Jump to content

My son destroyed my system.


Recommended Posts

I don't know what my son has gotten into, but my system is severely hosed. I've tried tech support through charter, and various other sources, but he has apparently even stumped them. A friend at work suggested I come to you guys, he says his system was in horrible shape and he was referred to your site, and you guys pulled the tech equivelent of Jesus laying his hands on his system.

 

So, I've come to you hoping you can undo what my infinately stupid son has done.

 

Symptoms:

 

Well, to start with, Windows will no longer update. I've had 13 "important" updates pending for quite some time, yet every time I try to install them, they fail. I shut down, and next time I start up, those same 13 updates are waiting for me to give it another failed attempt.

 

My system also runs slow. I've upgraded my processor and have 8 gigs of RAM, yet my system is running like an old 8086, and anything I try to do is sluggish. I have a few of the little windows sidebar apps running, a clock, a calendar, a temp/weather app, and a system meter. It always shows my processor being hit from anywhere from 18% to as high as 40% And it constantly shifts up and down. So something is obviously drawing alot of juice from my processor but I can't identify anything running. The meter also shows my ram being hit pretty hard, even without anything running. It never falls below 30%, though I've always just attributed that to the natural bloat of Windows OS. (I'm running Windows 7 64bit by the way).

 

The processor problem I can "work around" by using configsys and doing a selective startup disabling all services except windows services. Alternatively, I can open my system devices, and double click my display adaptor and disable it, and then re-enable it, and this will drop my processor use down a little. But to run any graphics intense programs or games, I have to use the selective startup approach or even games that i excede recomended specs run like I have only half the recomended power.

 

Also I have recently had sound erupt from my speakers with no program running it. it always sounds to be some kind of tabloid entertainment news feed. If I open my volume mixer, theres a new volume contro entry that is labeled "Name Not Available" which i have to mute just so I don't hear that annoying crap. But even muted, it's still there and running. So something is being piped in without my consent or without any indication of what program is running it.

 

I have tried everything, and have had many "non-professional" self appointed "tech-wizards" offering suggestions, advice, and even a few taking a hand at getting behind the keyboard to fix it for me. And all have failed.

 

I guess what I am saying is "Help me Obi Wan Kenobi, you're my only hope"... But please don't ask me to wear my hair in cinimon bun rolls or wear a white dress. My 49 year old hairy legs don't look good in a dress, and my greying beard would clash with the buns.

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs...

 

Kevin

Link to post
Share on other sites

FIRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 01
Ran by Gonzo (administrator) on GONZO-PC on 20-04-2014 12:54:05
Running from C:\Users\Gonzo\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
(razercfg MFC Application) C:\Program Files (x86)\Razer\Lachesis\OSD.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
() C:\Program Files (x86)\Razer\Lachesis\razertra.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
() C:\Users\Gonzo\AppData\Local\Temp\svchost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-11-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6936096 2008-11-25] (Realtek Semiconductor)
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [237693 2008-12-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [sDTray] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [QFan Help] => "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
HKLM-x32\...\Run: [Lachesis] => C:\Program Files (x86)\Razer\Lachesis\razerhid.exe [248320 2009-11-10] ()
HKLM-x32\...\Run: [Cpu Level Up help] => "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [Ai Nap] => "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe] => C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Recent.vbe [15550 2013-01-20] ()
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-501038107-1255677059-1131397316-1000\...\Run: [Advanced SystemCare 7] => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
HKU\S-1-5-21-501038107-1255677059-1131397316-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-501038107-1255677059-1131397316-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-501038107-1255677059-1131397316-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-501038107-1255677059-1131397316-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-501038107-1255677059-1131397316-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-501038107-1255677059-1131397316-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-501038107-1255677059-1131397316-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-501038107-1255677059-1131397316-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-501038107-1255677059-1131397316-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-501038107-1255677059-1131397316-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40C34D652281CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {A8888695-BDC1-4AE6-AA82-E5ED8B9CBC5F} URL = http://www.bing.com/search?q={searchTerms}&form=OSDSRC
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {A8888695-BDC1-4AE6-AA82-E5ED8B9CBC5F} URL = http://www.bing.com/search?q={searchTerms}&form=OSDSRC
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 24.178.162.3 66.189.0.100 24.217.201.67

FireFox:
========
FF ProfilePath: C:\Users\Gonzo\AppData\Roaming\Mozilla\Firefox\Profiles\klus34h0.default

FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 - C:\Users\Gonzo\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome:
=======


CHR Extension: (Docs) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-25]
CHR Extension: (Google Drive) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-25]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-04-06]
CHR Extension: (YouTube) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-25]
CHR Extension: (Google Search) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-25]
CHR Extension: (RealDownloader) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-11-25]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-01-02]
CHR Extension: (Google Wallet) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-25]
CHR Extension: (Gmail) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-25]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-16] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-16] (Razer Inc.)
S2 DragonSvc; No ImagePath
S4 SafeBox; No ImagePath
S4 Update Server; No ImagePath

==================== Drivers (Whitelisted) ====================

S2 AODDriver4.01; No ImagePath
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-02-05] ()
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [258224 2011-07-15] (BitDefender)
S3 bdsandbox; C:\Windows\system32\drivers\bdsandbox.sys [79952 2011-06-17] (Windows ® Win 7 DDK provider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-02-05] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-20] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-10-30] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
R3 VaneFltr; C:\Windows\System32\drivers\Lachesis.sys [30336 2007-08-17] (Razer (Asia-Pacific) Pte Ltd)
S3 WinRing0_1_2_0; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 NYcIZJGD; System32\drivers\NYcIZJGD.sys [X]
U0 SR;
U2 srservice;
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-20 12:54 - 2014-04-20 12:54 - 00023747 _____ () C:\Users\Gonzo\Desktop\FRST.txt
2014-04-20 12:53 - 2014-04-20 12:54 - 00000000 ____D () C:\FRST
2014-04-20 12:52 - 2014-04-20 12:52 - 02056192 _____ (Farbar) C:\Users\Gonzo\Desktop\FRST64.exe
2014-04-20 05:08 - 2014-04-20 05:08 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-20 05:08 - 2014-04-20 05:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-20 05:08 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-20 05:08 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-20 05:08 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-20 05:07 - 2014-04-20 05:07 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Gonzo\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-20 00:18 - 2014-04-20 00:18 - 00000000 ____D () C:\Users\Gonzo\AppData\Local\{416827EF-E304-4360-90C9-04ADD072FAC6}
2014-04-20 00:08 - 2014-04-20 12:36 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-501038107-1255677059-1131397316-1000
2014-04-20 00:08 - 2014-04-20 12:36 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-501038107-1255677059-1131397316-1000
2014-04-19 23:55 - 2014-04-20 00:08 - 00000000 ____D () C:\ComboFix
2014-04-19 23:55 - 2014-04-20 00:04 - 00000000 ____D () C:\Windows\erdnt
2014-04-19 23:55 - 2014-04-19 23:55 - 00000000 ____D () C:\Qoobox
2014-04-19 23:55 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-19 23:55 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-19 23:55 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-19 23:55 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-19 23:55 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-19 23:55 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-19 23:55 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-19 23:55 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-19 23:43 - 2014-04-19 23:43 - 00000000 ____D () C:\Windows\ERUNT
2014-04-18 04:48 - 2014-04-18 04:48 - 00000000 ____S () C:\Windows\system32\jdhei.ixt
2014-04-17 21:23 - 2014-04-17 21:23 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-17 21:23 - 2014-04-17 21:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-17 21:21 - 2014-04-17 21:23 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-17 20:19 - 2014-04-17 20:19 - 00943042 _____ () C:\Windows\SysWOW64\scrypt130511GeForce GTX 750 Tiglg2tc4032w64l4.bin
2014-04-17 20:03 - 2014-04-20 00:14 - 00061302 _____ () C:\Windows\IE11_main.log
2014-04-17 20:02 - 2014-04-20 00:16 - 00063531 _____ () C:\Windows\IE10_main.log
2014-04-17 20:00 - 2014-04-17 20:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-17 19:29 - 2006-09-18 17:37 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.20140417-192918.backup
2014-04-08 02:57 - 2014-04-08 02:57 - 00000000 ____D () C:\Users\Gonzo\Documents\SimCity
2014-04-08 00:44 - 2014-04-08 00:44 - 00000000 ____D () C:\Users\Gonzo\Documents\Telltale Games
2014-04-07 01:00 - 2014-04-08 11:35 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-07 01:00 - 2014-04-07 22:51 - 00000000 ____D () C:\ProgramData\Avira
2014-04-07 00:53 - 2014-04-07 00:53 - 00000000 ____S () C:\Windows\system32\bftdq.qxx
2014-04-06 02:00 - 2014-04-20 05:08 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-06 01:59 - 2014-04-06 01:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-06 01:32 - 2014-04-06 01:32 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-04-06 01:21 - 2014-04-20 12:36 - 06801014 _____ () C:\Windows\setupact.log
2014-04-06 01:21 - 2014-04-06 01:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-06 01:20 - 2014-04-20 00:05 - 00280068 _____ () C:\Windows\PFRO.log
2014-04-06 01:19 - 2014-04-06 01:19 - 00000000 _____ () C:\asc_rdflag
2014-04-06 01:17 - 2014-04-17 20:13 - 00000000 ____D () C:\Program Files (x86)\Charter Security Suite
2014-04-06 01:16 - 2014-04-17 19:36 - 00000000 ____D () C:\ProgramData\F-Secure
2014-04-06 00:56 - 2014-04-20 06:19 - 00000082 _____ () C:\Windows\system32\uphqlyn.jcp
2014-04-06 00:39 - 2014-04-06 00:39 - 00000064 _____ () C:\Windows\system32\yuws.qlg
2014-04-06 00:39 - 2014-04-06 00:39 - 00000000 _____ () C:\Windows\system32\saxjp.web
2014-04-06 00:23 - 2014-04-06 00:23 - 00305834 ____S () C:\Windows\system32\nvdtt.bfu
2014-03-30 20:15 - 2014-03-30 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 00:33 - 2014-03-28 00:33 - 00000112 _____ () C:\Windows\SysWOW64\mon.txt
2014-03-28 00:33 - 2014-03-28 00:33 - 00000000 ____D () C:\Program Files (x86)\viewsonic
2014-03-28 00:32 - 2014-03-28 00:45 - 00000108 _____ () C:\Windows\VSWizard.ini
2014-03-27 16:14 - 2014-03-27 16:14 - 00001080 _____ () C:\Users\Public\Desktop\MixPad.lnk
2014-03-27 16:14 - 2014-03-27 16:14 - 00000000 ____D () C:\Users\Gonzo\Documents\Mixpad Projects
2014-03-27 16:05 - 2014-03-27 16:05 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\NCH Software
2014-03-27 15:55 - 2014-03-27 15:55 - 00001258 _____ () C:\Users\Public\Desktop\My MP3 Splitter.lnk
2014-03-27 15:55 - 2014-03-27 15:55 - 00000000 ____D () C:\Program Files (x86)\ZXT2007 Software
2014-03-27 15:52 - 2008-06-17 23:42 - 00098708 _____ () C:\Windows\SysWOW64\activesoundeditor.tlb
2014-03-27 15:52 - 2005-11-05 18:34 - 00145408 _____ () C:\Windows\SysWOW64\Lame.exe
2014-03-27 15:52 - 2005-05-17 15:37 - 00076800 _____ () C:\Windows\SysWOW64\Faac.exe
2014-03-27 15:52 - 2002-07-19 11:48 - 00157696 _____ () C:\Windows\SysWOW64\OggEnc.exe
2014-03-27 15:52 - 2000-05-22 16:58 - 00140488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-03-27 14:13 - 2014-03-27 14:14 - 00000000 ____D () C:\ProgramData\NCH Swift Sound
2014-03-27 14:12 - 2014-04-03 16:15 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-03-27 14:12 - 2014-03-27 16:16 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-03-27 14:12 - 2014-03-27 16:14 - 00000000 ____D () C:\ProgramData\NCH Software
2014-03-27 14:12 - 2014-03-27 14:12 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-03-27 14:08 - 2014-03-27 14:09 - 00000000 ____D () C:\Program Files (x86)\mediasoft
2014-03-21 13:58 - 2014-01-20 22:53 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-03-21 13:58 - 2014-01-20 22:53 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-03-21 13:57 - 2013-12-27 14:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-03-21 13:57 - 2013-12-27 14:42 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-03-21 13:57 - 2013-12-27 14:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-03-21 13:50 - 2014-03-04 07:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-03-21 13:48 - 2014-03-04 10:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-21 13:48 - 2014-03-04 10:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-21 13:48 - 2013-11-28 09:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-03-21 13:48 - 2013-11-28 09:38 - 00074016 _____ (NVIDIA Corporation) C:\Windows\system32\nvapo64v.dll
2014-03-21 13:48 - 2013-11-28 09:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-03-21 13:22 - 2014-03-21 13:22 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-21 13:17 - 2013-12-17 19:00 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433217.dll
2014-03-21 13:17 - 2013-12-17 19:00 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433217.dll
2014-03-21 13:17 - 2013-11-22 04:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll

==================== One Month Modified Files and Folders =======

2014-04-20 12:54 - 2014-04-20 12:54 - 00023747 _____ () C:\Users\Gonzo\Desktop\FRST.txt
2014-04-20 12:54 - 2014-04-20 12:53 - 00000000 ____D () C:\FRST
2014-04-20 12:52 - 2014-04-20 12:52 - 02056192 _____ (Farbar) C:\Users\Gonzo\Desktop\FRST64.exe
2014-04-20 12:43 - 2011-10-02 02:22 - 00011104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 12:43 - 2011-10-02 02:22 - 00011104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-20 12:39 - 2011-10-02 02:45 - 01156540 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 12:36 - 2014-04-20 00:08 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-501038107-1255677059-1131397316-1000
2014-04-20 12:36 - 2014-04-20 00:08 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-501038107-1255677059-1131397316-1000
2014-04-20 12:36 - 2014-04-06 01:21 - 06801014 _____ () C:\Windows\setupact.log
2014-04-20 12:35 - 2011-10-01 17:19 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-20 12:35 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 06:19 - 2014-04-06 00:56 - 00000082 _____ () C:\Windows\system32\uphqlyn.jcp
2014-04-20 05:08 - 2014-04-20 05:08 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-20 05:08 - 2014-04-20 05:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-20 05:08 - 2014-04-06 02:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 05:07 - 2014-04-20 05:07 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Gonzo\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-20 04:13 - 2011-10-02 13:34 - 00000000 ____D () C:\Games
2014-04-20 04:11 - 2011-10-02 19:49 - 00000000 ____D () C:\Users\Gonzo\Documents\My PSP8 Files
2014-04-20 03:59 - 2012-06-23 00:05 - 00000000 ____D () C:\Program Files (x86)\UltraISO
2014-04-20 03:57 - 2011-10-02 16:16 - 00000000 ____D () C:\Gonzo Productions
2014-04-20 00:30 - 2013-07-02 02:19 - 00000000 ____D () C:\Users\Gonzo\AppData\Local\Apps\2.0
2014-04-20 00:18 - 2014-04-20 00:18 - 00000000 ____D () C:\Users\Gonzo\AppData\Local\{416827EF-E304-4360-90C9-04ADD072FAC6}
2014-04-20 00:16 - 2014-04-17 20:02 - 00063531 _____ () C:\Windows\IE10_main.log
2014-04-20 00:14 - 2014-04-17 20:03 - 00061302 _____ () C:\Windows\IE11_main.log
2014-04-20 00:08 - 2014-04-19 23:55 - 00000000 ____D () C:\ComboFix
2014-04-20 00:06 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-20 00:05 - 2014-04-06 01:20 - 00280068 _____ () C:\Windows\PFRO.log
2014-04-20 00:04 - 2014-04-19 23:55 - 00000000 ____D () C:\Windows\erdnt
2014-04-19 23:55 - 2014-04-19 23:55 - 00000000 ____D () C:\Qoobox
2014-04-19 23:43 - 2014-04-19 23:43 - 00000000 ____D () C:\Windows\ERUNT
2014-04-18 04:48 - 2014-04-18 04:48 - 00000000 ____S () C:\Windows\system32\jdhei.ixt
2014-04-17 21:23 - 2014-04-17 21:23 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-17 21:23 - 2014-04-17 21:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-17 21:23 - 2014-04-17 21:21 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-17 21:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\security
2014-04-17 20:19 - 2014-04-17 20:19 - 00943042 _____ () C:\Windows\SysWOW64\scrypt130511GeForce GTX 750 Tiglg2tc4032w64l4.bin
2014-04-17 20:14 - 2013-08-28 01:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-17 20:14 - 2013-08-28 01:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-17 20:13 - 2014-04-06 01:17 - 00000000 ____D () C:\Program Files (x86)\Charter Security Suite
2014-04-17 20:02 - 2014-04-17 20:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-17 19:36 - 2014-04-06 01:16 - 00000000 ____D () C:\ProgramData\F-Secure
2014-04-17 19:31 - 2013-12-08 00:43 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-17 19:30 - 2013-12-08 00:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-14 13:20 - 2011-10-17 04:08 - 00000000 ____D () C:\Users\Gonzo\AppData\Local\Turbine
2014-04-13 13:19 - 2013-12-07 02:41 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-11 14:48 - 2011-10-10 21:10 - 00000000 ____D () C:\Users\Gonzo\Documents\My Games
2014-04-10 18:33 - 2013-12-07 03:51 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\DVD Flick
2014-04-10 02:07 - 2011-10-02 20:42 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\uTorrent
2014-04-08 11:35 - 2014-04-07 01:00 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-08 02:57 - 2014-04-08 02:57 - 00000000 ____D () C:\Users\Gonzo\Documents\SimCity
2014-04-08 00:44 - 2014-04-08 00:44 - 00000000 ____D () C:\Users\Gonzo\Documents\Telltale Games
2014-04-07 22:51 - 2014-04-07 01:00 - 00000000 ____D () C:\ProgramData\Avira
2014-04-07 03:08 - 2009-07-14 01:13 - 00796870 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-07 00:53 - 2014-04-07 00:53 - 00000000 ____S () C:\Windows\system32\bftdq.qxx
2014-04-06 03:10 - 2012-03-05 21:58 - 00000000 ____D () C:\Windows\Minidump
2014-04-06 03:09 - 2011-10-01 19:35 - 00301637 ____N () C:\Windows\Minidump\040614-21933-01.dmp
2014-04-06 02:16 - 2011-10-03 16:28 - 00007610 _____ () C:\Users\Gonzo\AppData\Local\Resmon.ResmonCfg
2014-04-06 01:59 - 2014-04-06 01:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-06 01:35 - 2013-06-27 15:52 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-04-06 01:32 - 2014-04-06 01:32 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-04-06 01:28 - 2012-05-14 12:42 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-06 01:25 - 2011-10-01 17:16 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
2014-04-06 01:25 - 2011-10-01 17:16 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-04-06 01:21 - 2014-04-06 01:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-06 01:19 - 2014-04-06 01:19 - 00000000 _____ () C:\asc_rdflag
2014-04-06 01:19 - 2013-12-08 13:57 - 69545984 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-04-06 01:19 - 2013-12-08 13:57 - 00598016 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-04-06 01:19 - 2013-12-08 13:57 - 00065536 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-04-06 01:19 - 2013-12-08 13:57 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-04-06 01:19 - 2011-10-02 02:26 - 00000000 ____D () C:\Users\Gonzo
2014-04-06 01:04 - 2011-10-02 13:20 - 00788992 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-06 00:39 - 2014-04-06 00:39 - 00000064 _____ () C:\Windows\system32\yuws.qlg
2014-04-06 00:39 - 2014-04-06 00:39 - 00000000 _____ () C:\Windows\system32\saxjp.web
2014-04-06 00:23 - 2014-04-06 00:23 - 00305834 ____S () C:\Windows\system32\nvdtt.bfu
2014-04-03 16:15 - 2014-03-27 14:12 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-04-03 12:45 - 2011-10-03 15:56 - 00023040 _____ () C:\Users\Gonzo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-03 09:51 - 2014-04-20 05:08 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-20 05:08 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-20 05:08 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 12:33 - 2013-08-11 19:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-31 03:51 - 2011-10-02 08:59 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-30 20:15 - 2014-03-30 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 15:32 - 2011-11-01 13:44 - 00000000 ____D () C:\Users\Gonzo\Documents\The Lord of the Rings Online
2014-03-28 00:45 - 2014-03-28 00:32 - 00000108 _____ () C:\Windows\VSWizard.ini
2014-03-28 00:33 - 2014-03-28 00:33 - 00000112 _____ () C:\Windows\SysWOW64\mon.txt
2014-03-28 00:33 - 2014-03-28 00:33 - 00000000 ____D () C:\Program Files (x86)\viewsonic
2014-03-28 00:33 - 2011-10-01 17:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-27 16:16 - 2014-03-27 14:12 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-03-27 16:14 - 2014-03-27 16:14 - 00001080 _____ () C:\Users\Public\Desktop\MixPad.lnk
2014-03-27 16:14 - 2014-03-27 16:14 - 00000000 ____D () C:\Users\Gonzo\Documents\Mixpad Projects
2014-03-27 16:14 - 2014-03-27 14:12 - 00000000 ____D () C:\ProgramData\NCH Software
2014-03-27 16:05 - 2014-03-27 16:05 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\NCH Software
2014-03-27 15:55 - 2014-03-27 15:55 - 00001258 _____ () C:\Users\Public\Desktop\My MP3 Splitter.lnk
2014-03-27 15:55 - 2014-03-27 15:55 - 00000000 ____D () C:\Program Files (x86)\ZXT2007 Software
2014-03-27 15:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Resources
2014-03-27 14:14 - 2014-03-27 14:13 - 00000000 ____D () C:\ProgramData\NCH Swift Sound
2014-03-27 14:12 - 2014-03-27 14:12 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-03-27 14:09 - 2014-03-27 14:08 - 00000000 ____D () C:\Program Files (x86)\mediasoft
2014-03-25 02:09 - 2013-01-08 16:51 - 00291944 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-03-25 02:09 - 2012-12-10 12:53 - 00291944 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-03-21 13:58 - 2011-10-02 02:22 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-21 13:58 - 2011-10-01 17:18 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-21 13:48 - 2013-12-07 23:10 - 00000000 ____D () C:\Users\Gonzo\AppData\Local\NVIDIA Corporation
2014-03-21 13:25 - 2013-07-08 18:35 - 00001347 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-03-21 13:22 - 2014-03-21 13:22 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

Some content of TEMP:
====================
C:\Users\Gonzo\AppData\Local\Temp\libcurl.dll
C:\Users\Gonzo\AppData\Local\Temp\libeay32.dll
C:\Users\Gonzo\AppData\Local\Temp\libidn-11.dll
C:\Users\Gonzo\AppData\Local\Temp\librtmp.dll
C:\Users\Gonzo\AppData\Local\Temp\libssh2.dll
C:\Users\Gonzo\AppData\Local\Temp\libusb-1.0.dll
C:\Users\Gonzo\AppData\Local\Temp\ssleay32.dll
C:\Users\Gonzo\AppData\Local\Temp\svchost.exe
C:\Users\Gonzo\AppData\Local\Temp\zlib1.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2012-12-25 07:00

==================== End Of Log ============================

 

Addition attached.

Addition.txt

Link to post
Share on other sites

Uninstall IObit via Programs and Features, then run the following:

 

1.Download Malwarebytes Anti-Rootkit from this link:

 

 http://www.malwarebytes.org/products/mbar/

 

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

 

Image1.png

 

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

 

mbarwm.png

 

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

 

6. The following image opens, select Next.

 

Image2.png

 

7. The following image opens, select Update

 

Image3.png

 

8. When the update completes select Next.

 

Image4.png

 

9. In the following window ensure "Targets" are ticked. Then select "Scan"

 

Image5.png

 

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

 

MBAntiRKcleanA.png

 

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

 

Image6.png

 

13. Verify that your system is now running normally, making sure that the following items are functional:

 


  •      
  • Internet access
         
  • Windows Update
         
  • Windows Firewall

 

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

 

15. Select "Y" from your Keyboard, tap Enter.

 

16. The fix will be applied, select any key to Exit.

 

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

 

System - log

Mbar - log   Date and time of scan will also be shown

 

Next,

 

Download and install Microsoft Security Essentials, update and run a Quick scan, Let me know if anything is found..

Link to post
Share on other sites

Following your instructions, I ran Mbar, and it found 8 infections. 2 were Trojan.FakeMS and the other 6 were Trojan.BitcoinMiner. I ran the clean, and it cleaned them, and made an mbar-log. And then, according to your instructions, after the reboot, I ran mbar again, and ran a second scan. It found 6 items on the second scan. So I selected Clean, and let it do it's reboot, and when the system was back up, I ran mbar a third time. The third run, it found 6 items again, so I did the clean again, letting it reboot, and when it came up, I am now running it a 4th time. While itw as running, I looked at the logs, and I noticed that the 6 items found in the 3rd scan are the exact same 6 items it found in the second scan. So the clean either did not clean and delete these items, or they self reproduced on start up. The 4th scan has just finished running, and it shows a list of 7 items, which contain the 6 that were supposed to be cleaned the last 2 times, but one of them, the first one, is listed twice. It's in my \users\gonzo\AppData\Local\Temp folder, and it lists the svchost.exe file twice, with the Trojan.BitcoinMiner I will select clean again, but I'm pretty sure when the system reboots, and I can run another scan, it will again find those items.

 

I figured I would ask for your recomendation on what I should do before I procede with a 5th scan, and ask if you want me to go ahead an copy and past all 4 mbar-log's or attach them as text files, or what. Since mbar is either not deleting them like it says it's going to do, or it is deleting them and they are just replicating themselves on start up.

 

So let me know what you want me to do about posting logs or what.

 

I will wait for your response before I use the fixdamage tool, because I don't know if the "replicating" problem will be an issue with it. So I figured it's best if I wait for your advice.

Link to post
Share on other sites

Just post the first and second set of logs, I should see which six are replicating.

 

Also run this please:

 

Please download RogueKiller from here:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                   

  • Make sure to get the correct version for your system.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept
     
    RKLicence.png
     
  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan
     
    RK1A.png
     
  • When the scan completes select Report, copy and paste that to your reply.
     
    RK2A.png
     
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller

Link to post
Share on other sites

Here is the first mbar log:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.04.20.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Gonzo :: GONZO-PC [administrator]

4/20/2014 4:57:19 PM
mbar-log-2014-04-20 (16-57-19).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 264703
Time elapsed: 8 minute(s), 30 second(s)

Memory Processes Detected: 1
C:\Users\Gonzo\AppData\Local\Temp\svchost.exe (Trojan.BitCoinMiner) -> 4284 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\Users\Gonzo\AppData\Local\Temp\svchost.exe (Trojan.BitCoinMiner) -> Delete on reboot.
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\rpcss.dll-k.mbam (Trojan.FakeMS) -> Delete on reboot.
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\rpcss.dll-u.mbam (Trojan.FakeMS) -> Delete on reboot.
C:\Users\Gonzo\AppData\Local\Temp\phatk121016.cl (Trojan.BitcoinMiner) -> Delete on reboot.
C:\Users\Gonzo\AppData\Local\Temp\scrypt130511.cl (Trojan.BitcoinMiner) -> Delete on reboot.
C:\Users\Gonzo\AppData\Local\Temp\diablo130302.cl (Trojan.BitcoinMiner) -> Delete on reboot.
C:\Users\Gonzo\AppData\Local\Temp\poclbm130302.cl (Trojan.BitcoinMiner) -> Delete on reboot.
C:\Users\Gonzo\AppData\Local\Temp\diakgcn121016.cl (Trojan.BitcoinMiner) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

----------------------------------------------------------------

 

Second mbar log:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.04.20.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Gonzo :: GONZO-PC [administrator]

4/20/2014 5:21:49 PM
mbar-log-2014-04-20 (17-21-49).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 264354
Time elapsed: 9 minute(s), 25 second(s)

Memory Processes Detected: 1
C:\Users\Gonzo\AppData\Local\Temp\svchost.exe (Trojan.BitCoinMiner) -> 4684 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\Gonzo\AppData\Local\Temp\svchost.exe (Trojan.BitCoinMiner) -> Delete on reboot.
C:\Users\Gonzo\AppData\Local\Temp\phatk121016.cl (Trojan.BitcoinMiner) -> Delete on reboot.
C:\Users\Gonzo\AppData\Local\Temp\scrypt130511.cl (Trojan.BitcoinMiner) -> Delete on reboot.
C:\Users\Gonzo\AppData\Local\Temp\diablo130302.cl (Trojan.BitcoinMiner) -> Delete on reboot.
C:\Users\Gonzo\AppData\Local\Temp\poclbm130302.cl (Trojan.BitcoinMiner) -> Delete on reboot.
C:\Users\Gonzo\AppData\Local\Temp\diakgcn121016.cl (Trojan.BitcoinMiner) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

--------------------------------------------------

 

And the system log from mbar:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.200000 GHz
Memory total: 8588353536, free: 6359097344

Downloaded database version: v2014.04.20.07
Downloaded database version: v2014.03.27.01
=======================================
Initializing...
------------ Kernel report ------------
     04/20/2014 16:57:15
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\nvsmu.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\nvmf6264.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\avchv.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\PFC027.SYS
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\drivers\Lachesis.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\ws2_32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\normaliz.dll
\Windows\System32\nsi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\msctf.dll
\Windows\System32\shell32.dll
\Windows\System32\lpk.dll
\Windows\System32\urlmon.dll
\Windows\System32\wininet.dll
\Windows\System32\iertutil.dll
\Windows\System32\oleaut32.dll
\Windows\System32\difxapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\setupapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\gdi32.dll
\Windows\System32\imm32.dll
\Windows\System32\kernel32.dll
\Windows\System32\usp10.dll
\Windows\System32\msvcrt.dll
\Windows\System32\sechost.dll
\Windows\System32\clbcatq.dll
\Windows\System32\psapi.dll
\Windows\System32\user32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\ole32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007caf060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-7\
Lower Device Object: 0xfffffa8007967680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007caf060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007cafab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007caf060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006cace40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007967680, DeviceName: \Device\Ide\IdeDeviceP3T1L0-7\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 91A666FC

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Infected: C:\Users\Gonzo\AppData\Local\Temp\svchost.exe --> [Trojan.BitCoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\svchost.exe --> [Trojan.BitCoinMiner]
Infected: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\rpcss.dll-k.mbam --> [Trojan.FakeMS]
Infected: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\rpcss.dll-u.mbam --> [Trojan.FakeMS]
Infected: C:\Users\Gonzo\AppData\Local\Temp\phatk121016.cl --> [Trojan.BitcoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\scrypt130511.cl --> [Trojan.BitcoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\diablo130302.cl --> [Trojan.BitcoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\poclbm130302.cl --> [Trojan.BitcoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\diakgcn121016.cl --> [Trojan.BitcoinMiner]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.200000 GHz
Memory total: 8588353536, free: 7226454016

=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.200000 GHz
Memory total: 8588353536, free: 7101313024

=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.200000 GHz
Memory total: 8588353536, free: 7102095360

Downloaded database version: v2014.04.20.07
Downloaded database version: v2014.03.27.01
=======================================
Initializing...
------------ Kernel report ------------
     04/20/2014 17:21:45
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\nvsmu.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\nvmf6264.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\avchv.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\PFC027.SYS
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\drivers\Lachesis.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\gdi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\setupapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\usp10.dll
\Windows\System32\user32.dll
\Windows\System32\advapi32.dll
\Windows\System32\wininet.dll
\Windows\System32\psapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\sechost.dll
\Windows\System32\Wldap32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\urlmon.dll
\Windows\System32\difxapi.dll
\Windows\System32\msctf.dll
\Windows\System32\msvcrt.dll
\Windows\System32\imagehlp.dll
\Windows\System32\iertutil.dll
\Windows\System32\lpk.dll
\Windows\System32\shlwapi.dll
\Windows\System32\imm32.dll
\Windows\System32\ole32.dll
\Windows\System32\nsi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shell32.dll
\Windows\System32\kernel32.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007cae060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-6\
Lower Device Object: 0xfffffa8007767680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007cae060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007caeb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007cae060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007757580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007767680, DeviceName: \Device\Ide\IdeDeviceP3T1L0-6\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 91A666FC

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Infected: C:\Users\Gonzo\AppData\Local\Temp\svchost.exe --> [Trojan.BitCoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\svchost.exe --> [Trojan.BitCoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\phatk121016.cl --> [Trojan.BitcoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\scrypt130511.cl --> [Trojan.BitcoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\diablo130302.cl --> [Trojan.BitcoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\poclbm130302.cl --> [Trojan.BitcoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\diakgcn121016.cl --> [Trojan.BitcoinMiner]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.200000 GHz
Memory total: 8588353536, free: 7081168896

=======================================
Initializing...
------------ Kernel report ------------
     04/20/2014 18:18:57
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\nvsmu.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\nvmf6264.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\avchv.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\PFC027.SYS
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\drivers\Lachesis.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\wininet.dll
\Windows\System32\clbcatq.dll
\Windows\System32\iertutil.dll
\Windows\System32\imm32.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007a2e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-7\
Lower Device Object: 0xfffffa8007766060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007a2e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007a2eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007a2e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007757580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007766060, DeviceName: \Device\Ide\IdeDeviceP3T1L0-7\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 91A666FC

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Infected: C:\Users\Gonzo\AppData\Local\Temp\svchost.exe --> [Trojan.BitCoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\svchost.exe --> [Trojan.BitCoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\phatk121016.cl --> [Trojan.BitcoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\scrypt130511.cl --> [Trojan.BitcoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\diablo130302.cl --> [Trojan.BitcoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\poclbm130302.cl --> [Trojan.BitcoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\diakgcn121016.cl --> [Trojan.BitcoinMiner]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.200000 GHz
Memory total: 8588353536, free: 7040815104

=======================================
Initializing...
------------ Kernel report ------------
     04/20/2014 18:35:56
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\nvsmu.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\nvmf6264.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\avchv.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\PFC027.SYS
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\drivers\Lachesis.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007a2f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-6\
Lower Device Object: 0xfffffa8007768680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007a2f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007857960, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007a2f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007758580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007768680, DeviceName: \Device\Ide\IdeDeviceP3T1L0-6\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 91A666FC

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Infected: C:\Users\Gonzo\AppData\Local\Temp\svchost.exe --> [Trojan.BitCoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\svchost.exe --> [Trojan.BitCoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\phatk121016.cl --> [Trojan.BitcoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\scrypt130511.cl --> [Trojan.BitcoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\diablo130302.cl --> [Trojan.BitcoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\poclbm130302.cl --> [Trojan.BitcoinMiner]
Infected: C:\Users\Gonzo\AppData\Local\Temp\diakgcn121016.cl --> [Trojan.BitcoinMiner]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.200000 GHz
Memory total: 8588353536, free: 7061987328

=======================================

 

 

 wanted to post those, and I will run the new tool per your next set of instructions and post results after it finishes.

 

Link to post
Share on other sites

Here's the report from RogueKiller:

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Gonzo [Admin rights]
Mode : Scan -- Date : 04/20/2014 19:30:40
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : Adobe (C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Recent.vbe [-]) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (localhost:8080 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (WlanAllocateMemory) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3278AC8)
[Address] EAT @explorer.exe (WlanCloseHandle) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF32738A0)
[Address] EAT @explorer.exe (WlanConnect) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3275558)
[Address] EAT @explorer.exe (WlanDeleteProfile) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3276D10)
[Address] EAT @explorer.exe (WlanDisconnect) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF32757E8)
[Address] EAT @explorer.exe (WlanEnumInterfaces) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3273A80)
[Address] EAT @explorer.exe (WlanExtractPsdIEDataList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3278394)
[Address] EAT @explorer.exe (WlanFreeMemory) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF327A5A0)
[Address] EAT @explorer.exe (WlanGetAvailableNetworkList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3274F88)
[Address] EAT @explorer.exe (WlanGetFilterList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3277F9C)
[Address] EAT @explorer.exe (WlanGetInterfaceCapability) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3274188)
[Address] EAT @explorer.exe (WlanGetNetworkBssList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3275268)
[Address] EAT @explorer.exe (WlanGetProfile) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3276A20)
[Address] EAT @explorer.exe (WlanGetProfileCustomUserData) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3277B1C)
[Address] EAT @explorer.exe (WlanGetProfileList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3277404)
[Address] EAT @explorer.exe (WlanGetSecuritySettings) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3278D88)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStart) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF327935C)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStop) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3279418)
[Address] EAT @explorer.exe (WlanHostedNetworkInitSettings) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF32799D8)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryProperty) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF32794D4)
[Address] EAT @explorer.exe (WlanHostedNetworkQuerySecondaryKey) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF327A020)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryStatus) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3279B50)
[Address] EAT @explorer.exe (WlanHostedNetworkRefreshSecuritySettings) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3279A94)
[Address] EAT @explorer.exe (WlanHostedNetworkSetProperty) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3279744)
[Address] EAT @explorer.exe (WlanHostedNetworkSetSecondaryKey) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3279D78)
[Address] EAT @explorer.exe (WlanHostedNetworkStartUsing) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF32791EC)
[Address] EAT @explorer.exe (WlanHostedNetworkStopUsing) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF32792A4)
[Address] EAT @explorer.exe (WlanIhvControl) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3274A00)
[Address] EAT @explorer.exe (WlanOpenHandle) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3271960)
[Address] EAT @explorer.exe (WlanQueryAutoConfigParameter) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3273EE8)
[Address] EAT @explorer.exe (WlanQueryInterface) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3274668)
[Address] EAT @explorer.exe (WlanReasonCodeToString) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3278A54)
[Address] EAT @explorer.exe (WlanRegisterNotification) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3275A08)
[Address] EAT @explorer.exe (WlanRegisterVirtualStationNotification) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF327A358)
[Address] EAT @explorer.exe (WlanRenameProfile) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3276F4C)
[Address] EAT @explorer.exe (WlanSaveTemporaryProfile) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF32787D0)
[Address] EAT @explorer.exe (WlanScan) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3274D40)
[Address] EAT @explorer.exe (WlanSetAutoConfigParameter) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3273D10)
[Address] EAT @explorer.exe (WlanSetFilterList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3277DCC)
[Address] EAT @explorer.exe (WlanSetInterface) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3274470)
[Address] EAT @explorer.exe (WlanSetProfile) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3276760)
[Address] EAT @explorer.exe (WlanSetProfileCustomUserData) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF32778A4)
[Address] EAT @explorer.exe (WlanSetProfileEapUserData) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3275CC4)
[Address] EAT @explorer.exe (WlanSetProfileEapXmlUserData) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3275F9C)
[Address] EAT @explorer.exe (WlanSetProfileList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF32771A8)
[Address] EAT @explorer.exe (WlanSetProfilePosition) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3277644)
[Address] EAT @explorer.exe (WlanSetPsdIEDataList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF32781B0)
[Address] EAT @explorer.exe (WlanSetSecuritySettings) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF3278B58)
[Address] EAT @explorer.exe (DllCanUnloadNow) : rtutils.dll -> HOOKED (C:\Windows\system32\wpdshserviceobj.dll @ 0xF4B53D60)
[Address] EAT @explorer.exe (DllGetClassObject) : rtutils.dll -> HOOKED (C:\Windows\system32\wpdshserviceobj.dll @ 0xF4B51A74)
[Address] EAT @explorer.exe (DllRegisterServer) : rtutils.dll -> HOOKED (C:\Windows\system32\wpdshserviceobj.dll @ 0xF4B56070)
[Address] EAT @explorer.exe (DllUnregisterServer) : rtutils.dll -> HOOKED (C:\Windows\system32\wpdshserviceobj.dll @ 0xF4B56278)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31000528AS ATA Device +++++
--- User ---
[MBR] 3c31834bcebce39f44fea23e7dbe7775
[bSP] 778f10f2fdadb46d536b3e58aaec48d6 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04202014_193040.txt >>

 

 

Link to post
Share on other sites

Please download the latest version of TDSSKiller from here:

http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop.

 

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
     
    image000q.png
     
     
  • Put a checkmark beside loaded modules.
     
     
    2012081514h0118.png
     
     
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
     
    2012081517h0349.png
     
     
  • Click the Start Scan button.
     
     
    19695967.jpg
     
     
  • The scan will be quick.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     
     
    67776163.jpg
     
     
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
     
     
    62117367.jpg
     
     
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

I ran TDSSkiller as instructed, but there were some differences in the program than what you described.

 

First, when it came up, it informed me there was an "update" available for it, and it recommended that I update. I selected the option to update, and it opened a firefox browser page, wanting to download a zip file. It asked me if I want to save it, or open it using winzip. Since none of this was in your instructions, I just closed the browser without accessing the file. I then selected the loaded modules option and it forced the reboot like you said, and then started back up when the computer restarted. But again, it came up with the suggestion of running the update. I ignored it, and just selected "Continue" and then when it started, I made sure all boxes were checked. I am assuming you wanted the tope 3 boxes checked as well as the bottom 2 as it shows in the previous picture you posted, but the picture you posted to show this step is missing in your post, like the link to the image was bad. And it was different on my screen because I had 4 choices in the top. In addition to services and drivers, boot sectors, and loaded modules, I also had a check box for System memory. At any rate, I made sure all 4 were checked, as well as the bottom 2, and then ran the scan.

 

After the scan finished, it showed detected items, and all the dialog boxes next to each item were defaulted to "Skip". I clicked each box, and none of the boxes had a "Cure" option. They all had only Skip, Delete, and copy to quarentine folder. So following your instructions, I left them all set to "Skip" and clicked Continue. It did not ask for a reboot to finish the clean (I am assuming because there was no clean option to choose), and the program closed.

The log file is pasted below:

 

(Note: First time I tried to post it, it gave me an error and said post was too long. I tried to post only half the log in this post and was going to post second half in next post. It still gave me the error that the post was too long. So I attached it instead)

 

TDSSKiller.2.8.16.0_20.04.2014_20.25.51_log.txt

Link to post
Share on other sites

Do the following please:

 

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

 

http://oldtimer.geekstogo.com/OTM.exe.

http://www.itxassociates.com/OT-Tools/OTM.com

http://www.itxassociates.com/OT-Tools/OTM.exe

 

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :FilesC:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Recent.vbe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Re-run Malwarebytes:

 

 

  •  

     

  • On the Dashboard, click the 'Update Now >>' link

     

     

  • After the update completes, click the 'Scan Now >>' button.

     

     

  • Or, on the Dashboard, click the Scan Now >> button.

     

     

  • If an update is available, click the Update Now button.

     

     

  • A Threat Scan will begin.

     

     

  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

     

     

  • In most cases, a restart will be required.

     

     

  • Wait for the prompt to restart the computer to appear, then click on Yes.

     

     

 

 

How to get logs:

(Export log to save as txt)

 

 

  •  

     

  • After the restart once you are back at your desktop, open MBAM once more.

     

     

  • Click on the History tab > Application Logs.

     

     

  • Double click on the scan log which shows the Date and time of the scan just performed.

     

     

  • Click 'Export'.

     

     

  • Click 'Text file (*.txt)'

     

     

  • In the Save File dialog box which appears, click on Desktop.

     

     

  • In the File name: box type a name for your scan log.

     

     

  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".

     

     

  • Click Ok

     

     

  • Attach that saved log to your next reply.

     

     

 

 

Next,

 

Run FRST one more time, accept an update if offered. Post the produced log....

 

Kevin

Link to post
Share on other sites

the log from OTMoveit:

 

(and I should note there was a substantial improvement with that tool, this is the first time my system restarted without having my processor meter sidebar app read 48% usage, and my system is not sluggish right now. I'm posting this log, and will run Malwaredytes as instructed now.)

 

 

All processes killed
========== FILES ==========
C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Recent.vbe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gonzo
->Temp folder emptied: 14759335 bytes
->Temporary Internet Files folder emptied: 233254330 bytes
->Java cache emptied: 2330688 bytes
->FireFox cache emptied: 116984781 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 125121 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 2266020 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5534976 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35889 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 186872010 bytes
RecycleBin emptied: 1436263 bytes
 
Total Files Cleaned = 538.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 04202014_210624

Files moved on Reboot...
C:\Users\Gonzo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

MalwareBytes log posted below:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/20/2014
Scan Time: 9:25:31 PM
Logfile: malwarebytes.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.21.01
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Gonzo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 268792
Time Elapsed: 10 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

Running FRST again as instructed.

Link to post
Share on other sites

FRST64 Log Below:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 02
Ran by Gonzo (administrator) on GONZO-PC on 20-04-2014 21:29:18
Running from C:\Users\Gonzo\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
(razercfg MFC Application) C:\Program Files (x86)\Razer\Lachesis\OSD.exe
() C:\Program Files (x86)\Razer\Lachesis\razertra.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-11-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6936096 2008-11-25] (Realtek Semiconductor)
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [237693 2008-12-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [sDTray] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [QFan Help] => "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
HKLM-x32\...\Run: [Lachesis] => C:\Program Files (x86)\Razer\Lachesis\razerhid.exe [248320 2009-11-10] ()
HKLM-x32\...\Run: [Cpu Level Up help] => "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [Ai Nap] => "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe] => C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Recent.vbe
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-501038107-1255677059-1131397316-1000\...\Run: [Advanced SystemCare 7] => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
HKU\S-1-5-21-501038107-1255677059-1131397316-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-501038107-1255677059-1131397316-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-501038107-1255677059-1131397316-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-501038107-1255677059-1131397316-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-501038107-1255677059-1131397316-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-501038107-1255677059-1131397316-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-501038107-1255677059-1131397316-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-501038107-1255677059-1131397316-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-501038107-1255677059-1131397316-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-501038107-1255677059-1131397316-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40C34D652281CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {A8888695-BDC1-4AE6-AA82-E5ED8B9CBC5F} URL = http://www.bing.com/search?q={searchTerms}&form=OSDSRC
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {A8888695-BDC1-4AE6-AA82-E5ED8B9CBC5F} URL = http://www.bing.com/search?q={searchTerms}&form=OSDSRC
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 24.178.162.3 66.189.0.100 24.217.201.67

FireFox:
========
FF ProfilePath: C:\Users\Gonzo\AppData\Roaming\Mozilla\Firefox\Profiles\klus34h0.default

FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 - C:\Users\Gonzo\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome:
=======


CHR Extension: (Docs) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-25]
CHR Extension: (Google Drive) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-25]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-04-06]
CHR Extension: (YouTube) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-25]
CHR Extension: (Google Search) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-25]
CHR Extension: (RealDownloader) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-11-25]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-01-02]
CHR Extension: (Google Wallet) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-25]
CHR Extension: (Gmail) - C:\Users\Gonzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-25]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-16] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-16] (Razer Inc.)
S2 DragonSvc; No ImagePath
S4 SafeBox; No ImagePath
S4 Update Server; No ImagePath

==================== Drivers (Whitelisted) ====================

S2 AODDriver4.01; No ImagePath
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-02-05] ()
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [258224 2011-07-15] (BitDefender)
S3 bdsandbox; C:\Windows\system32\drivers\bdsandbox.sys [79952 2011-06-17] (Windows ® Win 7 DDK provider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-02-05] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-20] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-10-30] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
R3 VaneFltr; C:\Windows\System32\drivers\Lachesis.sys [30336 2007-08-17] (Razer (Asia-Pacific) Pte Ltd)
S3 WinRing0_1_2_0; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 NYcIZJGD; System32\drivers\NYcIZJGD.sys [X]
U0 SR;
U2 srservice;
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-20 21:29 - 2014-04-20 21:29 - 00000000 ____D () C:\Users\Gonzo\Desktop\FRST-OlderVersion
2014-04-20 21:27 - 2014-04-20 21:27 - 00001056 _____ () C:\Users\Gonzo\Desktop\malwarebytes.txt
2014-04-20 21:06 - 2014-04-20 21:06 - 00000000 ____D () C:\_OTM
2014-04-20 20:53 - 2014-04-20 20:53 - 00522240 _____ (OldTimer Tools) C:\Users\Gonzo\Desktop\OTM.exe
2014-04-20 20:04 - 2014-04-20 21:09 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-501038107-1255677059-1131397316-1000
2014-04-20 19:55 - 2014-04-20 19:55 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Gonzo\Desktop\tdsskiller.exe
2014-04-20 19:30 - 2014-04-20 19:30 - 00008822 _____ () C:\Users\Gonzo\Desktop\RKreport[0]_S_04202014_193040.txt
2014-04-20 19:13 - 2014-04-20 19:28 - 00000000 ____D () C:\Users\Gonzo\Desktop\RK_Quarantine
2014-04-20 19:10 - 2014-04-20 19:10 - 04527616 _____ () C:\Users\Gonzo\Desktop\RogueKillerX64.exe
2014-04-20 16:55 - 2014-04-20 18:53 - 00000000 ____D () C:\Users\Gonzo\Desktop\mbar
2014-04-20 16:54 - 2014-04-20 16:54 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Gonzo\Desktop\mbar-1.07.0.1009.exe
2014-04-20 12:54 - 2014-04-20 21:29 - 00023761 _____ () C:\Users\Gonzo\Desktop\FRST.txt
2014-04-20 12:54 - 2014-04-20 12:55 - 00033449 _____ () C:\Users\Gonzo\Desktop\Addition.txt
2014-04-20 12:53 - 2014-04-20 21:29 - 00000000 ____D () C:\FRST
2014-04-20 12:52 - 2014-04-20 21:29 - 02056704 _____ (Farbar) C:\Users\Gonzo\Desktop\FRST64.exe
2014-04-20 05:08 - 2014-04-20 18:57 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-20 05:08 - 2014-04-20 05:08 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-20 05:08 - 2014-04-20 05:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-20 05:08 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-20 05:08 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-20 05:07 - 2014-04-20 05:07 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Gonzo\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-20 00:18 - 2014-04-20 00:18 - 00000000 ____D () C:\Users\Gonzo\AppData\Local\{416827EF-E304-4360-90C9-04ADD072FAC6}
2014-04-20 00:08 - 2014-04-20 21:09 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-501038107-1255677059-1131397316-1000
2014-04-19 23:55 - 2014-04-20 00:08 - 00000000 ____D () C:\ComboFix
2014-04-19 23:55 - 2014-04-20 00:04 - 00000000 ____D () C:\Windows\erdnt
2014-04-19 23:55 - 2014-04-19 23:55 - 00000000 ____D () C:\Qoobox
2014-04-19 23:55 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-19 23:55 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-19 23:55 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-19 23:55 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-19 23:55 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-19 23:55 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-19 23:55 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-19 23:55 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-19 23:43 - 2014-04-19 23:43 - 00000000 ____D () C:\Windows\ERUNT
2014-04-18 04:48 - 2014-04-18 04:48 - 00000000 ____S () C:\Windows\system32\jdhei.ixt
2014-04-17 21:23 - 2014-04-17 21:23 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-17 21:23 - 2014-04-17 21:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-17 21:21 - 2014-04-17 21:23 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-17 20:19 - 2014-04-17 20:19 - 00943042 _____ () C:\Windows\SysWOW64\scrypt130511GeForce GTX 750 Tiglg2tc4032w64l4.bin
2014-04-17 20:03 - 2014-04-20 00:14 - 00061302 _____ () C:\Windows\IE11_main.log
2014-04-17 20:02 - 2014-04-20 00:16 - 00063531 _____ () C:\Windows\IE10_main.log
2014-04-17 20:00 - 2014-04-17 20:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-17 19:29 - 2006-09-18 17:37 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.20140417-192918.backup
2014-04-08 02:57 - 2014-04-08 02:57 - 00000000 ____D () C:\Users\Gonzo\Documents\SimCity
2014-04-08 00:44 - 2014-04-08 00:44 - 00000000 ____D () C:\Users\Gonzo\Documents\Telltale Games
2014-04-07 01:00 - 2014-04-08 11:35 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-07 01:00 - 2014-04-07 22:51 - 00000000 ____D () C:\ProgramData\Avira
2014-04-07 00:53 - 2014-04-07 00:53 - 00000000 ____S () C:\Windows\system32\bftdq.qxx
2014-04-06 02:00 - 2014-04-20 21:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-06 01:59 - 2014-04-06 01:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-06 01:32 - 2014-04-06 01:32 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-04-06 01:21 - 2014-04-20 21:09 - 07585010 _____ () C:\Windows\setupact.log
2014-04-06 01:21 - 2014-04-06 01:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-06 01:20 - 2014-04-20 21:08 - 00287896 _____ () C:\Windows\PFRO.log
2014-04-06 01:19 - 2014-04-06 01:19 - 00000000 _____ () C:\asc_rdflag
2014-04-06 01:17 - 2014-04-17 20:13 - 00000000 ____D () C:\Program Files (x86)\Charter Security Suite
2014-04-06 01:16 - 2014-04-17 19:36 - 00000000 ____D () C:\ProgramData\F-Secure
2014-04-06 00:56 - 2014-04-20 06:19 - 00000082 _____ () C:\Windows\system32\uphqlyn.jcp
2014-04-06 00:39 - 2014-04-06 00:39 - 00000064 _____ () C:\Windows\system32\yuws.qlg
2014-04-06 00:39 - 2014-04-06 00:39 - 00000000 _____ () C:\Windows\system32\saxjp.web
2014-04-06 00:23 - 2014-04-06 00:23 - 00305834 ____S () C:\Windows\system32\nvdtt.bfu
2014-03-30 20:15 - 2014-03-30 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 00:33 - 2014-03-28 00:33 - 00000112 _____ () C:\Windows\SysWOW64\mon.txt
2014-03-28 00:33 - 2014-03-28 00:33 - 00000000 ____D () C:\Program Files (x86)\viewsonic
2014-03-28 00:32 - 2014-03-28 00:45 - 00000108 _____ () C:\Windows\VSWizard.ini
2014-03-27 16:14 - 2014-03-27 16:14 - 00001080 _____ () C:\Users\Public\Desktop\MixPad.lnk
2014-03-27 16:14 - 2014-03-27 16:14 - 00000000 ____D () C:\Users\Gonzo\Documents\Mixpad Projects
2014-03-27 16:05 - 2014-03-27 16:05 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\NCH Software
2014-03-27 15:55 - 2014-03-27 15:55 - 00001258 _____ () C:\Users\Public\Desktop\My MP3 Splitter.lnk
2014-03-27 15:55 - 2014-03-27 15:55 - 00000000 ____D () C:\Program Files (x86)\ZXT2007 Software
2014-03-27 15:52 - 2008-06-17 23:42 - 00098708 _____ () C:\Windows\SysWOW64\activesoundeditor.tlb
2014-03-27 15:52 - 2005-11-05 18:34 - 00145408 _____ () C:\Windows\SysWOW64\Lame.exe
2014-03-27 15:52 - 2005-05-17 15:37 - 00076800 _____ () C:\Windows\SysWOW64\Faac.exe
2014-03-27 15:52 - 2002-07-19 11:48 - 00157696 _____ () C:\Windows\SysWOW64\OggEnc.exe
2014-03-27 15:52 - 2000-05-22 16:58 - 00140488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-03-27 14:13 - 2014-03-27 14:14 - 00000000 ____D () C:\ProgramData\NCH Swift Sound
2014-03-27 14:12 - 2014-04-03 16:15 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-03-27 14:12 - 2014-03-27 16:16 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-03-27 14:12 - 2014-03-27 16:14 - 00000000 ____D () C:\ProgramData\NCH Software
2014-03-27 14:12 - 2014-03-27 14:12 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-03-27 14:08 - 2014-03-27 14:09 - 00000000 ____D () C:\Program Files (x86)\mediasoft
2014-03-21 13:58 - 2014-01-20 22:53 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-03-21 13:58 - 2014-01-20 22:53 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-03-21 13:57 - 2013-12-27 14:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-03-21 13:57 - 2013-12-27 14:42 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-03-21 13:57 - 2013-12-27 14:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-03-21 13:50 - 2014-03-04 07:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-03-21 13:48 - 2014-03-04 10:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-21 13:48 - 2014-03-04 10:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-21 13:48 - 2014-03-04 10:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-21 13:48 - 2013-11-28 09:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-03-21 13:48 - 2013-11-28 09:38 - 00074016 _____ (NVIDIA Corporation) C:\Windows\system32\nvapo64v.dll
2014-03-21 13:48 - 2013-11-28 09:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-03-21 13:22 - 2014-03-21 13:22 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-21 13:17 - 2013-12-17 19:00 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433217.dll
2014-03-21 13:17 - 2013-12-17 19:00 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433217.dll
2014-03-21 13:17 - 2013-11-22 04:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll

==================== One Month Modified Files and Folders =======

2014-04-20 21:29 - 2014-04-20 21:29 - 00000000 ____D () C:\Users\Gonzo\Desktop\FRST-OlderVersion
2014-04-20 21:29 - 2014-04-20 12:54 - 00023761 _____ () C:\Users\Gonzo\Desktop\FRST.txt
2014-04-20 21:29 - 2014-04-20 12:53 - 00000000 ____D () C:\FRST
2014-04-20 21:29 - 2014-04-20 12:52 - 02056704 _____ (Farbar) C:\Users\Gonzo\Desktop\FRST64.exe
2014-04-20 21:27 - 2014-04-20 21:27 - 00001056 _____ () C:\Users\Gonzo\Desktop\malwarebytes.txt
2014-04-20 21:16 - 2011-10-02 02:22 - 00011104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 21:16 - 2011-10-02 02:22 - 00011104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-20 21:14 - 2014-04-06 02:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 21:12 - 2011-10-02 02:45 - 01194536 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 21:09 - 2014-04-20 20:04 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-501038107-1255677059-1131397316-1000
2014-04-20 21:09 - 2014-04-20 00:08 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-501038107-1255677059-1131397316-1000
2014-04-20 21:09 - 2014-04-06 01:21 - 07585010 _____ () C:\Windows\setupact.log
2014-04-20 21:09 - 2011-10-01 17:19 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-20 21:09 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 21:08 - 2014-04-06 01:20 - 00287896 _____ () C:\Windows\PFRO.log
2014-04-20 21:06 - 2014-04-20 21:06 - 00000000 ____D () C:\_OTM
2014-04-20 20:53 - 2014-04-20 20:53 - 00522240 _____ (OldTimer Tools) C:\Users\Gonzo\Desktop\OTM.exe
2014-04-20 19:55 - 2014-04-20 19:55 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Gonzo\Desktop\tdsskiller.exe
2014-04-20 19:30 - 2014-04-20 19:30 - 00008822 _____ () C:\Users\Gonzo\Desktop\RKreport[0]_S_04202014_193040.txt
2014-04-20 19:28 - 2014-04-20 19:13 - 00000000 ____D () C:\Users\Gonzo\Desktop\RK_Quarantine
2014-04-20 19:10 - 2014-04-20 19:10 - 04527616 _____ () C:\Users\Gonzo\Desktop\RogueKillerX64.exe
2014-04-20 18:57 - 2014-04-20 05:08 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-20 18:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\IME
2014-04-20 18:53 - 2014-04-20 16:55 - 00000000 ____D () C:\Users\Gonzo\Desktop\mbar
2014-04-20 17:18 - 2013-12-07 02:41 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-20 16:54 - 2014-04-20 16:54 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Gonzo\Desktop\mbar-1.07.0.1009.exe
2014-04-20 12:55 - 2014-04-20 12:54 - 00033449 _____ () C:\Users\Gonzo\Desktop\Addition.txt
2014-04-20 06:19 - 2014-04-06 00:56 - 00000082 _____ () C:\Windows\system32\uphqlyn.jcp
2014-04-20 05:08 - 2014-04-20 05:08 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-20 05:08 - 2014-04-20 05:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-20 05:07 - 2014-04-20 05:07 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Gonzo\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-20 04:13 - 2011-10-02 13:34 - 00000000 ____D () C:\Games
2014-04-20 04:11 - 2011-10-02 19:49 - 00000000 ____D () C:\Users\Gonzo\Documents\My PSP8 Files
2014-04-20 03:59 - 2012-06-23 00:05 - 00000000 ____D () C:\Program Files (x86)\UltraISO
2014-04-20 03:57 - 2011-10-02 16:16 - 00000000 ____D () C:\Gonzo Productions
2014-04-20 00:30 - 2013-07-02 02:19 - 00000000 ____D () C:\Users\Gonzo\AppData\Local\Apps\2.0
2014-04-20 00:18 - 2014-04-20 00:18 - 00000000 ____D () C:\Users\Gonzo\AppData\Local\{416827EF-E304-4360-90C9-04ADD072FAC6}
2014-04-20 00:16 - 2014-04-17 20:02 - 00063531 _____ () C:\Windows\IE10_main.log
2014-04-20 00:14 - 2014-04-17 20:03 - 00061302 _____ () C:\Windows\IE11_main.log
2014-04-20 00:08 - 2014-04-19 23:55 - 00000000 ____D () C:\ComboFix
2014-04-20 00:06 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-20 00:04 - 2014-04-19 23:55 - 00000000 ____D () C:\Windows\erdnt
2014-04-19 23:55 - 2014-04-19 23:55 - 00000000 ____D () C:\Qoobox
2014-04-19 23:43 - 2014-04-19 23:43 - 00000000 ____D () C:\Windows\ERUNT
2014-04-18 04:48 - 2014-04-18 04:48 - 00000000 ____S () C:\Windows\system32\jdhei.ixt
2014-04-17 21:23 - 2014-04-17 21:23 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-17 21:23 - 2014-04-17 21:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-17 21:23 - 2014-04-17 21:21 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-17 21:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\security
2014-04-17 20:19 - 2014-04-17 20:19 - 00943042 _____ () C:\Windows\SysWOW64\scrypt130511GeForce GTX 750 Tiglg2tc4032w64l4.bin
2014-04-17 20:14 - 2013-08-28 01:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-17 20:14 - 2013-08-28 01:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-17 20:13 - 2014-04-06 01:17 - 00000000 ____D () C:\Program Files (x86)\Charter Security Suite
2014-04-17 20:02 - 2014-04-17 20:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-17 19:36 - 2014-04-06 01:16 - 00000000 ____D () C:\ProgramData\F-Secure
2014-04-17 19:31 - 2013-12-08 00:43 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-17 19:30 - 2013-12-08 00:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-14 13:20 - 2011-10-17 04:08 - 00000000 ____D () C:\Users\Gonzo\AppData\Local\Turbine
2014-04-11 14:48 - 2011-10-10 21:10 - 00000000 ____D () C:\Users\Gonzo\Documents\My Games
2014-04-10 18:33 - 2013-12-07 03:51 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\DVD Flick
2014-04-10 02:07 - 2011-10-02 20:42 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\uTorrent
2014-04-08 11:35 - 2014-04-07 01:00 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-08 02:57 - 2014-04-08 02:57 - 00000000 ____D () C:\Users\Gonzo\Documents\SimCity
2014-04-08 00:44 - 2014-04-08 00:44 - 00000000 ____D () C:\Users\Gonzo\Documents\Telltale Games
2014-04-07 22:51 - 2014-04-07 01:00 - 00000000 ____D () C:\ProgramData\Avira
2014-04-07 03:08 - 2009-07-14 01:13 - 00796870 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-07 00:53 - 2014-04-07 00:53 - 00000000 ____S () C:\Windows\system32\bftdq.qxx
2014-04-06 03:10 - 2012-03-05 21:58 - 00000000 ____D () C:\Windows\Minidump
2014-04-06 03:09 - 2011-10-01 19:35 - 00301637 ____N () C:\Windows\Minidump\040614-21933-01.dmp
2014-04-06 02:16 - 2011-10-03 16:28 - 00007610 _____ () C:\Users\Gonzo\AppData\Local\Resmon.ResmonCfg
2014-04-06 01:59 - 2014-04-06 01:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-06 01:35 - 2013-06-27 15:52 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-04-06 01:32 - 2014-04-06 01:32 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-04-06 01:28 - 2012-05-14 12:42 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-06 01:25 - 2011-10-01 17:16 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
2014-04-06 01:25 - 2011-10-01 17:16 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-04-06 01:21 - 2014-04-06 01:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-06 01:19 - 2014-04-06 01:19 - 00000000 _____ () C:\asc_rdflag
2014-04-06 01:19 - 2013-12-08 13:57 - 69545984 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-04-06 01:19 - 2013-12-08 13:57 - 00598016 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-04-06 01:19 - 2013-12-08 13:57 - 00065536 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-04-06 01:19 - 2013-12-08 13:57 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-04-06 01:19 - 2011-10-02 02:26 - 00000000 ____D () C:\Users\Gonzo
2014-04-06 01:04 - 2011-10-02 13:20 - 00788992 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-06 00:39 - 2014-04-06 00:39 - 00000064 _____ () C:\Windows\system32\yuws.qlg
2014-04-06 00:39 - 2014-04-06 00:39 - 00000000 _____ () C:\Windows\system32\saxjp.web
2014-04-06 00:23 - 2014-04-06 00:23 - 00305834 ____S () C:\Windows\system32\nvdtt.bfu
2014-04-03 16:15 - 2014-03-27 14:12 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-04-03 12:45 - 2011-10-03 15:56 - 00023040 _____ () C:\Users\Gonzo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-03 09:51 - 2014-04-20 05:08 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-20 05:08 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 12:33 - 2013-08-11 19:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-31 03:51 - 2011-10-02 08:59 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-30 20:15 - 2014-03-30 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 15:32 - 2011-11-01 13:44 - 00000000 ____D () C:\Users\Gonzo\Documents\The Lord of the Rings Online
2014-03-28 00:45 - 2014-03-28 00:32 - 00000108 _____ () C:\Windows\VSWizard.ini
2014-03-28 00:33 - 2014-03-28 00:33 - 00000112 _____ () C:\Windows\SysWOW64\mon.txt
2014-03-28 00:33 - 2014-03-28 00:33 - 00000000 ____D () C:\Program Files (x86)\viewsonic
2014-03-28 00:33 - 2011-10-01 17:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-27 16:16 - 2014-03-27 14:12 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-03-27 16:14 - 2014-03-27 16:14 - 00001080 _____ () C:\Users\Public\Desktop\MixPad.lnk
2014-03-27 16:14 - 2014-03-27 16:14 - 00000000 ____D () C:\Users\Gonzo\Documents\Mixpad Projects
2014-03-27 16:14 - 2014-03-27 14:12 - 00000000 ____D () C:\ProgramData\NCH Software
2014-03-27 16:05 - 2014-03-27 16:05 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\NCH Software
2014-03-27 15:55 - 2014-03-27 15:55 - 00001258 _____ () C:\Users\Public\Desktop\My MP3 Splitter.lnk
2014-03-27 15:55 - 2014-03-27 15:55 - 00000000 ____D () C:\Program Files (x86)\ZXT2007 Software
2014-03-27 15:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Resources
2014-03-27 14:14 - 2014-03-27 14:13 - 00000000 ____D () C:\ProgramData\NCH Swift Sound
2014-03-27 14:12 - 2014-03-27 14:12 - 00000000 ____D () C:\Users\Gonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-03-27 14:09 - 2014-03-27 14:08 - 00000000 ____D () C:\Program Files (x86)\mediasoft
2014-03-25 02:09 - 2013-01-08 16:51 - 00291944 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-03-25 02:09 - 2012-12-10 12:53 - 00291944 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-03-21 13:58 - 2011-10-02 02:22 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-21 13:58 - 2011-10-01 17:18 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-21 13:48 - 2013-12-07 23:10 - 00000000 ____D () C:\Users\Gonzo\AppData\Local\NVIDIA Corporation
2014-03-21 13:25 - 2013-07-08 18:35 - 00001347 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-03-21 13:22 - 2014-03-21 13:22 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2012-12-25 07:00

==================== End Of Log ============================

Link to post
Share on other sites

Sorry to be keeping you up so late. Go ahead and get some sleep, we can continue on this when it's convienient for you, no worries. My computer is not going anywhere, and I'm not letting my son within 10 feet of it. He's not allowed in my office anymore for now. lol

 

Thanks for all the help so far, and we'll pick it up again when you're able.

Link to post
Share on other sites

This next step will take awhile to complete,

 

download Portable Windows Repair (all in one) from one of the following:

http://www.tweaking.com/content/page/windows_repair_all_in_one.html
http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

Unzip the contents into a newly created folder on your desktop.

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"


Tweak1_zps10f67b3e.jpg


From the main GUI do the following:


Select Tab 2 and allow it to run Disk check


Tweak2_zps947b9008.jpg


Select Tab 3 and allow it to run SFC


Tweak3_zps64a1b448.jpg


Select Tab 4 and Create System Restore Point


Tweak4_zps98ef6707.jpg


Select Repairs tab => Click the Start


Tweak5_zps71b85f1c.jpg


The repairs window will open, Check the boxes as indicated, also the "Restart" options, the select Start...


Tweak9-1.png


DON'T use the computer while each scan is in progress.

Post the log, to access select "settings" tab > "open log folder" tab, log will be named _Windows_Repair_Log

 

NEXT,

 

Run FRST one more time and post the log, also give an update on any remaining issues or concerns.

 

Thank you,

 

Kevin....

Link to post
Share on other sites

Ok, since this one will take some time to run, I'll run it tomorrow morning. I won't install any programs or make any system changes tonight, I'll shut down because I'll be hitting the bed in an hour or so anyway. I'll start it running in the morning when I start work. I have a few clients tomorrow, but I can run this while dealing with them. Thanks for the help, and I'll post the results tomorrow after they run. Have a good night.

 

:)

Link to post
Share on other sites

Windows repair log posted below:

 

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Ultimate
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: GONZO-PC
Windows Drive: C:\
Windows Path: C:\Windows
Current Profile: C:\Users\Gonzo
Current Profile SID: S-1-5-21-501038107-1255677059-1131397316-1000
Current Profile Classes: S-1-5-21-501038107-1255677059-1131397316-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Gonzo\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:11:26

Process Count: 66
Commit Total: 1.34 GB
Commit Limit: 16.00 GB
Commit Peak: 1.67 GB
Handle Count: 14250
Kernel Total: 269.28 MB
Kernel Paged: 210.38 MB
Kernel Non Paged: 58.90 MB
System Cache: 1.00 GB
Thread Count: 639
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 8.00 GB
Memory Used: 1.33 GB(16.602%)
Memory Avail.: 6.67 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 8.00 GB
Memory Used: 1.17 GB(14.6213%)
Memory Avail.: 6.83 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Start (4/21/2014 1:28:04 PM)

01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (4/21/2014 1:28:07 PM)
   Running Repair Under Current User Account
   Done (4/21/2014 1:28:16 PM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (4/21/2014 1:28:16 PM)
   Running Repair Under System Account
   Done (4/21/2014 1:29:31 PM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (4/21/2014 1:29:31 PM)
   Running Repair Under System Account
   Done (4/21/2014 1:29:58 PM)

02 - Reset File Permissions: C:
   C: & Sub Folders
   Start (4/21/2014 1:29:58 PM)
   Running Repair Under System Account
   Done (4/21/2014 1:41:34 PM)

02 - Reset File Permissions: All Profiles
   C:\Users & Sub Folders
   Start (4/21/2014 1:41:34 PM)
   Running Repair Under System Account
   Done (4/21/2014 1:42:20 PM)

02 - Reset File Permissions: Current Profile
   C:\Users\Gonzo & Sub Folders
   Start (4/21/2014 1:42:20 PM)
   Running Repair Under System Account
   Done (4/21/2014 1:42:47 PM)

02 - Reset File Permissions: Cleanup
   Repairing Restricted Folders Permissions To Avoid Infinite Loops
   Start (4/21/2014 1:42:47 PM)
   Running Repair Under System Account
Processing ACL of: <\\?\C:\Documents and Settings>

SetACL finished with error(s):
SetACL error message: The call to SetNamedSecurityInfo () failed
Operating system error message: Access is denied.

Processing ACL of: <\\?\C:\ProgramData\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Desktop>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Documents>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Favorites>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Start Menu>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Templates>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Desktop>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Documents>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Favorites>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Start Menu>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Templates>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default User>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Cookies>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Local Settings>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\My Documents>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\NetHood>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\PrintHood>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Recent>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\SendTo>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Start Menu>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Templates>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\History>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Temporary Internet Files>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Music>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Pictures>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Videos>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Music>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Pictures>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Videos>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Gonzo\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Gonzo\Cookies>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Gonzo\Local Settings>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Gonzo\My Documents>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Gonzo\NetHood>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Gonzo\PrintHood>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Gonzo\Recent>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Gonzo\SendTo>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Gonzo\Start Menu>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Gonzo\Templates>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Gonzo\AppData\Local\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Gonzo\AppData\Local\History>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Gonzo\AppData\Local\Temporary Internet Files>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Gonzo\Documents\My Music>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Gonzo\Documents\My Pictures>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Gonzo\Documents\My Videos>

SetACL finished successfully.
   Done (4/21/2014 1:42:51 PM)

03 - Register System Files
   Start (4/21/2014 1:42:51 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:43:27 PM)

04 - Repair WMI
   Start (4/21/2014 1:43:27 PM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   No Antivirus Products Reported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.

   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.

   Running Repair Under Current User Account
   Done (4/21/2014 1:45:30 PM)

05 - Repair Windows Firewall
   Start (4/21/2014 1:45:30 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:45:55 PM)

06 - Repair Internet Explorer
   Start (4/21/2014 1:45:55 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:46:17 PM)

07 - Repair MDAC/MS Jet
   Start (4/21/2014 1:46:17 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:46:26 PM)

08 - Repair Hosts File
   Start (4/21/2014 1:46:26 PM)
   Running Repair Under System Account
   Done (4/21/2014 1:46:28 PM)

09 - Remove Policies Set By Infections
   Start (4/21/2014 1:46:28 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:46:33 PM)

10 - Repair Start Menu Icons Removed By Infections
   Start (4/21/2014 1:46:33 PM)
   Running Repair Under System Account
   Done (4/21/2014 1:46:35 PM)

11 - Repair Icons
   Start (4/21/2014 1:46:35 PM)
   Running Repair Under Current User Account
   Done (4/21/2014 1:46:37 PM)

12 - Repair Winsock & DNS Cache
   Start (4/21/2014 1:46:37 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:46:52 PM)

13 - Remove Temp Files
   Start (4/21/2014 1:46:52 PM)
   Running Repair Under System Account
   Done (4/21/2014 1:46:55 PM)

14 - Repair Proxy Settings
   Start (4/21/2014 1:46:55 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:46:59 PM)

15 - Unhide Non System Files
   Start (4/21/2014 1:46:59 PM)
   C:\ - Total Files Unhidden: 467 - Check Unhidden_Files.txt for list of files unhidden
   Done (4/21/2014 1:47:29 PM)

16 - Repair Windows Updates
   Start (4/21/2014 1:47:29 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:47:49 PM)

17 - Repair CD/DVD Missing/Not Working
   Start (4/21/2014 1:47:49 PM)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (4/21/2014 1:47:49 PM)

18 - Repair Volume Shadow Copy Service
   Start (4/21/2014 1:47:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:47:56 PM)

19 - Repair Windows Sidebar/Gadgets
   Start (4/21/2014 1:47:56 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:48:03 PM)

20 - Repair MSI (Windows Installer)
   Start (4/21/2014 1:48:03 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:48:16 PM)

21 - Repair Windows Snipping Tool
   Start (4/21/2014 1:48:16 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:48:20 PM)

22.01 - Repair bat Association
   Start (4/21/2014 1:48:20 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:48:25 PM)

22.02 - Repair cmd Association
   Start (4/21/2014 1:48:25 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:48:30 PM)

22.03 - Repair com Association
   Start (4/21/2014 1:48:30 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:48:34 PM)

22.04 - Repair Directory Association
   Start (4/21/2014 1:48:34 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:48:39 PM)

22.05 - Repair Drive Association
   Start (4/21/2014 1:48:39 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:48:44 PM)

22.06 - Repair exe Association
   Start (4/21/2014 1:48:44 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:48:49 PM)

22.07 - Repair Folder Association
   Start (4/21/2014 1:48:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:48:53 PM)

22.08 - Repair inf Association
   Start (4/21/2014 1:48:53 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:48:58 PM)

22.09 - Repair lnk (Shortcuts) Association
   Start (4/21/2014 1:48:58 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:49:03 PM)

22.10 - Repair msc Association
   Start (4/21/2014 1:49:03 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:49:07 PM)

22.11 - Repair reg Association
   Start (4/21/2014 1:49:07 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:49:12 PM)

22.12 - Repair scr Association
   Start (4/21/2014 1:49:12 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:49:17 PM)

23 - Repair Windows Safe Mode
   Start (4/21/2014 1:49:17 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:49:21 PM)

24 - Repair Print Spooler
   Start (4/21/2014 1:49:22 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:49:34 PM)

25 - Restore Important Windows Services
   Start (4/21/2014 1:49:34 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:49:54 PM)

26 - Set Windows Services To Default Startup
   Start (4/21/2014 1:49:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/21/2014 1:50:13 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done (4/21/2014 1:50:13 PM)
   Total Repair Time: 00:22:10

...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under Current User Account

 

Running FRST64 now.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.