFi Filter Driver

System NetBIOSGroup 2 NetBIOS NetBIOS Interface

System n/a* n/a* blbdrive

System Network* n/a* DfsC @%systemroot%\system32\drivers\dfsc.sys,-101

System n/a* n/a* discache @%systemroot%\system32\drivers\discache.sys,-102

System n/a* n/a* ESProtectionDriver Malwarebytes Anti-Exploit

System n/a* n/a* mssmbios Microsoft System Management BIOS Driver

System n/a* n/a* mwlPSDNServ mwlPSDNServ

System n/a* n/a* mwlPSDVDisk mwlPSDVDisk

System n/a* n/a* nsiproxy @%SystemRoot%\system32\drivers\nsiproxy.sys,-2

System Network* 4* rdbss @%systemroot%\system32\wkssvc.dll,-1000

System n/a* n/a* TermDD Terminal Device Driver

System n/a* n/a* Wanarpv6 @%systemroot%\system32\rascfg.dll,-32012

Automatic FSFilter Virtualization n/a* luafv @%systemroot%\system32\drivers\luafv.sys,-100

Automatic FSFilter Anti-Virus n/a* aswMonFlt aswMonFlt

Automatic COM Infrastructure n/a* DcomLaunch @oleres.dll,-5012

Automatic COM Infrastructure n/a* RpcEptMapper @%windir%\system32\RpcEpMap.dll,-1001

Automatic COM Infrastructure n/a* RpcSs @oleres.dll,-5010

Automatic Event log n/a* AMD External Events Utility

Automatic Event Log n/a* eventlog @%SystemRoot%\system32\wevtsvc.dll,-200

Automatic AudioGroup n/a* AudioEndpointBuilder @%SystemRoot%\system32\audiosrv.dll,-204

Automatic AudioGroup n/a* AudioSrv @%SystemRoot%\system32\audiosrv.dll,-200

Automatic ProfSvc_Group n/a* gpsvc @gpapi.dll,-112

Automatic profsvc_group n/a* ProfSvc @%systemroot%\system32\profsvc.dll,-300

Automatic ProfSvc_Group n/a* SENS @%SystemRoot%\system32\Sens.dll,-200

Automatic ProfSvc_Group n/a* Themes @%SystemRoot%\System32\themeservice.dll,-8192

Automatic UIGroup n/a* UxSms @%SystemRoot%\system32\dwm.exe,-2000

Automatic MS_WindowsLocalValidation n/a* SamSs @%SystemRoot%\system32\samsrv.dll,-1

Automatic PlugPlay n/a* PlugPlay @%SystemRoot%\system32\umpnpmgr.dll,-100

Automatic Plugplay n/a* Power @%SystemRoot%\system32\umpo.dll,-100

Automatic PlugPlay n/a* wudfsvc @%SystemRoot%\system32\wudfsvc.dll,-1000

Automatic NDIS 14 rspndr Link-Layer Topology Discovery Responder

Automatic NDIS 15 lltdio Link-Layer Topology Discovery Mapper I/O Driver

Automatic NDIS n/a* aswStm aswStm

Automatic TDI n/a* Dhcp @%SystemRoot%\system32\dhcpcore.dll,-100

Automatic TDI n/a* Dnscache @%SystemRoot%\System32\dnsapi.dll,-101

Automatic TDI n/a* lmhosts @%SystemRoot%\system32\lmhsvc.dll,-101

Automatic TDI n/a* Wlansvc @%SystemRoot%\System32\wlansvc.dll,-257

Automatic ShellSvcGroup n/a* avast! Antivirus Avast Antivirus

Automatic ShellSvcGroup n/a* ShellHWDetection @%SystemRoot%\System32\shsvcs.dll,-12288

Automatic SchedulerGroup n/a* Schedule @%SystemRoot%\system32\schedsvc.dll,-100

Automatic SpoolerGroup n/a* Spooler @%systemroot%\system32\spoolsv.exe,-1

Automatic NetworkProvider n/a* BFE @%SystemRoot%\system32\bfe.dll,-1001

Automatic NetworkProvider n/a* LanmanWorkstation @%systemroot%\system32\wkssvc.dll,-100

Automatic NetworkProvider n/a* MpsSvc @%SystemRoot%\system32\FirewallAPI.dll,-23090

Automatic n/a* n/a* aswHwid avast! HardwareID

Automatic n/a* n/a* Bonjour Service Bonjour Service

Automatic n/a* n/a* CryptSvc @%SystemRoot%\system32\cryptsvc.dll,-1001

Automatic n/a* n/a* DPS @%systemroot%\system32\dps.dll,-500

Automatic n/a* n/a* EFS @%SystemRoot%\system32\efssvc.dll,-100

Automatic n/a* n/a* ePowerSvc Acer ePower Service

Automatic n/a* n/a* EventSystem @comres.dll,-2450

Automatic n/a* n/a* FDResPub @%systemroot%\system32\fdrespub.dll,-100

Automatic n/a* n/a* FontCache @%systemroot%\system32\FntCache.dll,-100

Automatic n/a* n/a* Greg_Service GRegService

Automatic n/a* n/a* IKEEXT @%SystemRoot%\system32\ikeext.dll,-501

Automatic n/a* n/a* iphlpsvc @%SystemRoot%\system32\iphlpsvc.dll,-500

Automatic n/a* n/a* LanmanServer @%systemroot%\system32\srvsvc.dll,-100

Automatic n/a* n/a* MbaeSvc Malwarebytes Anti-Exploit Service

Automatic n/a* n/a* MBAMScheduler

Automatic n/a* n/a* MBAMService

Automatic n/a* n/a* MMCSS @%systemroot%\system32\mmcss.dll,-100

Automatic n/a* n/a* MWLService MyWinLocker Service

Automatic n/a* n/a* NlaSvc @%SystemRoot%\System32\nlasvc.dll,-1

Automatic n/a* n/a* nsi @%SystemRoot%\system32\nsisvc.dll,-200

Automatic n/a* n/a* PcaSvc @%SystemRoot%\system32\pcasvc.dll,-1

Automatic n/a* n/a* PEAUTH PEAUTH

Automatic n/a* n/a* secdrv Security Driver

Automatic n/a* n/a* sppsvc @%SystemRoot%\system32\sppsvc.exe,-101

Automatic n/a* n/a* stisvc @%SystemRoot%\system32\wiaservc.dll,-9

Automatic n/a* n/a* SysMain @%SystemRoot%\system32\sysmain.dll,-1000

Automatic n/a* n/a* tcpipreg TCP/IP Registry Compatibility

Automatic n/a* n/a* TrkWks @%SystemRoot%\system32\trkwks.dll,-1

Automatic n/a* n/a* Winmgmt @%Systemroot%\system32\wbem\wmisvc.dll,-205

Automatic n/a* n/a* wlidsvc Windows Live ID Sign-in Assistant

Automatic n/a* n/a* WMPNetworkSvc @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101

Automatic n/a* n/a* wscsvc @%SystemRoot%\System32\wscsvc.dll,-200

Automatic n/a* n/a* WSearch @%systemroot%\system32\SearchIndexer.exe,-103

Automatic n/a* n/a* wuauserv Windows Update

 

 

 

 

There is something just wrong with this. I have a virtual monitor that boots? and all of my protection is getting shafted.

Link to post
Share on other sites

Log Name:      Application

Source:        Microsoft-Windows-Wininit

Date:          9/3/2015 1:08:07 PM

Event ID:      1001

Task Category: None

Level:         Information

Keywords:      Classic

User:          N/A

Computer:      Victor-PC

Description:

 

 

Checking file system on C:

The type of the file system is NTFS.

Volume label is Acer.

 

 

A disk check has been scheduled.

Windows will now check the disk.                         

 

CHKDSK is verifying files (stage 1 of 3)...

  242944 file records processed.                                         

 

File verification completed.

  510 large file records processed.                                   

 

  0 bad file records processed.                                     

 

  0 EA records processed.                                           

 

  93 reparse records processed.                                      

 

CHKDSK is verifying indexes (stage 2 of 3)...

  302094 index entries processed.                                        

 

Index verification completed.

  0 unindexed files scanned.                                        

 

  0 unindexed files recovered.                                      

 

CHKDSK is verifying security descriptors (stage 3 of 3)...

  242944 file SDs/SIDs processed.                                        

 

Cleaning up 257 unused index entries from index $SII of file 0x9.

Cleaning up 257 unused index entries from index $SDH of file 0x9.

Cleaning up 257 unused security descriptors.

Security descriptor verification completed.

  29576 data files processed.                                           

 

CHKDSK is verifying Usn Journal...

  34744416 USN bytes processed.                                            

 

Usn Journal verification completed.

Windows has checked the file system and found no problems.

 

 143598529 KB total disk space.

  71274776 KB in 118432 files.

     75288 KB in 29577 indexes.

         0 KB in bad sectors.

    348537 KB in use by the system.

     65536 KB occupied by the log file.

  71899928 KB available on disk.

 

      4096 bytes in each allocation unit.

  35899632 total allocation units on disk.

  17974982 allocation units available on disk.

 

Internal Info:

00 b5 03 00 35 42 02 00 d1 33 04 00 00 00 00 00  ....5B...3......

f7 05 00 00 5d 00 00 00 00 00 00 00 00 00 00 00  ....]...........

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

 

Windows has finished checking your disk.

Please wait while your computer restarts.

 

Event Xml:


  <System>

    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />

    <EventID Qualifiers="16384">1001</EventID>

    <Version>0</Version>

    <Level>4</Level>

    <Task>0</Task>

    <Opcode>0</Opcode>

    <Keywords>0x80000000000000</Keywords>

    <TimeCreated SystemTime="2015-09-03T17:08:07.000000000Z" />

    <EventRecordID>100226</EventRecordID>

    <Correlation />

    <Execution ProcessID="0" ThreadID="0" />

    <Channel>Application</Channel>

    <Computer>Victor-PC</Computer>

    <Security />

  </System>

  <EventData>

    <Data>

 

Checking file system on C:

The type of the file system is NTFS.

Volume label is Acer.

 

 

A disk check has been scheduled.

Windows will now check the disk.                         

 

CHKDSK is verifying files (stage 1 of 3)...

  242944 file records processed.                                         

 

File verification completed.

  510 large file records processed.                                   

 

  0 bad file records processed.                                     

 

  0 EA records processed.                                           

 

  93 reparse records processed.                                      

 

CHKDSK is verifying indexes (stage 2 of 3)...

  302094 index entries processed.                                        

 

Index verification completed.

  0 unindexed files scanned.                                        

 

  0 unindexed files recovered.                                      

 

CHKDSK is verifying security descriptors (stage 3 of 3)...

  242944 file SDs/SIDs processed.                                        

 

Cleaning up 257 unused index entries from index $SII of file 0x9.

Cleaning up 257 unused index entries from index $SDH of file 0x9.

Cleaning up 257 unused security descriptors.

Security descriptor verification completed.

  29576 data files processed.                                           

 

CHKDSK is verifying Usn Journal...

  34744416 USN bytes processed.                                            

 

Usn Journal verification completed.

Windows has checked the file system and found no problems.

 

 143598529 KB total disk space.

  71274776 KB in 118432 files.

     75288 KB in 29577 indexes.

         0 KB in bad sectors.

    348537 KB in use by the system.

     65536 KB occupied by the log file.

  71899928 KB available on disk.

 

      4096 bytes in each allocation unit.

  35899632 total allocation units on disk.

  17974982 allocation units available on disk.

 

Internal Info:

00 b5 03 00 35 42 02 00 d1 33 04 00 00 00 00 00  ....5B...3......

f7 05 00 00 5d 00 00 00 00 00 00 00 00 00 00 00  ....]...........

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

 

Windows has finished checking your disk.

Please wait while your computer restarts.

</Data>

  </EventData>

</Event>

Link to post
Share on other sites

It's not bad but still have weird moments where CPU is running at high volumes. Ran that ms15 patch for the net 4.6 since there were reported leaks and what not. Also updated my ccc driver. Every time I turn the CPU off or do a restart my system tells me that background services are still closing. Task host is always the culprit. Svchost is always running super high and my cli imposition file was missing or something when I tried to download MOM.exe. Downloaded new driver for my Radeon HD3200 and may have downloaded amdraid unnecessarily by accident just because it said I needed the chipset. I reconfigured my teredo tunneling and audio drivers. I'm uninstalling Java and flash and reinstalling them due to their constant vulnerabilities. Just seems like I can't win with this thing

Link to post
Share on other sites

Let's make the final check:

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.


FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.