Jump to content

Is it possible for my router to be hacked?


Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by Ty (administrator) on TYLER (25-01-2016 11:17:59)
Running from C:\Users\Ty\Desktop
Loaded Profiles: Ty (Available Profiles: Ty)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11777128 2016-01-25] (Realtek Semiconductor)
HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel® Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1195678286-3951551032-3547097161-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2016-01-21] (SUPERAntiSpyware)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bit

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{339E8CF9-6A81-4421-965F-0A701ACC0152}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8287B3DD-2C89-4D85-A90E-D153B4B8D8A1}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Ty\AppData\Roaming\Mozilla\Firefox\Profiles\0p0sbhix.default
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Extension: Torrent Status - C:\Users\Ty\AppData\Roaming\Mozilla\Firefox\Profiles\0p0sbhix.default\extensions\{b8eb6570-dd49-11df-937b-0800200c9a66}.xpi [2016-01-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
S2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73464 2015-10-28] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-25] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201976 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [57648 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [73464 2015-08-31] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-07-09] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121592 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [134392 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-07-19] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-25 11:17 - 2016-01-25 11:18 - 00008904 _____ C:\Users\Ty\Desktop\FRST.txt
2016-01-25 11:17 - 2016-01-25 11:17 - 00058032 _____ C:\Users\Ty\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-25 11:17 - 2016-01-25 11:17 - 00000000 ____D C:\FRST
2016-01-25 11:15 - 2016-01-25 11:15 - 00000000 ____D C:\SUPERDelete
2016-01-25 11:13 - 2016-01-25 11:13 - 02370560 _____ (Farbar) C:\Users\Ty\Desktop\FRST64.exe
2016-01-25 11:12 - 2016-01-25 11:12 - 00003566 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task a3c5a37b-611d-49de-96d3-736d1d7ff35f
2016-01-25 11:12 - 2016-01-25 11:12 - 00003492 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task d4547df4-94df-4b2b-8198-ca8de5e3f3a9
2016-01-25 11:12 - 2016-01-25 11:12 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2016-01-25 11:12 - 2016-01-25 11:12 - 00000504 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d4547df4-94df-4b2b-8198-ca8de5e3f3a9.job
2016-01-25 11:12 - 2016-01-25 11:12 - 00000504 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a3c5a37b-611d-49de-96d3-736d1d7ff35f.job
2016-01-25 11:12 - 2016-01-25 11:12 - 00000000 ____D C:\Users\Ty\AppData\Roaming\SUPERAntiSpyware.com
2016-01-25 11:12 - 2016-01-25 11:12 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-01-25 11:12 - 2016-01-25 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-01-25 11:12 - 2016-01-25 11:12 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-01-25 11:11 - 2016-01-25 11:11 - 24457880 _____ (SUPERAntiSpyware) C:\Users\Ty\Desktop\SUPERAntiSpywarePro.exe
2016-01-25 11:05 - 2016-01-25 11:10 - 00000000 ____D C:\ProgramData\HitmanPro
2016-01-25 11:05 - 2016-01-25 11:05 - 00000000 ____D C:\Program Files\HitmanPro
2016-01-25 11:04 - 2016-01-25 11:09 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-25 11:03 - 2016-01-25 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-25 11:03 - 2016-01-25 11:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-25 11:03 - 2016-01-25 11:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-25 11:03 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-25 11:03 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-25 11:03 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-25 10:46 - 2016-01-25 11:16 - 13262461 _____ C:\Users\Ty\Downloads\CloudAV0125180033_1564.csv
2016-01-25 10:08 - 2016-01-25 10:08 - 00004990 _____ C:\WirelessDiagLog.csv
2016-01-25 10:00 - 2015-05-22 00:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2016-01-25 03:49 - 2016-01-25 03:50 - 00187452 _____ C:\TDSSKiller.3.1.0.9_25.01.2016_03.49.41_log.txt
2016-01-25 03:47 - 2016-01-25 03:49 - 11323704 _____ (SurfRight B.V.) C:\Users\Ty\Downloads\HitmanPro_x64.exe
2016-01-25 03:46 - 2016-01-25 03:47 - 52988120 _____ (Microsoft Corporation) C:\Users\Ty\Downloads\Windows-KB890830-x64-V5.32.exe
2016-01-25 03:40 - 2016-01-25 03:43 - 55915216 _____ (Microsoft Corporation) C:\Users\Ty\Downloads\IE11-Windows6.1-x64-en-us.exe
2016-01-25 03:32 - 2016-01-25 03:32 - 13163744 _____ (Microsoft Corporation) C:\Users\Ty\Downloads\Silverlight_x64.exe
2016-01-25 03:32 - 2016-01-25 03:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-25 03:32 - 2016-01-25 03:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-25 03:32 - 2016-01-25 03:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-25 02:57 - 2016-01-25 03:19 - 00000956 _____ C:\Windows\SysWOW64\BroomData.bit
2016-01-25 02:57 - 2013-04-08 15:30 - 00022752 _____ C:\Windows\system32\PCloudBroom64.exe
2016-01-25 02:46 - 2016-01-25 02:53 - 01907920 _____ C:\Windows\system32\PHOOKSmf2.TXT
2016-01-25 02:43 - 2016-01-25 02:57 - 02280492 _____ C:\Windows\system32\PHOOKSmf.txt
2016-01-25 02:41 - 2016-01-25 02:55 - 00000000 ____D C:\Windows\system32\DBBK
2016-01-25 02:38 - 2016-01-25 02:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2016-01-25 02:37 - 2016-01-25 02:37 - 35213320 _____ (Panda Security ) C:\Users\Ty\Downloads\PandaCloudCleaner.exe
2016-01-25 02:34 - 2016-01-25 02:34 - 00000000 ____D C:\Users\Ty\Downloads\bt_intel centrino_highspeedadapter_1.0.78.20535_al00
2016-01-25 01:58 - 2016-01-25 01:58 - 00000000 ____D C:\Users\Ty\AppData\Roaming\Intel
2016-01-25 01:57 - 2016-01-25 01:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2016-01-25 01:53 - 2016-01-25 01:55 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-01-25 01:53 - 2016-01-25 01:53 - 00000000 ____D C:\ProgramData\Intel
2016-01-25 01:53 - 2016-01-25 01:53 - 00000000 ____D C:\Program Files\Intel
2016-01-25 01:53 - 2016-01-25 01:53 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-01-25 01:33 - 2016-01-25 01:33 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-01-25 01:33 - 2016-01-25 01:33 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-01-25 01:33 - 2016-01-25 01:33 - 00000000 ____D C:\Program Files\Realtek
2016-01-25 01:33 - 2016-01-25 01:27 - 02841704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 02741736 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2016-01-25 01:33 - 2016-01-25 01:27 - 02578576 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 02358888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 02197264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 01247848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 01146984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2016-01-25 01:33 - 2016-01-25 01:27 - 00638056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 00397912 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX64.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 00332392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 00309848 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBTHX32.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 00084072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 00080984 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2016-01-25 01:33 - 2016-01-25 01:27 - 00032344 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\MBfilt64.sys
2016-01-25 01:33 - 2016-01-25 01:26 - 01943616 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2016-01-25 01:33 - 2016-01-25 01:26 - 00200800 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2016-01-25 01:33 - 2016-01-25 01:26 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2016-01-25 01:33 - 2016-01-25 01:24 - 01284712 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2016-01-25 01:33 - 2016-01-25 01:24 - 00000176 _____ C:\Windows\system32\Drivers\RTHDAEQ0.dat
2016-01-25 01:24 - 2016-01-25 01:24 - 18494783 _____ C:\Users\Ty\Downloads\beta_usb.nec_2.1.28.0_al00.zip
2016-01-25 01:23 - 2016-01-25 01:41 - 156311218 _____ C:\Users\Ty\Downloads\bt_intel centrino_highspeedadapter_1.0.78.20535_al00.zip
2016-01-25 01:22 - 2016-01-25 02:38 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-01-25 01:22 - 2016-01-25 01:22 - 00000000 ____D C:\Users\Ty\AppData\Roaming\Panda Security
2016-01-25 01:22 - 2016-01-25 01:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Internet Security 2016
2016-01-25 01:18 - 2016-01-25 01:18 - 01729032 _____ C:\Users\Ty\Downloads\PANDAIS16.exe
2016-01-25 01:14 - 2016-01-25 01:22 - 00000000 ____D C:\ProgramData\Panda Security
2016-01-25 01:14 - 2016-01-25 01:20 - 00000000 ____D C:\Users\Ty\AppData\Local\Mozilla
2016-01-25 01:14 - 2016-01-25 01:14 - 00000000 ____D C:\Users\Ty\AppData\Roaming\Mozilla
2016-01-25 01:13 - 2016-01-25 01:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-25 01:08 - 2016-01-25 01:08 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-25 01:07 - 2016-01-25 01:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-25 01:07 - 2016-01-25 01:33 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-01-25 01:07 - 2016-01-25 01:07 - 00000000 ____D C:\Windows\SysWOW64\sda
2016-01-25 01:07 - 2016-01-24 22:31 - 09888360 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUVStoricon.dll
2016-01-25 01:07 - 2016-01-24 22:31 - 00307304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\rtsuvstor.sys
2016-01-25 01:07 - 2016-01-24 22:31 - 00017512 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\diskperf64.sys
2016-01-25 01:06 - 2016-01-25 01:06 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-25 01:05 - 2016-01-25 01:06 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-01-25 01:05 - 2016-01-24 22:31 - 00008192 _____ C:\Windows\system32\Drivers\IntelMEFWVer.dll
2016-01-25 01:05 - 2011-04-08 08:01 - 20491880 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-01-25 01:05 - 2011-04-08 08:01 - 18580072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2016-01-25 01:05 - 2011-04-08 08:01 - 15063656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-01-25 01:05 - 2011-04-08 08:01 - 13048168 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-01-25 01:05 - 2011-04-08 08:01 - 13011560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2016-01-25 01:05 - 2011-04-08 08:01 - 12871272 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-01-25 01:05 - 2011-04-08 08:01 - 10085480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-01-25 01:05 - 2011-04-08 08:01 - 08131176 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-01-25 01:05 - 2011-04-08 08:01 - 06607976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-01-25 01:05 - 2011-04-08 08:01 - 06048872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-01-25 01:05 - 2011-04-08 08:01 - 04943976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-01-25 01:05 - 2011-04-08 08:01 - 03113576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-01-25 01:05 - 2011-04-08 08:01 - 02897512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-01-25 01:05 - 2011-04-08 08:01 - 02482792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2016-01-25 01:05 - 2011-04-08 08:01 - 02253416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2016-01-25 01:05 - 2011-04-08 08:01 - 02221672 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-01-25 01:05 - 2011-04-08 08:01 - 01986152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-01-25 01:05 - 2011-04-08 08:01 - 01615976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6420100.dll
2016-01-25 01:05 - 2011-04-08 08:01 - 01359976 _____ (NVIDIA Corporation) C:\Windows\system32\nvgenco642040.dll
2016-01-25 01:05 - 2011-04-08 08:01 - 00067176 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-01-25 01:05 - 2011-04-08 08:01 - 00057960 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-01-25 01:05 - 2011-04-08 08:01 - 00011240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvBridge.kmd
2016-01-25 01:05 - 2011-04-08 08:01 - 00007621 _____ C:\Windows\system32\nvinfo.pb
2016-01-25 01:05 - 2011-03-03 21:29 - 01359976 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco642040.dll
2016-01-25 01:05 - 2011-03-03 21:29 - 00174184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-01-25 01:05 - 2011-03-03 21:29 - 00029288 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-01-25 01:03 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-01-25 01:03 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-01-25 01:03 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-01-25 01:03 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-01-25 01:03 - 2014-05-14 08:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-01-25 01:03 - 2014-05-14 08:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-01-25 01:03 - 2014-05-14 08:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-01-25 01:03 - 2014-05-14 08:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-01-25 01:03 - 2014-05-14 08:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-01-25 01:03 - 2014-05-14 08:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-01-25 01:03 - 2014-05-14 08:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-01-25 01:03 - 2014-05-14 08:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-01-25 01:03 - 2014-05-14 08:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-01-25 01:03 - 2014-05-14 08:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-01-25 01:02 - 2016-01-25 01:02 - 00000000 ____D C:\NVIDIA
2016-01-25 00:59 - 2016-01-25 01:23 - 00000000 ____D C:\Program Files (x86)\Intel
2016-01-25 00:59 - 2016-01-25 00:59 - 00000000 ____D C:\Intel
2016-01-25 00:59 - 2016-01-24 22:57 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2016-01-25 00:58 - 2016-01-25 00:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-01-25 00:51 - 2016-01-25 02:46 - 00001371 _____ C:\Users\Ty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-25 00:51 - 2016-01-25 02:46 - 00001337 _____ C:\Users\Ty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-01-25 00:51 - 2016-01-25 01:58 - 00000000 ____D C:\Users\Ty
2016-01-25 00:51 - 2016-01-25 00:51 - 00000020 ___SH C:\Users\Ty\ntuser.ini
2016-01-25 00:51 - 2016-01-25 00:51 - 00000000 _SHDL C:\Users\Ty\My Documents
2016-01-25 00:51 - 2016-01-25 00:51 - 00000000 _SHDL C:\Users\Ty\Documents\My Videos
2016-01-25 00:51 - 2016-01-25 00:51 - 00000000 _SHDL C:\Users\Ty\Documents\My Pictures
2016-01-25 00:51 - 2016-01-25 00:51 - 00000000 _SHDL C:\Users\Ty\Documents\My Music
2016-01-25 00:51 - 2011-04-12 00:28 - 00000000 ____D C:\Users\Ty\AppData\Roaming\Media Center Programs
2016-01-25 00:44 - 2016-01-25 00:44 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-01-25 00:44 - 2016-01-25 00:44 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-01-25 00:40 - 2016-01-25 00:51 - 00000000 ____D C:\Windows\Panther
2016-01-25 00:40 - 2016-01-25 00:40 - 00008192 __RSH C:\BOOTSECT.BAK
2016-01-25 00:40 - 2010-11-20 19:23 - 00383786 __RSH C:\bootmgr
2016-01-25 00:34 - 2016-01-24 22:22 - 00344680 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2016-01-25 00:34 - 2016-01-24 22:22 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2016-01-25 00:34 - 2016-01-24 22:22 - 00074272 _____ C:\Windows\system32\RtNicProp64.dll
2016-01-24 22:56 - 2016-01-24 22:31 - 00056344 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-25 11:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2016-01-25 10:04 - 2009-07-13 21:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-25 10:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-01-25 10:00 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-25 04:29 - 2009-07-13 20:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-25 04:29 - 2009-07-13 20:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-25 03:00 - 2009-07-13 20:45 - 00313584 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-25 02:46 - 2009-07-13 20:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-25 01:35 - 2009-07-13 21:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-25 01:35 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-01-25 01:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2016-01-25 01:04 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-01-25 00:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-01-25 00:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-01-25 00:40 - 2009-07-13 21:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-25 00:41

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by Ty (2016-01-25 11:18:22)
Running from C:\Users\Ty\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-01-25 08:51:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1195678286-3951551032-3547097161-500 - Administrator - Disabled)
Guest (S-1-5-21-1195678286-3951551032-3547097161-501 - Limited - Enabled)
Ty (S-1-5-21-1195678286-3951551032-3547097161-1000 - Administrator - Enabled) => C:\Users\Ty

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Internet Security 2016 (Disabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AS: Panda Internet Security 2016 (Disabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Enabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}) (Version: 14.0.2000 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
NVIDIA Graphics Driver 268.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.12 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.5 - Panda Security)
Panda Devices Agent (x32 Version: 1.03.05 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Panda Internet Security 2016 (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.00.02.0000 - Panda Security)
Panda Internet Security 2016 (Version: 8.04.00.0000 - Panda Security) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6309 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BECC6DE6-D396-4844-B12F-DE603A701A6C} - System32\Tasks\SUPERAntiSpyware Scheduled Task a3c5a37b-611d-49de-96d3-736d1d7ff35f => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {C6915309-6D33-49C3-9403-32D63D0270DE} - System32\Tasks\SUPERAntiSpyware Scheduled Task d4547df4-94df-4b2b-8198-ca8de5e3f3a9 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a3c5a37b-611d-49de-96d3-736d1d7ff35f.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d4547df4-94df-4b2b-8198-ca8de5e3f3a9.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1195678286-3951551032-3547097161-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ty\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D6E04D33-77B1-4344-95CC-EBAA81AFA84E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{798D1F4C-1010-4020-8F2D-FFB060550620}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2FED4B9A-53EB-4649-B9F4-1E00F55E257A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

==================== Restore Points =========================

25-01-2016 01:03:20 Windows Update
25-01-2016 01:07:04 Installed Realtek USB 2.0 Reader Driver
25-01-2016 01:17:53 Windows Backup
25-01-2016 01:21:58 Windows Modules Installer
25-01-2016 01:53:05 Installed Intel® PROSet/Wireless WiFi Software.
25-01-2016 11:08:27 Checkpoint by HitmanPro
25-01-2016 11:10:31 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices =============

Name: Intel® Centrino® Wireless-N 130
Description: Intel® Centrino® Wireless-N 130
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2016 11:16:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AgentSvc.exe, version: 1.3.5.0, time stamp: 0x55b08247
Faulting module name: AgentSvc.exe, version: 1.3.5.0, time stamp: 0x55b08247
Exception code: 0xc0000005
Fault offset: 0x00008ac6
Faulting process id: 0x9a4
Faulting application start time: 0xAgentSvc.exe0
Faulting application path: AgentSvc.exe1
Faulting module path: AgentSvc.exe2
Report Id: AgentSvc.exe3

Error: (01/25/2016 11:11:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AgentSvc.exe, version: 1.3.5.0, time stamp: 0x55b08247
Faulting module name: AgentSvc.exe, version: 1.3.5.0, time stamp: 0x55b08247
Exception code: 0xc0000005
Fault offset: 0x00008ac6
Faulting process id: 0x1058
Faulting application start time: 0xAgentSvc.exe0
Faulting application path: AgentSvc.exe1
Faulting module path: AgentSvc.exe2
Report Id: AgentSvc.exe3

Error: (01/25/2016 11:06:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AgentSvc.exe, version: 1.3.5.0, time stamp: 0x55b08247
Faulting module name: AgentSvc.exe, version: 1.3.5.0, time stamp: 0x55b08247
Exception code: 0xc0000005
Fault offset: 0x00008ac6
Faulting process id: 0x13a0
Faulting application start time: 0xAgentSvc.exe0
Faulting application path: AgentSvc.exe1
Faulting module path: AgentSvc.exe2
Report Id: AgentSvc.exe3

Error: (01/25/2016 11:01:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AgentSvc.exe, version: 1.3.5.0, time stamp: 0x55b08247
Faulting module name: AgentSvc.exe, version: 1.3.5.0, time stamp: 0x55b08247
Exception code: 0xc0000005
Fault offset: 0x00008ac6
Faulting process id: 0x130c
Faulting application start time: 0xAgentSvc.exe0
Faulting application path: AgentSvc.exe1
Faulting module path: AgentSvc.exe2
Report Id: AgentSvc.exe3

Error: (01/25/2016 10:56:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AgentSvc.exe, version: 1.3.5.0, time stamp: 0x55b08247
Faulting module name: AgentSvc.exe, version: 1.3.5.0, time stamp: 0x55b08247
Exception code: 0xc0000005
Fault offset: 0x00008ac6
Faulting process id: 0xe90
Faulting application start time: 0xAgentSvc.exe0
Faulting application path: AgentSvc.exe1
Faulting module path: AgentSvc.exe2
Report Id: AgentSvc.exe3

Error: (01/25/2016 10:51:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AgentSvc.exe, version: 1.3.5.0, time stamp: 0x55b08247
Faulting module name: AgentSvc.exe, version: 1.3.5.0, time stamp: 0x55b08247
Exception code: 0xc0000005
Fault offset: 0x00008ac6
Faulting process id: 0x1378
Faulting application start time: 0xAgentSvc.exe0
Faulting application path: AgentSvc.exe1
Faulting module path: AgentSvc.exe2
Report Id: AgentSvc.exe3

Error: (01/25/2016 10:45:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AgentSvc.exe, version: 1.3.5.0, time stamp: 0x55b08247
Faulting module name: AgentSvc.exe, version: 1.3.5.0, time stamp: 0x55b08247
Exception code: 0xc0000005
Fault offset: 0x00008ac6
Faulting process id: 0xf14
Faulting application start time: 0xAgentSvc.exe0
Faulting application path: AgentSvc.exe1
Faulting module path: AgentSvc.exe2
Report Id: AgentSvc.exe3

Error: (01/25/2016 10:40:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AgentSvc.exe, version: 1.3.5.0, time stamp: 0x55b08247
Faulting module name: AgentSvc.exe, version: 1.3.5.0, time stamp: 0x55b08247
Exception code: 0xc0000005
Fault offset: 0x00008ac6
Faulting process id: 0x9ac
Faulting application start time: 0xAgentSvc.exe0
Faulting application path: AgentSvc.exe1
Faulting module path: AgentSvc.exe2
Report Id: AgentSvc.exe3

Error: (01/25/2016 10:35:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AgentSvc.exe, version: 1.3.5.0, time stamp: 0x55b08247
Faulting module name: AgentSvc.exe, version: 1.3.5.0, time stamp: 0x55b08247
Exception code: 0xc0000005
Fault offset: 0x00008ac6
Faulting process id: 0x97c
Faulting application start time: 0xAgentSvc.exe0
Faulting application path: AgentSvc.exe1
Faulting module path: AgentSvc.exe2
Report Id: AgentSvc.exe3

Error: (01/25/2016 10:30:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AgentSvc.exe, version: 1.3.5.0, time stamp: 0x55b08247
Faulting module name: AgentSvc.exe, version: 1.3.5.0, time stamp: 0x55b08247
Exception code: 0xc0000005
Fault offset: 0x00008ac6
Faulting process id: 0x674
Faulting application start time: 0xAgentSvc.exe0
Faulting application path: AgentSvc.exe1
Faulting module path: AgentSvc.exe2
Report Id: AgentSvc.exe3


System errors:
=============
Error: (01/25/2016 11:16:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Devices Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (01/25/2016 11:11:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Devices Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (01/25/2016 11:06:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Devices Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (01/25/2016 11:01:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Devices Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (01/25/2016 10:56:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Devices Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (01/25/2016 10:51:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Devices Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (01/25/2016 10:45:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Devices Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (01/25/2016 10:40:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Devices Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (01/25/2016 10:35:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Devices Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (01/25/2016 10:30:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Devices Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel® Core i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 28%
Total physical RAM: 12265.3 MB
Available physical RAM: 8806.36 MB
Total Virtual: 24528.81 MB
Available Virtual: 20534.15 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:150 GB) (Free:124.3 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (New Volume) (Fixed) (Total:781.52 GB) (Free:770.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 68849C3C)
Partition 1: (Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=781.5 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...
 

Next,

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!

 

Post those logs, also tell me why you believe your router is Hacked.

 

Thank you,

 

Kevin...

Link to post
Share on other sites

thank you for the reply. i just have a feeling that everything connected to my network is having trouble loading certain pages like for instance it was prewventing my from replying to this post until i rebooted my computer. Like it just seems smarter than the avg virus. either that or im paranoid and crazy but i appreciate your help and incite either way kevin. just so you know this is my second clean install in 24 hours.

 

RogueKiller V11.0.9.0 [Jan 24 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ty [Administrator]
Started from : C:\Users\Ty\Desktop\RogueKiller.exe
Mode : Scan -- Date : 01/25/2016 13:36:53

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: RAID0 +++++
--- User ---
[MBR] 2e9921f3f70a83139508dbf76b615d43
[bSP] 33aa39259badc9065a31a482fbb9482f : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 153600 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 314574848 | Size: 800273 MB
User = LL1 ... OK
Error reading LL2 MBR! ([57] The parameter is incorrect. )

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/25/2016
Scan Time: 1:14 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.25.04
Rootkit Database: v2016.01.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ty

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 317476
Time Elapsed: 7 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Link to post
Share on other sites

also i recreated my hw raid volume and went into the cmd prompt in the RE and used dskprt to partition off a 150gb system partition and have the rest for data backup. im not sure if you can tell if i did that incorrectly or not from these scans but some schooling on that may be needed as well. Thank you

Link to post
Share on other sites

FRST logs are not showing any obvious malware or infection. Same goes for Malwarebytes and RogueKiller... Your partitions look ok from FRST information:

 

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 68849C3C) <---- That is your HD
Partition 1: (Active) - (Size=150 GB) - (Type=07 NTFS)                                  <-----That is your active partition the computer will use the loader (an operating system tool) on that partition to start the operating system.
Partition 2: (Not Active) - (Size=781.5 GB) - (Type=OF Extended)                  <-----That is your data partition, all looks good to me...

 

One more scan:

 

grayhitmanpro_16px.png Scan with HitmanPro

In any case don't remove on your own anything that Hitman Pro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead od curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!

Please download HitmanPro by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on grayhitmanpro_16px.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button. You must agree with the terms of EULA (if asked).
  • Check the box beside No, I only want to perform a one-time scan to check this computer.
  • Click on the Next button.
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore.
  • If there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro!
    Navigate to C:\ProgramData\HitmanPro\Logs, open the report and include it it your next reply.
  • Click on the Next button.
  • Click on the Save Log button.
  • Save that file to your desktop.



Please include that logfile in your next reply.

Don't forget to re-enable and update your security!

 

Thank you,

 

Kevin....
 

Link to post
Share on other sites

So for whatever reason I misread your instructions and applied the Hitman Pro scan. First off let me mention I ended up having to hold down the left Ctrl key to get it to run and it popped up 6 results most of them being adware and one of them saying that the first 6 4 scan program was suspicious. So anyway I ended up restarting the computer and along with that reset my computer did a whole ton of Windows updates. And gave me the login screen to enter in my password so I answered my password and now its just a blank windows 7 home premium screen. I'm posting this from my cell phone. Any ideas on how I can get into my computer without having to force shutdown because I feel if I do that its just going to say that all the windows updates error out

Link to post
Share on other sites

Just curious what is this entry:

HKU\S-1-5-21-1195678286-3951551032-3547097161-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ty\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enable

Link to post
Share on other sites

no i just removed the cookies and left FRST64 unfortunately i dont have that first log but here is the second. thank you for all the help and thanks for dealing with my paranoia

 

 

HitmanPro 3.7.12.253www.hitmanpro.com   Computer name . . . . : TYLER   Windows . . . . . . . : 6.1.1.7601.X64/8   User name . . . . . . : Tyler\Ty   UAC . . . . . . . . . : Enabled   License . . . . . . . : Free   Scan date . . . . . . : 2016-01-25 16:47:44   Scan mode . . . . . . : Normal   Scan duration . . . . : 2m 29s   Disk access mode  . . : Direct disk access (SRB)   Cloud . . . . . . . . : Internet   Reboot  . . . . . . . : No   Threats . . . . . . . : 0   Traces  . . . . . . . : 1   Objects scanned . . . : 1,346,986   Files scanned . . . . : 12,276   Remnants scanned  . . : 195,702 files / 1,139,008 keysSuspicious files ____________________________________________________________   C:\Users\Ty\Desktop\FRST64.exe      Size . . . . . . . : 2,370,560 bytes      Age  . . . . . . . : 0.2 days (2016-01-25 11:13:47)      Entropy  . . . . . : 7.6      SHA-256  . . . . . : BCA4442A3F8C74B14F91B65738DA6A278FA83594E1D49A7BFFA16C906FAB58B5      Needs elevation  . : Yes      Fuzzy  . . . . . . : 24.0         Program has no publisher information but prompts the user for permission elevation.         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.         Authors name is missing in version info. This is not common to most programs.         Version control is missing. This file is probably created by an individual. This is not typical for most programs.         Time indicates that the file appeared recently on this computer.
 
Link to post
Share on other sites

Yes i`m in the uk, can be difficult with the time differences.... OK to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:



  •    
  • Remove disinfection tools



Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin...  busy.gif
 

Link to post
Share on other sites

  • 2 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.