Jump to content

Daymane

Honorary Members
  • Posts

    48
  • Joined

  • Last visited

Reputation

0 Neutral
  1. So what happened? Did someone hack google, or is it a mistake? That was an old file from a week or two ago when I installed google chrome. Not sure how it could be an issue now.
  2. My Trial version of Malwarebytes deteched a trojan.dropper in a google setup file in my downloads. today. Thing is I didn't download anything and was just using google chrome. Is this what your talking about deoroller?
  3. I have no idea how to attach the screen shots I took but other than reading google.com/webhp?hl=en instead of google.com/?gws_rd=ssl and search results coming up as google.com/webhp?hl=en#hl=en&q=ninjas instead of google.com/?gws_rd=ssl#q=ninjas theres no difference in the appearence
  4. It does read that on the Google home page, so maybe your right. I'm just concerned. I get so much conflicting info from sites. Bleeping computer says that svch thing is a back door. Major geeks said the webhp thing was a virus and so on.
  5. Also I found 10 copies of svchost.exe running in the processes on task manager. These were here after I reinstalled the OS and present before connecting to the internet. I looked on this forum and found another user who reported it as a data mine with a bizarrely named file that I saw in my system some time before and couldn't open saying it was denied. They also reported their programs not finding anything either.
  6. I reset Internet explorer. Firefox had a "refresh" button in the corner instead of reset. I hit that but it still imported all the data from before. I dont have Google Chrome installed. I tried to but it was taking a while to install so I got suspiciouse and stopped. I still get sent to the google.com/webhp by clicking the shortcut to the google main page from a search result, when searching on ANY of the three browsers.
  7. Heres systemlook SystemLook 30.07.11 by jpshortstuff Log created at 06:13 on 07/03/2015 by Devon Administrator - Elevation successful ========== regfind ========== Searching for "webhp" No data found. -= EOF =- Heres combofix ComboFix 15-03-01.01 - Devon 03/07/2015 6:21.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.5930 [GMT -8:00] Running from: c:\users\Devon\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2015-02-07 to 2015-03-07 ))))))))))))))))))))))))))))))) . . 2015-03-07 14:25 . 2015-03-07 14:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-03-07 14:15 . 2015-03-07 14:15 -------- d-----w- c:\program files (x86)\Microsoft.NET 2015-03-07 14:05 . 2015-03-07 14:05 -------- d-s---w- c:\windows\system32\CompatTel 2015-03-07 14:05 . 2015-03-07 14:05 -------- d-----w- c:\windows\system32\appraiser 2015-03-07 14:04 . 2015-03-07 14:04 -------- d-----w- c:\windows\SysWow64\Wat 2015-03-07 14:04 . 2015-03-07 14:04 -------- d-----w- c:\windows\system32\Wat 2015-03-06 23:09 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2015-03-06 23:09 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe 2015-03-06 23:09 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL 2015-03-06 23:09 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL 2015-03-06 23:09 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll 2015-03-06 22:57 . 2013-10-15 02:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE 2015-03-06 22:50 . 2015-03-06 22:50 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2015-03-06 22:30 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2015-03-06 22:12 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll 2015-03-06 22:12 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll 2015-03-06 22:12 . 2014-07-07 02:06 206848 ----a-w- c:\windows\system32\mfps.dll 2015-03-06 22:12 . 2014-07-07 02:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe 2015-03-06 22:12 . 2014-07-07 02:06 24576 ----a-w- c:\windows\system32\mfpmp.exe 2015-03-06 22:12 . 2014-07-07 02:02 2048 ----a-w- c:\windows\system32\mferror.dll 2015-03-06 22:12 . 2014-07-07 01:40 103424 ----a-w- c:\windows\SysWow64\mfps.dll 2015-03-06 22:12 . 2014-07-07 01:39 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe 2015-03-06 22:12 . 2014-07-07 01:39 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe 2015-03-06 22:12 . 2014-07-07 01:37 2048 ----a-w- c:\windows\SysWow64\mferror.dll 2015-03-06 22:11 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2015-03-06 22:11 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2015-03-06 22:11 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2015-03-06 22:11 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2015-03-06 22:11 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2015-03-06 22:11 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2015-03-06 22:11 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2015-03-06 22:05 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2015-03-06 22:05 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2015-03-06 22:05 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2015-03-06 22:01 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll 2015-03-06 22:01 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll 2015-03-06 22:01 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll 2015-03-06 22:01 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll 2015-03-06 22:01 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe 2015-03-06 22:01 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe 2015-03-06 22:01 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe 2015-03-06 22:01 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe 2015-03-06 21:24 . 2015-03-07 14:24 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7FD5CFBA-EBEA-404E-90BE-6E3C4E45C947}\offreg.dll 2015-03-06 19:07 . 2015-02-16 12:21 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7FD5CFBA-EBEA-404E-90BE-6E3C4E45C947}\mpengine.dll 2015-03-06 16:31 . 2015-03-06 16:33 -------- d-----w- C:\FRST 2015-03-06 15:54 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll 2015-03-06 15:53 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll 2015-03-06 15:52 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2015-03-06 15:51 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll 2015-03-06 15:50 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL 2015-03-06 15:50 . 2014-08-12 01:36 701440 ----a-w- c:\windows\SysWow64\IMJP10K.DLL 2015-03-06 15:50 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2015-03-06 15:50 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2015-03-06 15:50 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll 2015-03-06 15:45 . 2014-10-04 02:10 3722752 ----a-w- c:\windows\system32\mstscax.dll 2015-03-06 15:44 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll 2015-03-06 15:42 . 2015-03-06 15:42 -------- d-----w- c:\program files (x86)\Google 2015-03-06 15:31 . 2015-03-06 15:49 -------- d-----w- C:\AdwCleaner 2015-03-05 23:04 . 2014-05-14 17:23 198600 ----a-w- c:\windows\system32\wuwebv.dll 2015-03-05 23:04 . 2014-05-14 17:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll 2015-03-05 23:04 . 2014-05-14 17:20 36864 ----a-w- c:\windows\system32\wuapp.exe 2015-03-05 23:04 . 2014-05-14 17:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe 2015-03-05 23:02 . 2011-05-16 14:55 74272 ----a-w- c:\windows\system32\RtNicProp64.dll 2015-03-05 23:02 . 2011-05-16 14:55 533096 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2015-03-05 23:02 . 2011-05-16 14:55 107552 ----a-w- c:\windows\system32\RTNUninst64.dll 2015-03-05 23:00 . 2015-03-05 23:00 -------- d-----w- c:\program files (x86)\ASM104xUSB3 2015-03-05 22:59 . 2010-12-21 02:08 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll 2015-03-05 22:59 . 2010-10-20 00:34 56344 ----a-w- c:\windows\system32\drivers\HECIx64.sys 2015-03-05 22:54 . 2011-05-11 01:46 557848 ----a-w- c:\windows\system32\drivers\iaStor.sys 2015-03-05 22:51 . 2015-03-05 22:59 -------- d-----w- c:\program files (x86)\Intel 2015-03-05 22:51 . 2011-04-15 08:00 53248 ----a-r- c:\windows\SysWow64\CSVer.dll 2015-03-05 22:51 . 2015-03-05 22:51 -------- d-----w- C:\Intel 2015-03-05 22:48 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2015-03-05 22:48 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2015-03-05 22:48 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2015-03-05 22:48 . 2015-03-05 22:48 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies 2015-03-05 22:47 . 2015-03-05 22:47 -------- d-----w- c:\program files\Common Files\ATI Technologies 2015-03-05 22:47 . 2010-08-16 10:42 116240 ----a-w- c:\windows\system32\drivers\AtihdW76.sys 2015-03-05 22:47 . 2010-09-29 01:23 58880 ----a-w- c:\windows\system32\coinst.dll 2015-03-05 22:47 . 2010-09-29 01:51 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll 2015-03-05 22:47 . 2015-03-05 22:48 -------- d-----w- c:\program files (x86)\ATI Technologies 2015-03-05 22:47 . 2015-03-07 14:19 -------- d-sh--w- c:\windows\Installer 2015-03-05 22:46 . 2015-03-05 22:48 -------- d-----w- c:\program files\ATI Technologies 2015-03-05 22:46 . 2015-03-05 22:46 -------- d-----w- c:\program files\ATI 2015-03-05 22:43 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll 2015-03-05 22:43 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe 2015-03-05 22:43 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll 2015-03-05 22:43 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll 2015-03-05 22:43 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll 2015-03-05 22:43 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll 2015-03-05 22:43 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll 2015-03-05 22:43 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll 2015-03-05 22:43 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll 2015-03-05 22:43 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll 2015-03-05 22:42 . 2015-03-05 22:43 -------- d-----w- c:\users\Devon 2015-03-05 22:42 . 2015-03-05 22:42 -------- d-----w- C:\Recovery 2015-03-05 22:36 . 2015-03-05 22:42 -------- d-----w- c:\windows\Panther 2015-03-05 20:19 . 2015-03-07 14:20 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-03-05 20:18 . 2014-11-21 14:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-03-05 20:18 . 2014-11-21 14:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-03-05 20:18 . 2014-11-21 14:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-03-05 20:18 . 2015-03-05 20:18 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2015-03-05 20:18 . 2015-03-05 20:18 -------- d-----w- c:\programdata\Malwarebytes 2015-03-05 20:17 . 2015-03-05 20:17 -------- d-----w- c:\program files (x86)\ERUNT 2015-03-05 20:09 . 2015-03-05 20:09 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation 2015-03-05 20:08 . 2015-03-06 15:36 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2015-03-05 20:07 . 2015-03-05 20:07 -------- d-----w- c:\programdata\ATI 2015-03-05 20:07 . 2015-03-05 20:07 0 ----a-w- c:\windows\ativpsrm.bin . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-02-24 11:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-01 98304] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-19 284440] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY . Contents of the 'Scheduled Tasks' folder . 2015-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-06 15:42] . 2015-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-06 15:42] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 FF - ProfilePath - c:\users\Devon\AppData\Roaming\Mozilla\Firefox\Profiles\mad34t59.default\ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2015-03-07 06:26:18 ComboFix-quarantined-files.txt 2015-03-07 14:26 . Pre-Run: 1,965,821,251,584 bytes free Post-Run: 1,965,693,702,144 bytes free . - - End Of File - - 51DC5B24D59E786032E469E7217BDACC
  8. Also I was looking through my processes in Task Manager, and found too copies of Taskhost.exe running. I'm not sure if thats normal. pretty sure i read that if you see two of something like that that it means someones hacked into your computer and using it for stuff. I also found a file called "taskhost" which bleepingpc said was an unwanted program. Just thought I should say those findings. Not actually running anything until you tell me to.
  9. I just reinstalled my OS and theres no other programs except for mozilla and malwarebytes when we started just so you know. Heres the JRT file. it didn't show up as .txt though ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.3 (03.01.2015:1) OS: Windows 7 Home Premium x64 Ran by Devon on Fri 03/06/2015 at 7:27:42.29 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 03/06/2015 at 7:29:13.64 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Adware log # AdwCleaner v4.111 - Logfile created 06/03/2015 at 07:35:16 # Updated 18/02/2015 by Xplode # Database : 2015-03-05.1 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : Devon - DEVON-PC # Running from : C:\Users\Devon\Desktop\AdwCleaner.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** -\\ Internet Explorer v8.0.7601.17514 -\\ Mozilla Firefox v36.0.1 (x86 en-US) ************************* AdwCleaner[R0].txt - [750 bytes] - [06/03/2015 07:33:09] AdwCleaner[s0].txt - [678 bytes] - [06/03/2015 07:35:16] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [736 bytes] ########## Malwarebytes Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 3/6/2015 Scan Time: 7:51:51 AM Logfile: Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.03.06.04 Rootkit Database: v2015.02.25.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Devon Scan Type: Threat Scan Result: Completed Objects Scanned: 323883 Time Elapsed: 5 min, 40 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Farbar FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01 Ran by Devon (administrator) on DEVON-PC on 06-03-2015 08:33:29 Running from C:\Users\Devon\Downloads Loaded Profiles: Devon (Available profiles: Devon) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-19] (Intel Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2465917416-3373592232-3200961110-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Users\Devon\AppData\Roaming\Mozilla\Firefox\Profiles\mad34t59.default FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Extension: Adblock Plus - C:\Users\Devon\AppData\Roaming\Mozilla\Firefox\Profiles\mad34t59.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys ==> MD5 is legit C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atikmdag.sys BBAB5B28253FE0FC7255D8775BA05C1D C:\Windows\System32\DRIVERS\atikmpag.sys CBA35FF4092B91E105D93ED11A0250B6 C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asmthub3.sys 0AA7A996792FB0287B33A57A8093AE44 C:\Windows\System32\DRIVERS\asmtxhci.sys 125DC3ABF5BFCCFE82AD17D078E0B9EC C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\drivers\AtihdW76.sys FDA1E117A7E880BFF5540D180C06EA87 C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys 91CE0D3DC57DD377E690A2D324022B08 C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iaStor.sys D1E30259353E7D8D1B713A76CDDEB88B C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\RTKVHD64.sys EB5FA493A4B6EA290200AE39EBA2FBC6 C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\mbamchameleon.sys 478CC94C937D235CB0A96AB8F2359D81 C:\Windows\system32\drivers\mbam.sys CA43F8904E24BBE49982E4C0B29E6579 C:\Windows\system32\drivers\MBAMSwissArmy.sys 26C43960C99EE861A5D0EDC4DCF3B1C3 C:\Windows\system32\drivers\mwac.sys A646C2DDB8C46E9B20A326FAF566646C C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567 C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys FAF015B07E3A2874A790A39B7D2C579F C:\Windows\System32\DRIVERS\mrxsmb10.sys 08E2345DF129082BCDFFDC1440F9C00D C:\Windows\System32\DRIVERS\mrxsmb20.sys 108D87409C5812EF47D81E22843E8C9D C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys 6D76E6433574B058ADCB0C50DF834492 C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Rt64win7.sys E50CFB92986DCAB49DE93788FD695813 C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 2098B8556D1CEC2ACA9A29CD479E3692 C:\Windows\System32\DRIVERS\srv2.sys D0F73A42040F21F92FD314B42AC5C9E7 C:\Windows\System32\DRIVERS\srvnet.sys 2BA8F3250828CCDB4204ECF2C6F40B6A C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tcpip.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit C:\Windows\system32\drivers\USBSTOR.SYS ==> MD5 is legit C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-06 08:33 - 2015-03-06 08:33 - 00001112 _____ () C:\Users\Devon\Desktop\Addition - Shortcut.lnk 2015-03-06 08:33 - 2015-03-06 08:33 - 00001072 _____ () C:\Users\Devon\Desktop\FRST - Shortcut.lnk 2015-03-06 08:32 - 2015-03-06 08:33 - 00019074 _____ () C:\Users\Devon\Downloads\FRST.txt 2015-03-06 08:32 - 2015-03-06 08:32 - 00017708 _____ () C:\Users\Devon\Downloads\Addition.txt 2015-03-06 08:31 - 2015-03-06 08:33 - 00000000 ____D () C:\FRST 2015-03-06 08:31 - 2015-03-06 08:31 - 02092544 _____ (Farbar) C:\Users\Devon\Downloads\FRST64.exe 2015-03-06 08:16 - 2015-03-06 08:17 - 02347384 _____ (ESET) C:\Users\Devon\Downloads\esetsmartinstaller_enu(1).exe 2015-03-06 07:59 - 2015-03-06 07:59 - 02347384 _____ (ESET) C:\Users\Devon\Downloads\esetsmartinstaller_enu.exe 2015-03-06 07:59 - 2015-03-06 07:59 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-03-06 07:46 - 2015-03-06 07:46 - 00000815 _____ () C:\Users\Devon\Desktop\AdwCleaner[s1].txt 2015-03-06 07:45 - 2015-03-06 07:46 - 00000750 _____ () C:\Users\Devon\Desktop\AdwCleaner[R1].txt 2015-03-06 07:42 - 2015-03-06 07:48 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-06 07:42 - 2015-03-06 07:47 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-06 07:42 - 2015-03-06 07:42 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-03-06 07:42 - 2015-03-06 07:42 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-03-06 07:42 - 2015-03-06 07:42 - 00000000 ____D () C:\Users\Devon\AppData\Local\Google 2015-03-06 07:42 - 2015-03-06 07:42 - 00000000 ____D () C:\Program Files (x86)\Google 2015-03-06 07:35 - 2015-03-06 07:35 - 00000815 _____ () C:\Users\Devon\Desktop\AdwCleaner[s0].txt 2015-03-06 07:33 - 2015-03-06 07:33 - 00000750 _____ () C:\Users\Devon\Desktop\AdwCleaner[R0].txt 2015-03-06 07:31 - 2015-03-06 07:49 - 00000000 ____D () C:\AdwCleaner 2015-03-06 07:30 - 2015-03-06 07:30 - 02126848 _____ () C:\Users\Devon\Desktop\AdwCleaner.exe 2015-03-06 07:29 - 2015-03-06 07:29 - 00000633 _____ () C:\Users\Devon\Desktop\JRT.txt 2015-03-06 07:26 - 2015-03-06 07:27 - 00001374 _____ () C:\Users\Devon\Desktop\JRT.exe.lnk 2015-03-06 07:25 - 2015-03-06 07:25 - 01388333 _____ (Thisisu) C:\Users\Devon\Downloads\JRT.exe 2015-03-05 15:04 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-03-05 15:04 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-03-05 15:04 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-03-05 15:04 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-03-05 15:02 - 2011-05-16 06:55 - 00533096 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys 2015-03-05 15:02 - 2011-05-16 06:55 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll 2015-03-05 15:02 - 2011-05-16 06:55 - 00074272 _____ () C:\Windows\system32\RtNicProp64.dll 2015-03-05 15:00 - 2015-03-05 15:00 - 00007692 _____ () C:\Windows\DPINST.LOG 2015-03-05 15:00 - 2015-03-05 15:00 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3 2015-03-05 14:59 - 2015-03-05 14:59 - 00000539 _____ () C:\Windows\KB893803v2.log 2015-03-05 14:59 - 2010-12-20 18:08 - 00008192 _____ () C:\Windows\system32\Drivers\IntelMEFWVer.dll 2015-03-05 14:59 - 2010-10-19 16:34 - 00056344 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys 2015-03-05 14:54 - 2015-03-05 14:54 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-03-05 14:54 - 2015-03-05 14:54 - 00000000 ____D () C:\Users\Devon\AppData\Roaming\InstallShield 2015-03-05 14:54 - 2011-05-10 17:46 - 00557848 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys 2015-03-05 14:53 - 2015-03-05 15:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-03-05 14:53 - 2015-03-05 15:02 - 00000000 ____D () C:\Program Files (x86)\Realtek 2015-03-05 14:53 - 2015-03-05 14:53 - 00000000 ___HD () C:\Program Files (x86)\Temp 2015-03-05 14:53 - 2015-03-05 14:53 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM 2015-03-05 14:53 - 2015-03-05 14:53 - 00000000 ____D () C:\Program Files\Realtek 2015-03-05 14:53 - 2011-06-28 03:15 - 02905832 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys 2015-03-05 14:53 - 2011-06-28 02:08 - 01698408 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll 2015-03-05 14:53 - 2011-06-27 22:31 - 03115112 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll 2015-03-05 14:53 - 2011-06-27 21:17 - 02428520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll 2015-03-05 14:53 - 2011-06-27 03:19 - 00092264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll 2015-03-05 14:53 - 2011-06-26 22:45 - 03768152 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll 2015-03-05 14:53 - 2011-06-26 22:44 - 02604376 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll 2015-03-05 14:53 - 2011-06-23 19:11 - 01474048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat 2015-03-05 14:53 - 2011-06-13 03:04 - 01560680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl 2015-03-05 14:53 - 2011-06-10 01:35 - 00603472 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll 2015-03-05 14:53 - 2011-06-02 22:11 - 01805928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll 2015-03-05 14:53 - 2011-05-30 17:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll 2015-03-05 14:53 - 2011-05-30 17:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll 2015-03-05 14:53 - 2011-05-30 17:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll 2015-03-05 14:53 - 2011-05-30 17:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll 2015-03-05 14:53 - 2011-05-30 17:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll 2015-03-05 14:53 - 2011-05-30 17:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll 2015-03-05 14:53 - 2011-05-30 17:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll 2015-03-05 14:53 - 2011-05-30 17:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll 2015-03-05 14:53 - 2011-05-30 17:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll 2015-03-05 14:53 - 2011-05-30 17:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll 2015-03-05 14:53 - 2011-05-30 17:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll 2015-03-05 14:53 - 2011-05-30 17:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll 2015-03-05 14:53 - 2011-05-23 01:12 - 01245288 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll 2015-03-05 14:53 - 2011-05-04 23:24 - 02085440 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll 2015-03-05 14:53 - 2011-05-04 22:15 - 00220512 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll 2015-03-05 14:53 - 2011-05-04 22:14 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll 2015-03-05 14:53 - 2011-05-04 22:14 - 00078176 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll 2015-03-05 14:53 - 2011-05-01 22:27 - 03308376 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll 2015-03-05 14:53 - 2011-05-01 22:27 - 00426328 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll 2015-03-05 14:53 - 2011-05-01 22:27 - 00136024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll 2015-03-05 14:53 - 2011-05-01 22:27 - 00118104 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll 2015-03-05 14:53 - 2011-05-01 22:27 - 00074072 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll 2015-03-05 14:53 - 2010-11-17 19:49 - 00121744 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll 2015-03-05 14:53 - 2010-11-07 15:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll 2015-03-05 14:53 - 2010-11-07 15:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll 2015-03-05 14:53 - 2010-11-07 15:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll 2015-03-05 14:53 - 2010-11-07 15:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll 2015-03-05 14:53 - 2010-11-07 15:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll 2015-03-05 14:53 - 2010-11-07 15:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll 2015-03-05 14:53 - 2010-11-03 02:31 - 00332392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll 2015-03-05 14:53 - 2010-11-03 02:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll 2015-03-05 14:53 - 2010-10-02 21:46 - 00341336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll 2015-03-05 14:53 - 2010-09-26 17:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll 2015-03-05 14:53 - 2010-07-22 00:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll 2015-03-05 14:53 - 2010-07-22 00:37 - 00200800 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll 2015-03-05 14:53 - 2010-05-06 01:34 - 00334680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll 2015-03-05 14:53 - 2009-11-23 17:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll 2015-03-05 14:53 - 2009-11-23 17:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll 2015-03-05 14:53 - 2009-11-23 17:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll 2015-03-05 14:53 - 2009-11-23 17:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll 2015-03-05 14:53 - 2009-11-18 02:42 - 02197264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll 2015-03-05 14:53 - 2009-11-17 02:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll 2015-03-05 14:51 - 2015-03-05 14:59 - 00000000 ____D () C:\Program Files (x86)\Intel 2015-03-05 14:51 - 2015-03-05 14:51 - 00000000 ____D () C:\Intel 2015-03-05 14:51 - 2011-04-15 00:00 - 00053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll 2015-03-05 14:50 - 2015-03-05 15:02 - 00001769 _____ () C:\Windows\Language_trs.ini 2015-03-05 14:50 - 2015-03-05 14:50 - 00030387 _____ () C:\Windows\Ascd_tmp.ini 2015-03-05 14:48 - 2015-03-05 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center 2015-03-05 14:48 - 2015-03-05 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Problem Report Wizard 2015-03-05 14:48 - 2012-02-16 22:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll 2015-03-05 14:48 - 2012-02-16 21:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2015-03-05 14:48 - 2012-02-16 20:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2015-03-05 14:48 - 2012-02-16 20:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys 2015-03-05 14:47 - 2015-03-05 14:48 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies 2015-03-05 14:47 - 2015-03-05 14:47 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies 2015-03-05 14:47 - 2010-09-28 17:55 - 00078848 _____ () C:\Windows\system32\atiapfxx.blb 2015-03-05 14:47 - 2010-09-28 17:51 - 00450560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIDEMGX.dll 2015-03-05 14:47 - 2010-09-28 17:23 - 00058880 _____ (AMD) C:\Windows\system32\coinst.dll 2015-03-05 14:47 - 2010-08-16 02:42 - 00116240 _____ (ATI Technologies, Inc.) C:\Windows\system32\Drivers\AtihdW76.sys 2015-03-05 14:47 - 2010-08-12 07:12 - 00022190 _____ () C:\Windows\atiogl.xml 2015-03-05 14:47 - 2010-06-15 14:28 - 00002857 _____ () C:\Windows\SysWOW64\atipblag.dat 2015-03-05 14:47 - 2010-06-15 14:28 - 00002857 _____ () C:\Windows\system32\atipblag.dat 2015-03-05 14:46 - 2015-03-05 14:48 - 00000000 ____D () C:\Program Files\ATI Technologies 2015-03-05 14:46 - 2015-03-05 14:46 - 00000000 ____D () C:\Program Files\ATI 2015-03-05 14:43 - 2015-03-05 14:43 - 00001447 _____ () C:\Users\Devon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-03-05 14:43 - 2015-03-05 14:43 - 00001413 _____ () C:\Users\Devon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2015-03-05 14:43 - 2015-03-05 14:43 - 00000000 ____D () C:\Users\Devon\AppData\Local\VirtualStore 2015-03-05 14:43 - 2014-05-14 08:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-03-05 14:43 - 2014-05-14 08:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-03-05 14:43 - 2014-05-14 08:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-03-05 14:43 - 2014-05-14 08:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-03-05 14:43 - 2014-05-14 08:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-03-05 14:43 - 2014-05-14 08:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-03-05 14:43 - 2014-05-14 08:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-03-05 14:43 - 2014-05-14 08:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-03-05 14:43 - 2014-05-14 08:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-03-05 14:43 - 2014-05-14 08:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-03-05 14:42 - 2015-03-06 07:55 - 01767762 _____ () C:\Windows\WindowsUpdate.log 2015-03-05 14:42 - 2015-03-05 14:43 - 00000000 ____D () C:\Users\Devon 2015-03-05 14:42 - 2015-03-05 14:42 - 00000020 ___SH () C:\Users\Devon\ntuser.ini 2015-03-05 14:42 - 2015-03-05 14:42 - 00000000 __SHD () C:\Recovery 2015-03-05 14:42 - 2009-07-13 20:54 - 00000000 ___RD () C:\Users\Devon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-05 14:42 - 2009-07-13 20:49 - 00000000 ___RD () C:\Users\Devon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-03-05 14:39 - 2015-03-05 14:39 - 00001355 _____ () C:\Windows\TSSysprep.log 2015-03-05 14:39 - 2015-03-05 14:39 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2015-03-05 14:39 - 2015-03-05 14:39 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2015-03-05 14:36 - 2015-03-05 14:42 - 00000000 ____D () C:\Windows\Panther 2015-03-05 12:32 - 2015-03-05 12:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-05 12:19 - 2015-03-06 07:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-05 12:18 - 2015-03-05 12:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Devon\Downloads\mbam-setup-2.0.4.1028.exe 2015-03-05 12:18 - 2015-03-05 12:18 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-03-05 12:18 - 2015-03-05 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-03-05 12:18 - 2015-03-05 12:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-05 12:18 - 2015-03-05 12:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-03-05 12:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-05 12:18 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-05 12:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-05 12:17 - 2015-03-05 12:17 - 00000928 _____ () C:\Users\Devon\Desktop\NTREGOPT.lnk 2015-03-05 12:17 - 2015-03-05 12:17 - 00000909 _____ () C:\Users\Devon\Desktop\ERUNT.lnk 2015-03-05 12:17 - 2015-03-05 12:17 - 00000000 ____D () C:\Windows\ERDNT 2015-03-05 12:17 - 2015-03-05 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2015-03-05 12:17 - 2015-03-05 12:17 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2015-03-05 12:16 - 2015-03-05 12:16 - 00791393 _____ (Lars Hederer ) C:\Users\Devon\Desktop\erunt-setup.exe 2015-03-05 12:14 - 2015-03-05 12:14 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Devon\Desktop\rkill64.exe 2015-03-05 12:13 - 2015-03-05 12:15 - 00002038 _____ () C:\Users\Devon\Desktop\Rkill.txt 2015-03-05 12:13 - 2015-03-05 12:13 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Devon\Desktop\rkill.exe 2015-03-05 12:08 - 2015-03-06 07:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-05 12:08 - 2015-03-05 12:09 - 00000000 ____D () C:\Users\Devon\AppData\Roaming\Mozilla 2015-03-05 12:08 - 2015-03-05 12:09 - 00000000 ____D () C:\Users\Devon\AppData\Local\Mozilla 2015-03-05 12:08 - 2015-03-05 12:08 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-05 12:08 - 2015-03-05 12:08 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-03-05 12:08 - 2015-03-05 12:08 - 00000000 ____D () C:\ProgramData\Mozilla 2015-03-05 12:07 - 2015-03-05 12:07 - 00057560 _____ () C:\Users\Devon\AppData\Local\GDIPFONTCACHEV1.DAT 2015-03-05 12:07 - 2015-03-05 12:07 - 00000000 ____D () C:\Users\Devon\AppData\Roaming\Intel Corporation 2015-03-05 12:07 - 2015-03-05 12:07 - 00000000 ____D () C:\Users\Devon\AppData\Roaming\ATI 2015-03-05 12:07 - 2015-03-05 12:07 - 00000000 ____D () C:\Users\Devon\AppData\Local\ATI 2015-03-05 12:07 - 2015-03-05 12:07 - 00000000 ____D () C:\ProgramData\ATI 2015-03-05 12:07 - 2015-03-05 12:07 - 00000000 _____ () C:\Windows\ativpsrm.bin ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-06 07:54 - 2009-07-13 21:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-06 07:47 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-06 07:47 - 2009-07-13 20:51 - 00023660 _____ () C:\Windows\setupact.log 2015-03-06 07:46 - 2009-07-13 20:45 - 00020656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-06 07:46 - 2009-07-13 20:45 - 00020656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-06 07:24 - 2010-11-20 19:47 - 00004936 _____ () C:\Windows\PFRO.log 2015-03-05 15:00 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\restore 2015-03-05 14:41 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache 2015-03-05 14:40 - 2009-07-13 20:45 - 00274320 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-05 14:39 - 2009-07-13 21:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-03-05 14:39 - 2009-07-13 20:46 - 00002790 _____ () C:\Windows\DtcInstall.log 2015-03-05 14:39 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-05 14:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\sysprep 2015-03-05 14:36 - 2009-07-13 21:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG 2015-03-05 14:36 - 2009-07-13 21:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template Some content of TEMP: ==================== C:\Users\Devon\AppData\Local\Temp\Quarantine.exe C:\Users\Devon\AppData\Local\Temp\sqlite3.dll C:\Users\Devon\AppData\Local\Temp\_isE7FD.exe C:\Users\Devon\AppData\Local\Temp\_isE916.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale en-US inherit {globalsettings} default {current} resumeobject {1689bd16-c388-11e4-9e3d-ddaf96e5788e} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows Boot Loader ------------------- identifier {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale en-US inherit {bootloadersettings} recoverysequence {1689bd18-c388-11e4-9e3d-ddaf96e5788e} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {1689bd16-c388-11e4-9e3d-ddaf96e5788e} nx OptIn Windows Boot Loader ------------------- identifier {1689bd18-c388-11e4-9e3d-ddaf96e5788e} device ramdisk=[C:]\Recovery\1689bd18-c388-11e4-9e3d-ddaf96e5788e\Winre.wim,{1689bd19-c388-11e4-9e3d-ddaf96e5788e} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\1689bd18-c388-11e4-9e3d-ddaf96e5788e\Winre.wim,{1689bd19-c388-11e4-9e3d-ddaf96e5788e} systemroot \windows nx OptIn winpe Yes Resume from Hibernate --------------------- identifier {1689bd16-c388-11e4-9e3d-ddaf96e5788e} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {1689bd19-c388-11e4-9e3d-ddaf96e5788e} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\1689bd18-c388-11e4-9e3d-ddaf96e5788e\boot.sdi LastRegBack: 2015-03-05 13:41 ==================== End Of Log ============================ Farbar Addition Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01 Ran by Devon at 2015-03-06 08:33:43 Running from C:\Users\Devon\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology) ATI AVIVO64 Codecs (Version: 11.6.0.50930 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (HKLM\...\{60A95961-E9F4-17C6-2A91-578C34ED9A0C}) (Version: 3.0.795.0 - ATI Technologies, Inc.) ATI Problem Report Wizard (Version: 3.0.795.0 - ATI Technologies) Hidden ccc-core-static (x32 Version: 2010.0930.2237.38732 - ATI) Hidden ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.1.1001 - Intel Corporation) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6402 - Realtek Semiconductor Corp.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 05-03-2015 14:43:04 Windows Update 05-03-2015 14:48:57 Windows Update 05-03-2015 15:00:17 Installed Asmedia ASM104x USB 3.0 Host Controller Driver. 05-03-2015 15:02:23 Installed Realtek Ethernet Controller Driver 05-03-2015 15:04:01 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {3459CB69-6B9A-4F75-A08B-B6E0DF7EC664} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-06] (Google Inc.) Task: {3E42D16B-7AF6-4D5E-B662-AB152E95391A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-06] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2010-08-04 15:58 - 2010-08-04 15:58 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-09-30 22:36 - 2010-09-30 22:36 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2015-03-05 14:54 - 2015-03-05 14:54 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\20f4458066dbf68283323fdbbc5f3f9a\IsdiInterop.ni.dll 2015-03-05 14:54 - 2011-05-19 15:34 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2465917416-3373592232-3200961110-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Devon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-2465917416-3373592232-3200961110-500 - Administrator - Disabled) Devon (S-1-5-21-2465917416-3373592232-3200961110-1000 - Administrator - Enabled) => C:\Users\Devon Guest (S-1-5-21-2465917416-3373592232-3200961110-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/06/2015 08:19:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (03/06/2015 08:17:10 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (03/06/2015 08:17:07 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (03/06/2015 08:17:07 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (03/06/2015 08:17:05 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (03/06/2015 08:16:19 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (03/06/2015 08:09:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (03/06/2015 07:59:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (03/06/2015 07:59:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (03/06/2015 07:59:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . System errors: ============= Microsoft Office Sessions: ========================= Error: (03/06/2015 08:19:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (03/06/2015 08:17:10 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Devon\Downloads\esetsmartinstaller_enu.exe Error: (03/06/2015 08:17:07 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Devon\Downloads\esetsmartinstaller_enu.exe Error: (03/06/2015 08:17:07 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Devon\Downloads\esetsmartinstaller_enu.exe Error: (03/06/2015 08:17:05 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Devon\Downloads\esetsmartinstaller_enu(1).exe Error: (03/06/2015 08:16:19 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Devon\Downloads\esetsmartinstaller_enu.exe Error: (03/06/2015 08:09:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (03/06/2015 07:59:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (03/06/2015 07:59:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (03/06/2015 07:59:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. ==================== Memory info =========================== Processor: Intel® Core i5-2500K CPU @ 3.30GHz Percentage of memory in use: 22% Total physical RAM: 8173.21 MB Available physical RAM: 6365.62 MB Total Pagefile: 16344.62 MB Available Pagefile: 14410.39 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1862.92 GB) (Free:1835.15 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 554BABCB) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  10. I downloaded both rkill and ERUNT, like instructed. However when running rkill I found a second shortcut icon called rkill64 appearing on my desktop than disappearing after rkill ran. I clicked and ran it and it gave me the same results as the first but stayed afterwards. After downloading ERUNT another shortcut called NTREGOPT showed up. I'm guessing these are supposed to be here. Heres the malwarebytes scan results. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 3/5/2015 Scan Time: 12:20:47 PM Logfile: Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.03.05.03 Rootkit Database: v2015.02.25.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Devon Scan Type: Threat Scan Result: Completed Objects Scanned: 321441 Time Elapsed: 4 min, 19 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  11. I know I the last thread I posted here didn't workout and the last support guy stopped posting, since he probably thought I was trolling or something but I'm not. Could someone please help?
  12. After a run in with a pop up a while back I back up restored my system to make sure no viruses or anything got in. I noticed google searches had been adding the word "webhp" as part of the address for search results. For example, if I got directly to google .com and search for something like ninjas i'll be sent to google.com/#q=ninjas. when search it in the search bar I get .google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=ninjas When I search something from the google site directly and got to the first address (google.com/#q=ninjas), then click on the upper left google icon to go back to the main page I am sent to google.com/webhp?hl=en All the links I get when I look it up say its a really bad virus thats very hard to get rid of. I was getting help with someone awhile back for this problem, he ran everything under the sun and still couldn't find the problem before I took the computer to the shop and had the whole hard drive replaced. After wards I reinstalled the OS and Google and found that I'm still being sent to webhp. I took it back to the store and found that their searches also took them to google webhp. That was reassuring since I couldn't imagine a computer store like microcenter getting malware or a virus on their tech support computers and the ones they have on the floor for customers to use and try to find stuff. Something tells me I should still ask. Again the last person who helped me directed me to run every program from bleepingpc and malware bytes and found nothing. Could this thing be a virus? If so how do I get rid of it?
  13. Okay so I checked my computer into a shop and they replaced the WHOLE HARDDRIVE, and upgraded it to a new one, reinstalled the OS and motherboard, and the problem STILL PERSISTS!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.