Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Advertisements playing in the background constantly


  • This topic is locked This topic is locked
30 replies to this topic

#1 iSayChris

iSayChris

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 08 January 2014 - 01:36 AM

Hey guys, I am having trouble fixing this on my own. On start up, advertisements are constantly playing in the background even though I haven't opened any internet browsers or programs yet. I've ran Malwarebytes anti-malware, but it didn't pick anything up. PLEASE HELP! Let me know what to download and what logs to post, thanks guys!



BC AdBot (Login to Remove)

 


#2 iSayChris

iSayChris
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 08 January 2014 - 01:47 AM

Here is the DDS txt log:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.17267  BrowserJavaVersion: 10.9.2
Run by Mae at 22:42:50 on 2014-01-07
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3895.1870 [GMT -8:00]
.
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wuauclt.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\RunDll32.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coieplg.dll
dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{43842542-0CE5-493E-B51A-9B4D80B47CF6} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{43842542-0CE5-493E-B51A-9B4D80B47CF6}\14A56435A4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{43842542-0CE5-493E-B51A-9B4D80B47CF6}\34F4D4D27455543545 : DHCPNameServer = 4.2.2.1 4.2.2.2
TCP: Interfaces\{43842542-0CE5-493E-B51A-9B4D80B47CF6}\4494F46323 : DHCPNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{43842542-0CE5-493E-B51A-9B4D80B47CF6}\7554151543 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{43842542-0CE5-493E-B51A-9B4D80B47CF6}\B483533334 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{43842542-0CE5-493E-B51A-9B4D80B47CF6}\C696E6B6379737 : DHCPNameServer = 4.2.2.2 206.13.29.12
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\N360x64\0404000.00C\symds64.sys [2011-10-11 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\N360x64\0404000.00C\symefa64.sys [2011-10-11 221304]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111123.001\BHDrvx64.sys [2011-11-29 1156216]
R1 ccHP;Symantec Hash Provider;C:\windows\System32\drivers\N360x64\0404000.00C\cchpx64.sys [2011-10-11 593544]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111202.001\IDSviA64.sys [2011-12-2 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\N360x64\0404000.00C\ironx64.sys [2011-10-11 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\windows\System32\drivers\N360x64\0404000.00C\symtdiv.sys [2011-10-11 451704]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2014-1-6 881440]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-7 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-3 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-3 701512]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccsvchst.exe [2011-10-11 126400]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-6-7 2320920]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-6-8 28176]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-6-8 162304]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-6-7 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-6-7 158976]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-6-7 271872]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-1-3 25928]
R3 vm331avs;Digital Camera 1;C:\windows\System32\drivers\vm331avs.sys [2010-6-8 215168]
R3 wdmirror;wdmirror;C:\windows\System32\drivers\WDMirror.sys [2010-6-8 11280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-1-6 2151200]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 androidusb;ADB Interface Driver;C:\windows\System32\drivers\motoandroid.sys [2009-7-10 31744]
S3 Bridge0;Bridge0;C:\windows\System32\drivers\WDBridge.sys [2010-6-8 79376]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-10 138360]
S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152]
S3 JLTECH0227;Dual Mode Camera;C:\windows\System32\drivers\jl2005c.sys [2012-7-22 80880]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-6-8 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-6-8 579400]
S3 LVRS64;Logitech RightSound Filter Driver;C:\windows\System32\drivers\lvrs64.sys [2010-11-10 341856]
S3 LVUVC64;Logitech Webcam 200(UVC);C:\windows\System32\drivers\lvuvc64.sys [2010-11-10 4162784]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-6-8 242720]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-6-8 239616]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-12-8 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
.
=============== Created Last 30 ================
.
2014-01-08 06:03:56 27456 ----a-w- C:\windows\System32\RegistryDefragBootTime.exe
2014-01-08 06:03:06 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6954DC4-6DF9-41BD-A552-028E474B3557}\offreg.dll
2014-01-08 05:56:32 -------- d-----w- C:\windows\pss
2014-01-08 05:47:54 388096 ----a-r- C:\Users\Mae\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-08 05:47:54 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-01-08 04:33:26 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-08 04:19:16 98816 ----a-w- C:\windows\sed.exe
2014-01-08 04:19:16 256000 ----a-w- C:\windows\PEV.exe
2014-01-08 04:19:16 208896 ----a-w- C:\windows\MBR.exe
2014-01-08 03:54:20 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6954DC4-6DF9-41BD-A552-028E474B3557}\mpengine.dll
2014-01-07 03:18:57 -------- d-----w- C:\ProgramData\ProductData
2014-01-07 03:18:07 -------- d-----w- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-01-07 03:18:05 -------- d-----w- C:\ProgramData\IObit
2014-01-07 03:17:38 -------- d-----w- C:\Program Files (x86)\IObit
2014-01-07 03:17:02 -------- d-----w- C:\Users\Mae\AppData\Roaming\IObit
2014-01-06 08:43:23 -------- d-----w- C:\Program Files\Enigma Software Group
2014-01-06 08:42:06 -------- d-----w- C:\windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-06 08:42:00 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-01-06 08:04:50 -------- d-----w- C:\AdwCleaner
2014-01-04 07:16:56 -------- d-----w- C:\Users\Mae\AppData\Roaming\Malwarebytes
2014-01-04 07:16:39 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-04 07:16:38 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-01-04 07:16:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-04 07:15:41 -------- d-----w- C:\Users\Mae\AppData\Local\Programs
2014-01-04 06:34:24 -------- d-----w- C:\windows\System32\MRT
.
==================== Find3M  ====================
.
2013-12-12 04:03:17 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-12 04:03:17 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-11-19 11:33:38 267936 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 22:44:01.90 ===============

Attached Files


Edited by iSayChris, 08 January 2014 - 01:51 AM.


#3 iSayChris

iSayChris
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 08 January 2014 - 07:42 PM

someone please help, need my laptop fixed asap



#4 iSayChris

iSayChris
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 10 January 2014 - 01:47 AM

need someone asap, starting school soon an need my laptop cleaned by then



#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:55 AM

Posted 11 January 2014 - 06:52 AM

Hello, iSayChris.
My name is etavares and I will be helping you with this log.
 
Here are some guidelines to ensure we are able to get your machine back under your control.
 
  • Please do not run any unsupervised scans, fixes, etc.  We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so.  Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned.  Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first.  There's no harm in asking questions!
  •  
    Please download Farbar Recovery Scan Tool and save it to a flash drive.
     
    Plug the flashdrive into the infected PC.
     
    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
     
    If you are using Vista or Windows 7 enter System Recovery Options
     
    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  •  
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  •  
    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
     
    Select Command Prompt
     
    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64)  and press Enter 
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  •  
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #6 iSayChris

    iSayChris
    • Topic Starter

    • Members
    • 70 posts
    • OFFLINE
    •  
    • Local time:05:55 AM

    Posted 11 January 2014 - 07:22 AM

    here is the "FRST .txt" log:

     

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2014 02
    Ran by SYSTEM on MININT-PB9K3OD on 11-01-2014 04:42:10
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Recovery
     
    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM-x32\...\Run: [] - [x]
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\Default\...\Run: [ooVoo.exe] - C:\Program Files (x86)\ooVoo\ooVoo.exe [35239488 2013-06-20] (ooVoo LLC)
    HKU\Default\...\RunOnce: [WLStart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)
    HKU\Default User\...\Run: [ooVoo.exe] - C:\Program Files (x86)\ooVoo\ooVoo.exe [35239488 2013-06-20] (ooVoo LLC)
    HKU\Default User\...\RunOnce: [WLStart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)
     
    ==================== Services (Whitelisted) =================
     
    S2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881440 2013-12-09] (IObit)
    S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
    S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
    S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    S2 N360; C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe [126400 2011-08-03] (Symantec Corporation)
    S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-15] (Lenovo Group Limited)
    S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
     
    ==================== Drivers (Whitelisted) ====================
     
    S3 androidusb; C:\Windows\System32\Drivers\motoandroid.sys [31744 2009-07-10] (Motorola)
    S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111123.001\BHDrvx64.sys [1156216 2011-11-14] (Symantec Corporation)
    S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-15] (Lenovo)
    S1 ccHP; C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)
    S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-11-10] (Symantec Corporation)
    S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2011-11-10] (Symantec Corporation)
    S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111202.001\IDSvia64.sys [488568 2011-08-22] (Symantec Corporation)
    S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)
    S1 SRTSPX; C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)
    S0 SymDS; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMDS64.SYS [433200 2009-10-14] (Symantec Corporation)
    S0 SymEFA; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)
    S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-12-12] (Symantec Corporation)
    S1 SymIRON; C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)
    S1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)
    S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [215168 2010-03-18] (Vimicro Corporation)
    S3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
    S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    S3 BcmSqlStartupSvc; 
    S3 catchme; \??\C:\ComboFix\catchme.sys [x]
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    S2 IviRegMgr; 
    S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20111202.032\ENG64.SYS [x]
    S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20111202.032\EX64.SYS [x]
    S2 RichVideo; 
    S3 SQLWriter; 
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-01-11 04:42 - 2014-01-11 04:42 - 00000000 ____D C:\FRST
    2014-01-07 22:44 - 2014-01-10 15:28 - 00014475 _____ C:\Users\Mae\Desktop\attach.txt
    2014-01-07 22:44 - 2014-01-10 15:28 - 00014142 _____ C:\Users\Mae\Desktop\dds.txt
    2014-01-07 22:41 - 2014-01-07 22:42 - 00688992 ____R (Swearware) C:\Users\Mae\Downloads\dds.com
    2014-01-07 22:29 - 2014-01-11 04:33 - 00001188 _____ C:\Windows\setupact.log
    2014-01-07 22:29 - 2014-01-07 22:29 - 00005890 _____ C:\Windows\PFRO.log
    2014-01-07 22:29 - 2014-01-07 22:29 - 00000000 _____ C:\Windows\setuperr.log
    2014-01-07 22:28 - 2014-01-07 22:28 - 62619648 _____ C:\Windows\System32\config\software.iodefrag.bak
    2014-01-07 22:28 - 2014-01-07 22:28 - 00278528 _____ C:\Windows\System32\config\default.iodefrag.bak
    2014-01-07 22:28 - 2014-01-07 22:28 - 00024576 _____ C:\Windows\System32\config\security.iodefrag.bak
    2014-01-07 22:28 - 2014-01-07 22:28 - 00024576 _____ C:\Windows\System32\config\sam.iodefrag.bak
    2014-01-07 22:28 - 2014-01-07 22:28 - 00000000 _____ C:\asc_rdflag
    2014-01-07 22:03 - 2013-06-27 18:05 - 00027456 _____ (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
    2014-01-07 22:00 - 2014-01-07 22:00 - 62500864 _____ C:\Windows\System32\config\software.iobit
    2014-01-07 22:00 - 2014-01-07 22:00 - 00278528 _____ C:\Windows\System32\config\default.iobit
    2014-01-07 22:00 - 2014-01-07 22:00 - 00024576 _____ C:\Windows\System32\config\security.iobit
    2014-01-07 22:00 - 2014-01-07 22:00 - 00024576 _____ C:\Windows\System32\config\sam.iobit
    2014-01-07 21:56 - 2014-01-07 21:56 - 00000000 ____D C:\Windows\pss
    2014-01-07 21:48 - 2014-01-07 21:48 - 00011889 _____ C:\Users\Mae\Desktop\hijackthis.log
    2014-01-07 21:47 - 2014-01-07 21:47 - 00002965 _____ C:\Users\Mae\Desktop\HiJackThis.lnk
    2014-01-07 21:47 - 2014-01-07 21:47 - 00000000 ____D C:\Program Files (x86)\Trend Micro
    2014-01-07 21:46 - 2014-01-07 21:46 - 01402880 _____ C:\Users\Mae\Downloads\HijackThis.msi
    2014-01-07 21:23 - 2014-01-07 21:26 - 00003238 _____ C:\Users\Mae\Desktop\Rkill.txt
    2014-01-07 21:23 - 2014-01-07 21:23 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Mae\Downloads\rkill.exe
    2014-01-07 21:05 - 2014-01-07 21:06 - 01233962 _____ C:\Users\Mae\Downloads\AdwCleaner.exe
    2014-01-07 20:44 - 2014-01-07 20:45 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Mae\Downloads\tdsskiller.exe
    2014-01-07 20:33 - 2014-01-07 20:33 - 00024294 _____ C:\ComboFix.txt
    2014-01-07 20:19 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
    2014-01-07 20:19 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
    2014-01-07 20:19 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-01-07 20:19 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-01-07 20:19 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-01-07 20:19 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
    2014-01-07 20:19 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
    2014-01-07 20:19 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
    2014-01-07 19:55 - 2014-01-07 20:33 - 00000000 ____D C:\Qoobox
    2014-01-07 19:54 - 2014-01-07 20:30 - 00000000 ____D C:\Windows\erdnt
    2014-01-07 19:53 - 2014-01-07 19:54 - 05160001 ____R (Swearware) C:\Users\Mae\Downloads\ComboFix.exe
    2014-01-07 19:43 - 2014-01-07 19:43 - 00003090 _____ C:\Windows\System32\Tasks\ASC7_PerformanceMonitor
    2014-01-06 19:19 - 2014-01-06 19:19 - 00001213 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
    2014-01-06 19:18 - 2014-01-10 15:19 - 00002205 _____ C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
    2014-01-06 19:18 - 2014-01-07 20:05 - 00000000 ____D C:\ProgramData\ProductData
    2014-01-06 19:18 - 2014-01-07 19:42 - 00000000 ____D C:\ProgramData\IObit
    2014-01-06 19:18 - 2014-01-06 19:18 - 00002846 _____ C:\Windows\System32\Tasks\ASC7_SkipUac_Mae
    2014-01-06 19:18 - 2014-01-06 19:18 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
    2014-01-06 19:17 - 2014-01-06 19:19 - 00000000 ____D C:\Users\Mae\AppData\Roaming\IObit
    2014-01-06 19:17 - 2014-01-06 19:19 - 00000000 ____D C:\Program Files (x86)\IObit
    2014-01-06 19:11 - 2014-01-06 19:12 - 35338968 _____ (IObit                                                       ) C:\Users\Mae\Downloads\asc-setup.exe
    2014-01-06 19:07 - 2014-01-06 19:07 - 04645232 _____ (Piriform Ltd) C:\Users\Mae\Downloads\ccsetup409.exe
    2014-01-06 00:44 - 2014-01-06 00:44 - 00000000 _____ C:\autoexec.bat
    2014-01-06 00:43 - 2014-01-06 00:43 - 00000000 ____D C:\Program Files\Enigma Software Group
    2014-01-06 00:42 - 2014-01-06 19:15 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
    2014-01-06 00:04 - 2014-01-07 21:31 - 00000000 ____D C:\AdwCleaner
    2014-01-03 23:16 - 2014-01-03 23:16 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-01-03 23:16 - 2014-01-03 23:16 - 00000000 ____D C:\Users\Mae\AppData\Roaming\Malwarebytes
    2014-01-03 23:16 - 2014-01-03 23:16 - 00000000 ____D C:\ProgramData\Malwarebytes
    2014-01-03 23:16 - 2014-01-03 23:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-03 23:16 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2014-01-03 23:15 - 2014-01-03 23:15 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mae\Downloads\mbam-setup-1.75.0.1300.exe
    2014-01-03 22:34 - 2014-01-03 22:36 - 00000000 ____D C:\Windows\System32\MRT
    2014-01-03 22:34 - 2013-12-01 14:42 - 90708896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2014-01-03 21:53 - 2014-01-03 21:53 - 00037376 _____ C:\Windows\System32\beuybu.add
    2014-01-03 21:42 - 2014-01-10 15:19 - 00000082 _____ C:\Windows\System32\timpdm.oys
    2014-01-03 21:41 - 2014-01-03 21:53 - 00000100 _____ C:\Windows\System32\jkhodn.riv
    2014-01-03 21:41 - 2014-01-03 21:41 - 00000064 _____ C:\Windows\System32\orxrkd.vwx
    2014-01-03 21:25 - 2014-01-03 21:25 - 00219314 ____S C:\Windows\System32\lcxvod.pcl
     
    ==================== One Month Modified Files and Folders =======
     
    2014-01-11 04:42 - 2014-01-11 04:42 - 00000000 ____D C:\FRST
    2014-01-11 04:33 - 2014-01-07 22:29 - 00001188 _____ C:\Windows\setupact.log
    2014-01-11 04:33 - 2010-06-08 00:35 - 14446564 _____ C:\FaceProv.log
    2014-01-11 04:33 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2014-01-11 04:32 - 2010-06-07 23:43 - 01201838 _____ C:\Windows\WindowsUpdate.log
    2014-01-11 04:31 - 2011-08-10 15:51 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-01-10 15:28 - 2014-01-07 22:44 - 00014475 _____ C:\Users\Mae\Desktop\attach.txt
    2014-01-10 15:28 - 2014-01-07 22:44 - 00014142 _____ C:\Users\Mae\Desktop\dds.txt
    2014-01-10 15:28 - 2009-07-13 20:45 - 00013632 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-10 15:28 - 2009-07-13 20:45 - 00013632 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-10 15:24 - 2011-08-10 15:51 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-01-10 15:23 - 2011-08-31 19:09 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{39AAE467-3AE2-4884-886F-5DC542EC75A5}
    2014-01-10 15:19 - 2014-01-06 19:18 - 00002205 _____ C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
    2014-01-10 15:19 - 2014-01-03 21:42 - 00000082 _____ C:\Windows\System32\timpdm.oys
    2014-01-07 23:03 - 2013-04-29 15:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-01-07 22:42 - 2014-01-07 22:41 - 00688992 ____R (Swearware) C:\Users\Mae\Downloads\dds.com
    2014-01-07 22:29 - 2014-01-07 22:29 - 00005890 _____ C:\Windows\PFRO.log
    2014-01-07 22:29 - 2014-01-07 22:29 - 00000000 _____ C:\Windows\setuperr.log
    2014-01-07 22:28 - 2014-01-07 22:28 - 62619648 _____ C:\Windows\System32\config\software.iodefrag.bak
    2014-01-07 22:28 - 2014-01-07 22:28 - 00278528 _____ C:\Windows\System32\config\default.iodefrag.bak
    2014-01-07 22:28 - 2014-01-07 22:28 - 00024576 _____ C:\Windows\System32\config\security.iodefrag.bak
    2014-01-07 22:28 - 2014-01-07 22:28 - 00024576 _____ C:\Windows\System32\config\sam.iodefrag.bak
    2014-01-07 22:28 - 2014-01-07 22:28 - 00000000 _____ C:\asc_rdflag
    2014-01-07 22:28 - 2010-12-07 12:51 - 00000000 ____D C:\users\Mae
    2014-01-07 22:08 - 2010-06-08 00:17 - 00000000 ____D C:\Program Files (x86)\DDNi
    2014-01-07 22:03 - 2011-03-29 18:20 - 00000000 ____D C:\Users\Mae\AppData\Roaming\uTorrent
    2014-01-07 22:00 - 2014-01-07 22:00 - 62500864 _____ C:\Windows\System32\config\software.iobit
    2014-01-07 22:00 - 2014-01-07 22:00 - 00278528 _____ C:\Windows\System32\config\default.iobit
    2014-01-07 22:00 - 2014-01-07 22:00 - 00024576 _____ C:\Windows\System32\config\security.iobit
    2014-01-07 22:00 - 2014-01-07 22:00 - 00024576 _____ C:\Windows\System32\config\sam.iobit
    2014-01-07 21:56 - 2014-01-07 21:56 - 00000000 ____D C:\Windows\pss
    2014-01-07 21:56 - 2012-03-09 21:45 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-719385517-4084266739-2877104616-1001UA.job
    2014-01-07 21:48 - 2014-01-07 21:48 - 00011889 _____ C:\Users\Mae\Desktop\hijackthis.log
    2014-01-07 21:48 - 2010-12-07 12:51 - 00000000 ____D C:\Users\Mae\AppData\Local\VirtualStore
    2014-01-07 21:47 - 2014-01-07 21:47 - 00002965 _____ C:\Users\Mae\Desktop\HiJackThis.lnk
    2014-01-07 21:47 - 2014-01-07 21:47 - 00000000 ____D C:\Program Files (x86)\Trend Micro
    2014-01-07 21:46 - 2014-01-07 21:46 - 01402880 _____ C:\Users\Mae\Downloads\HijackThis.msi
    2014-01-07 21:33 - 2010-06-08 00:24 - 00000000 ____D C:\ProgramData\VeriFace
    2014-01-07 21:31 - 2014-01-06 00:04 - 00000000 ____D C:\AdwCleaner
    2014-01-07 21:26 - 2014-01-07 21:23 - 00003238 _____ C:\Users\Mae\Desktop\Rkill.txt
    2014-01-07 21:23 - 2014-01-07 21:23 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Mae\Downloads\rkill.exe
    2014-01-07 21:06 - 2014-01-07 21:05 - 01233962 _____ C:\Users\Mae\Downloads\AdwCleaner.exe
    2014-01-07 20:45 - 2014-01-07 20:44 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Mae\Downloads\tdsskiller.exe
    2014-01-07 20:33 - 2014-01-07 20:33 - 00024294 _____ C:\ComboFix.txt
    2014-01-07 20:33 - 2014-01-07 19:55 - 00000000 ____D C:\Qoobox
    2014-01-07 20:33 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
    2014-01-07 20:30 - 2014-01-07 19:54 - 00000000 ____D C:\Windows\erdnt
    2014-01-07 20:29 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
    2014-01-07 20:15 - 2010-12-07 12:54 - 00000000 ____D C:\Users\Mae\AppData\Roaming\ID Vault
    2014-01-07 20:15 - 2010-12-07 12:53 - 00000000 ____D C:\Users\Mae\AppData\Local\ID Vault
    2014-01-07 20:05 - 2014-01-06 19:18 - 00000000 ____D C:\ProgramData\ProductData
    2014-01-07 19:54 - 2014-01-07 19:53 - 05160001 ____R (Swearware) C:\Users\Mae\Downloads\ComboFix.exe
    2014-01-07 19:48 - 2009-07-28 23:00 - 00000000 ____D C:\Windows\Panther
    2014-01-07 19:43 - 2014-01-07 19:43 - 00003090 _____ C:\Windows\System32\Tasks\ASC7_PerformanceMonitor
    2014-01-07 19:42 - 2014-01-06 19:18 - 00000000 ____D C:\ProgramData\IObit
    2014-01-06 19:19 - 2014-01-06 19:19 - 00001213 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
    2014-01-06 19:19 - 2014-01-06 19:17 - 00000000 ____D C:\Users\Mae\AppData\Roaming\IObit
    2014-01-06 19:19 - 2014-01-06 19:17 - 00000000 ____D C:\Program Files (x86)\IObit
    2014-01-06 19:19 - 2010-12-15 15:08 - 00000000 ____D C:\Users\Mae\AppData\Roaming\Apple Computer
    2014-01-06 19:18 - 2014-01-06 19:18 - 00002846 _____ C:\Windows\System32\Tasks\ASC7_SkipUac_Mae
    2014-01-06 19:18 - 2014-01-06 19:18 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
    2014-01-06 19:15 - 2014-01-06 00:42 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
    2014-01-06 19:12 - 2014-01-06 19:11 - 35338968 _____ (IObit                                                       ) C:\Users\Mae\Downloads\asc-setup.exe
    2014-01-06 19:07 - 2014-01-06 19:07 - 04645232 _____ (Piriform Ltd) C:\Users\Mae\Downloads\ccsetup409.exe
    2014-01-06 18:56 - 2012-03-09 21:45 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-719385517-4084266739-2877104616-1001Core.job
    2014-01-06 00:44 - 2014-01-06 00:44 - 00000000 _____ C:\autoexec.bat
    2014-01-06 00:43 - 2014-01-06 00:43 - 00000000 ____D C:\Program Files\Enigma Software Group
    2014-01-05 23:44 - 2010-12-07 12:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2014-01-03 23:16 - 2014-01-03 23:16 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-01-03 23:16 - 2014-01-03 23:16 - 00000000 ____D C:\Users\Mae\AppData\Roaming\Malwarebytes
    2014-01-03 23:16 - 2014-01-03 23:16 - 00000000 ____D C:\ProgramData\Malwarebytes
    2014-01-03 23:16 - 2014-01-03 23:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-03 23:15 - 2014-01-03 23:15 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mae\Downloads\mbam-setup-1.75.0.1300.exe
    2014-01-03 22:36 - 2014-01-03 22:34 - 00000000 ____D C:\Windows\System32\MRT
    2014-01-03 22:36 - 2010-06-08 00:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2014-01-03 21:53 - 2014-01-03 21:53 - 00037376 _____ C:\Windows\System32\beuybu.add
    2014-01-03 21:53 - 2014-01-03 21:41 - 00000100 _____ C:\Windows\System32\jkhodn.riv
    2014-01-03 21:41 - 2014-01-03 21:41 - 00000064 _____ C:\Windows\System32\orxrkd.vwx
    2014-01-03 21:25 - 2014-01-03 21:25 - 00219314 ____S C:\Windows\System32\lcxvod.pcl
    2014-01-03 21:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
    2013-12-24 18:51 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
    2013-12-14 14:58 - 2010-12-12 11:49 - 00000000 ____D C:\ProgramData\Microsoft Help
     
    ==================== Known DLLs (Whitelisted) ================
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2009-07-13 16:00] - [2009-07-13 17:41] - 0510464 ____A (Microsoft Corporation) E222F4B3EC7E68B6687444C1AE5FEA58
     
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
     
    ==================== EXE ASSOCIATION =====================
     
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
     
    ==================== Restore Points  =========================
     
    Restore point made on: 2013-12-11 19:53:06
    Restore point made on: 2013-12-14 14:56:15
    Restore point made on: 2013-12-17 17:23:57
    Restore point made on: 2013-12-24 18:57:34
    Restore point made on: 2013-12-28 20:11:17
    Restore point made on: 2014-01-01 02:23:24
    Restore point made on: 2014-01-03 22:34:03
    Restore point made on: 2014-01-03 22:37:59
    Restore point made on: 2014-01-03 22:39:30
    Restore point made on: 2014-01-06 00:15:30
    Restore point made on: 2014-01-06 00:37:56
    Restore point made on: 2014-01-06 00:42:54
    Restore point made on: 2014-01-06 01:34:24
    Restore point made on: 2014-01-06 11:56:38
    Restore point made on: 2014-01-06 19:08:49
    Restore point made on: 2014-01-06 19:10:30
    Restore point made on: 2014-01-07 21:47:36
    Restore point made on: 2014-01-07 22:04:32
    Restore point made on: 2014-01-07 22:07:22
    Restore point made on: 2014-01-07 22:13:18
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 15%
    Total physical RAM: 3894.85 MB
    Available physical RAM: 3285.95 MB
    Total Pagefile: 3893 MB
    Available Pagefile: 3274.2 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.87 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:254.14 GB) (Free:198.04 GB) NTFS
    Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:28.16 GB) NTFS
    Drive g: (CENTON USB) (Removable) (Total:14.83 GB) (Free:8 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A662C052)
    Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=254 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
    Partition 4: (Not Active) - (Size=15 GB) - (Type=12)
     
    ========================================================
    Disk: 1 (Size: 15 GB) (Disk ID: D279B69E)
    Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)
     
     
    LastRegBack: 2013-12-10 10:43
     
    ==================== End Of Log ============================

    Edited by iSayChris, 11 January 2014 - 07:46 AM.


    #7 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:09:55 AM

    Posted 11 January 2014 - 08:25 AM

    Hi,

     

    Great!  We need to find a replacement for a file.  Please boot up FRST from the flash drive as before.  This time, in the search box type rpcss.dll and click Search File(s).  Please post the resulting log (search.txt).

     

    Thanks!

    -etavares



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #8 iSayChris

    iSayChris
    • Topic Starter

    • Members
    • 70 posts
    • OFFLINE
    •  
    • Local time:05:55 AM

    Posted 11 January 2014 - 09:33 AM

    okay, here is the search .txt log:

     

     

    Farbar Recovery Scan Tool (x64) Version: 11-01-2014 02
    Ran by SYSTEM at 2014-01-11 06:28:00
    Running from G:\
    Boot Mode: Recovery
     
    ================== Search: "rpcss.dll" ===================
     
    C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
    [2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027
     
    C:\Windows\System32\rpcss.dll
    [2009-07-13 16:00] - [2009-07-13 17:41] - 0510464 ____A (Microsoft Corporation) E222F4B3EC7E68B6687444C1AE5FEA58
     
    X:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
    [2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027
     
    X:\Windows\System32\rpcss.dll
    [2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027
     
    ====== End Of Search ======


    #9 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:09:55 AM

    Posted 11 January 2014 - 11:20 AM

    Hello, iSayChris.
     
    P2P Warning and Request
    The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case utorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.
     
    It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care.  I recommend that you uninstall this program.  That is optional, however.  If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.
     
     
    Step 1
     
    I see you have IOBit installed on your computer.  This is a known rogue antivirus that steals definitions from legitimate antiviruses.  Please read about it here.  Before I can help you, please uninstall IOBit via Add/Remove Programs.  If you need another antivirus, some good free ones (for personal use) are Avast, Microsoft Security Essentials and Avira AntiVir
     
     
     
    Step 2
     
    Copy/paste the text in the code box below to notepad.  Save it to the FRST flash drive as fixlist.txt and boot from the FRST flash drive as before.  Push Fix once, let it run.  Post fixlog.txt which will generate and be saved to the flash drive when the fix is complete.  When done, boot into windows.  If it boots OK let me know if the ads are gone (we're not done yet).  If it boots fine, please run DDS as before and post dds.txt in your reply.  If not, boot into FRST from the flash drive, push scan and post frst.txt instead.
     
    Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\Windows\System32\rpcss.dll
    2014-01-03 21:53 - 2014-01-03 21:53 - 00037376 _____ C:\Windows\System32\beuybu.add
    2014-01-03 21:53 - 2014-01-03 21:41 - 00000100 _____ C:\Windows\System32\jkhodn.riv
    2014-01-03 21:41 - 2014-01-03 21:41 - 00000064 _____ C:\Windows\System32\orxrkd.vwx
    2014-01-03 21:25 - 2014-01-03 21:25 - 00219314 ____S C:\Windows\System32\lcxvod.pcl
    2014-01-03 21:42 - 2014-01-10 15:19 - 00000082 _____ C:\Windows\System32\timpdm.oys
     
    etavares

    Edited by etavares, 11 January 2014 - 11:20 AM.


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #10 iSayChris

    iSayChris
    • Topic Starter

    • Members
    • 70 posts
    • OFFLINE
    •  
    • Local time:05:55 AM

    Posted 11 January 2014 - 11:46 AM

    here is the requested fixlog .txt:

     

     

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2014 02

    Ran by SYSTEM at 2014-01-11 08:36:31 Run:1
    Running from G:\
    Boot Mode: Recovery
    ==============================================
     
    Content of fixlist:
    *****************
    Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\Windows\System32\rpcss.dll
    2014-01-03 21:53 - 2014-01-03 21:53 - 00037376 _____ C:\Windows\System32\beuybu.add
    2014-01-03 21:53 - 2014-01-03 21:41 - 00000100 _____ C:\Windows\System32\jkhodn.riv
    2014-01-03 21:41 - 2014-01-03 21:41 - 00000064 _____ C:\Windows\System32\orxrkd.vwx
    2014-01-03 21:25 - 2014-01-03 21:25 - 00219314 ____S C:\Windows\System32\lcxvod.pcl
    2014-01-03 21:42 - 2014-01-10 15:19 - 00000082 _____ C:\Windows\System32\timpdm.oys
    *****************
     
    C:\Windows\System32\rpcss.dll => Moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
    C:\Windows\System32\beuybu.add => Moved successfully.
    C:\Windows\System32\jkhodn.riv => Moved successfully.
    C:\Windows\System32\orxrkd.vwx => Moved successfully.
    C:\Windows\System32\lcxvod.pcl => Moved successfully.
    C:\Windows\System32\timpdm.oys => Moved successfully.
     
    ==== End of Fixlog ====


    #11 iSayChris

    iSayChris
    • Topic Starter

    • Members
    • 70 posts
    • OFFLINE
    •  
    • Local time:05:55 AM

    Posted 11 January 2014 - 11:48 AM

    My laptop booted fine, Ads are gone on start up. browsed the internet for a couple minutes just to make sure the ads were gone, and they are.

    And here is the dds .txt that was requested:

     

     

    DDS (Ver_2012-11-20.01) - NTFS_AMD64 
    Internet Explorer: 8.0.7600.17267  BrowserJavaVersion: 10.9.2
    Run by Mae at 8:58:27 on 2014-01-11
    Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3895.2663 [GMT -8:00]
    .
    AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\System32\svchost.exe -k secsvcs
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\windows\system32\Dwm.exe
    C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\taskeng.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\wuauclt.exe
    C:\windows\system32\RunDll32.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coieplg.dll
    BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ipsbho.dll
    BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coieplg.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coieplg.dll
    dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{43842542-0CE5-493E-B51A-9B4D80B47CF6} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{43842542-0CE5-493E-B51A-9B4D80B47CF6}\14A56435A4 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{43842542-0CE5-493E-B51A-9B4D80B47CF6}\34F4D4D27455543545 : DHCPNameServer = 4.2.2.1 4.2.2.2
    TCP: Interfaces\{43842542-0CE5-493E-B51A-9B4D80B47CF6}\4494F46323 : DHCPNameServer = 192.168.1.1 68.238.64.12
    TCP: Interfaces\{43842542-0CE5-493E-B51A-9B4D80B47CF6}\7554151543 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{43842542-0CE5-493E-B51A-9B4D80B47CF6}\B483533334 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{43842542-0CE5-493E-B51A-9B4D80B47CF6}\C696E6B6379737 : DHCPNameServer = 4.2.2.2 206.13.29.12
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - 
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\N360x64\0404000.00C\symds64.sys [2011-10-11 433200]
    R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\N360x64\0404000.00C\symefa64.sys [2011-10-11 221304]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111123.001\BHDrvx64.sys [2011-11-29 1156216]
    R1 ccHP;Symantec Hash Provider;C:\windows\System32\drivers\N360x64\0404000.00C\cchpx64.sys [2011-10-11 593544]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111202.001\IDSviA64.sys [2011-12-2 488568]
    R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\N360x64\0404000.00C\ironx64.sys [2011-10-11 150064]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\windows\System32\drivers\N360x64\0404000.00C\symtdiv.sys [2011-10-11 451704]
    R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-7 13336]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-3 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-3 701512]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccsvchst.exe [2011-10-11 126400]
    R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-6-7 2320920]
    R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-6-8 28176]
    R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-6-8 162304]
    R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-6-7 56344]
    R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-6-7 158976]
    R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-6-7 271872]
    R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-1-3 25928]
    R3 vm331avs;Digital Camera 1;C:\windows\System32\drivers\vm331avs.sys [2010-6-8 215168]
    R3 wdmirror;wdmirror;C:\windows\System32\drivers\WDMirror.sys [2010-6-8 11280]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-1-6 2151200]
    S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
    S3 androidusb;ADB Interface Driver;C:\windows\System32\drivers\motoandroid.sys [2009-7-10 31744]
    S3 Bridge0;Bridge0;C:\windows\System32\drivers\WDBridge.sys [2010-6-8 79376]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-10 138360]
    S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152]
    S3 JLTECH0227;Dual Mode Camera;C:\windows\System32\drivers\jl2005c.sys [2012-7-22 80880]
    S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
    S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-6-8 509192]
    S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-6-8 579400]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\windows\System32\drivers\lvrs64.sys [2010-11-10 341856]
    S3 LVUVC64;Logitech Webcam 200(UVC);C:\windows\System32\drivers\lvuvc64.sys [2010-11-10 4162784]
    S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-6-8 242720]
    S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-6-8 239616]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-12-8 1255736]
    S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
    .
    =============== Created Last 30 ================
    .
    2014-01-11 12:42:02 -------- d-----w- C:\FRST
    2014-01-10 23:26:46 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C517D123-2504-4151-A156-4089F4E51452}\mpengine.dll
    2014-01-08 06:03:56 27456 ----a-w- C:\windows\System32\RegistryDefragBootTime.exe
    2014-01-08 05:56:32 -------- d-----w- C:\windows\pss
    2014-01-08 05:47:54 388096 ----a-r- C:\Users\Mae\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2014-01-08 05:47:54 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2014-01-08 04:33:26 -------- d-sh--w- C:\$RECYCLE.BIN
    2014-01-08 04:19:16 98816 ----a-w- C:\windows\sed.exe
    2014-01-08 04:19:16 256000 ----a-w- C:\windows\PEV.exe
    2014-01-08 04:19:16 208896 ----a-w- C:\windows\MBR.exe
    2014-01-07 03:18:57 -------- d-----w- C:\ProgramData\ProductData
    2014-01-07 03:18:07 -------- d-----w- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
    2014-01-07 03:18:05 -------- d-----w- C:\ProgramData\IObit
    2014-01-07 03:17:38 -------- d-----w- C:\Program Files (x86)\IObit
    2014-01-07 03:17:02 -------- d-----w- C:\Users\Mae\AppData\Roaming\IObit
    2014-01-06 08:43:23 -------- d-----w- C:\Program Files\Enigma Software Group
    2014-01-06 08:42:06 -------- d-----w- C:\windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
    2014-01-06 08:42:00 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2014-01-06 08:04:50 -------- d-----w- C:\AdwCleaner
    2014-01-04 07:16:56 -------- d-----w- C:\Users\Mae\AppData\Roaming\Malwarebytes
    2014-01-04 07:16:39 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-01-04 07:16:38 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
    2014-01-04 07:16:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-04 07:15:41 -------- d-----w- C:\Users\Mae\AppData\Local\Programs
    2014-01-04 06:34:24 -------- d-----w- C:\windows\System32\MRT
    .
    ==================== Find3M  ====================
    .
    2013-12-12 04:03:17 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-12-12 04:03:17 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2013-11-19 11:33:38 267936 ------w- C:\windows\System32\MpSigStub.exe
    .
    ============= FINISH:  8:58:49.28 ===============
     

    Edited by iSayChris, 11 January 2014 - 12:00 PM.


    #12 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:09:55 AM

    Posted 11 January 2014 - 02:51 PM

    Hello, iSayChris.

     
     
    Step 1
     
    I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png
  •  
     
     
    Step 2
     
    Next, we need to update Java.
    Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of  Windows Offline (32-bit)]Java Runtime Environment (JRE) 7 Update 45 32-bit version[/URL].  Note that if you have 64-bit windows, the default is to use a 32-bit browser.  If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version.
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
  • Java 7 Update 9
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the java file you downloaded to install the newest version.  If you downloaded the 64-bit version, make sure to install that as well.
  •  
     
     
     
    Step 3
     
     
    Adobe Reader 9 is no longer supported or updated.  As a result, there are known security holes in it that malware exploits.  I strongly recommend to uninstall it via Add/Remove Programs and install Adobe Reader XI at http://get/adobe.com/reader (make sure to uncheck the box for the optional toolbar)
     
    Step 4
     
    Are you able to enable and update Norton?  It looks like it's not running in real time protection mode and it has outdated definitions.
     
     
     
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #13 iSayChris

    iSayChris
    • Topic Starter

    • Members
    • 70 posts
    • OFFLINE
    •  
    • Local time:05:55 AM

    Posted 12 January 2014 - 01:57 AM

    Here is the ESETScan report:

     

    C:\FRST\Quarantine\rpcss.dll Win64/Patched.H trojan deleted - quarantined
     
    ________________________________________________________________________________
     
    Older versions of Java and Adobe Reader have been uninstalled, and replaced with the newest versions.
     
    As for Norton, My subscription has ended. What is a good anti-virus program I can download for now?

    Edited by iSayChris, 12 January 2014 - 02:01 AM.


    #14 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:09:55 AM

    Posted 12 January 2014 - 07:16 AM

    Hi,

     

    Download an antivirus.  Free ones that are good include Microsoft Security Essentials, Avast and Antivir.  Please pick one and download the installer.  Don't install it yet.

     

    Next, we need to uninstall Norton.  Uninstalling antivirus from add/remove programs never does a complete job.  So, please download Norton Removal Tool here and save it to your desktop.

     

    Next, disconnect from the internet (turn off WiFi radio or unplug the network cable).

     

    Run the Norton Removal tool.  It may require a reboot.  Do so if promtped.

     

    When that's done, install the antivirus.  It may require a reboot.  Do so if promtped.

     

    Then, please run a new DDS scan and post the resulting log here.

     

    -etavares



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #15 iSayChris

    iSayChris
    • Topic Starter

    • Members
    • 70 posts
    • OFFLINE
    •  
    • Local time:05:55 AM

    Posted 12 January 2014 - 06:23 PM

    Alrighty, downloaded Microsoft Security Essentials and uninstalled Norton completely. 
    Here is the requested DDS log:

     

    DDS (Ver_2012-11-20.01) - NTFS_AMD64 
    Internet Explorer: 8.0.7600.17267  BrowserJavaVersion: 10.45.2
    Run by Mae at 15:20:11 on 2014-01-12
    Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3895.2707 [GMT -8:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\wuauclt.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\windows\system32\taskeng.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{43842542-0CE5-493E-B51A-9B4D80B47CF6} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{43842542-0CE5-493E-B51A-9B4D80B47CF6}\14A56435A4 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{43842542-0CE5-493E-B51A-9B4D80B47CF6}\34F4D4D27455543545 : DHCPNameServer = 4.2.2.1 4.2.2.2
    TCP: Interfaces\{43842542-0CE5-493E-B51A-9B4D80B47CF6}\4494F46323 : DHCPNameServer = 192.168.1.1 68.238.64.12
    TCP: Interfaces\{43842542-0CE5-493E-B51A-9B4D80B47CF6}\7554151543 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{43842542-0CE5-493E-B51A-9B4D80B47CF6}\B483533334 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{43842542-0CE5-493E-B51A-9B4D80B47CF6}\C696E6B6379737 : DHCPNameServer = 4.2.2.2 206.13.29.12
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - 
    x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
    R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-7 13336]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-3 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-3 701512]
    R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
    R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-6-7 2320920]
    R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-6-8 28176]
    R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-6-8 162304]
    R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-6-7 56344]
    R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-6-7 158976]
    R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-6-7 271872]
    R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-1-3 25928]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
    R3 vm331avs;Digital Camera 1;C:\windows\System32\drivers\vm331avs.sys [2010-6-8 215168]
    R3 wdmirror;wdmirror;C:\windows\System32\drivers\WDMirror.sys [2010-6-8 11280]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-1-6 2151200]
    S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
    S3 androidusb;ADB Interface Driver;C:\windows\System32\drivers\motoandroid.sys [2009-7-10 31744]
    S3 Bridge0;Bridge0;C:\windows\System32\drivers\WDBridge.sys [2010-6-8 79376]
    S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152]
    S3 JLTECH0227;Dual Mode Camera;C:\windows\System32\drivers\jl2005c.sys [2012-7-22 80880]
    S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
    S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-6-8 509192]
    S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-6-8 579400]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\windows\System32\drivers\lvrs64.sys [2010-11-10 341856]
    S3 LVUVC64;Logitech Webcam 200(UVC);C:\windows\System32\drivers\lvuvc64.sys [2010-11-10 4162784]
    S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-6-8 242720]
    S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-6-8 239616]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-12-8 1255736]
    S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
    .
    =============== Created Last 30 ================
    .
    2014-01-12 23:14:42 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1A17AD4-9A7A-452C-984A-352BA224DF2B}\offreg.dll
    2014-01-12 23:04:30 965000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{58D52A54-8170-4E0B-9411-E2751A4FC991}\gapaengine.dll
    2014-01-12 23:04:23 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1A17AD4-9A7A-452C-984A-352BA224DF2B}\mpengine.dll
    2014-01-12 23:03:04 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2014-01-12 23:02:54 -------- d-----w- C:\Program Files\Microsoft Security Client
    2014-01-12 23:01:50 -------- d-----w- C:\add944a62d275c36ae6e577afb1a
    2014-01-12 22:51:34 302 ----a-w- C:\FixitRegBackup.reg
    2014-01-12 07:08:18 374664 ----a-w- C:\windows\System32\drivers\netio.sys
    2014-01-12 06:50:39 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
    2014-01-12 06:46:31 -------- d-----w- C:\ProgramData\Oracle
    2014-01-12 06:44:09 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-01-12 00:05:06 -------- d-----w- C:\Program Files (x86)\ESET
    2014-01-11 12:42:02 -------- d-----w- C:\FRST
    2014-01-10 23:26:46 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C517D123-2504-4151-A156-4089F4E51452}\mpengine.dll
    2014-01-08 06:03:56 27456 ----a-w- C:\windows\System32\RegistryDefragBootTime.exe
    2014-01-08 05:56:32 -------- d-----w- C:\windows\pss
    2014-01-08 04:33:26 -------- d-sh--w- C:\$RECYCLE.BIN
    2014-01-08 04:19:16 98816 ----a-w- C:\windows\sed.exe
    2014-01-08 04:19:16 256000 ----a-w- C:\windows\PEV.exe
    2014-01-08 04:19:16 208896 ----a-w- C:\windows\MBR.exe
    2014-01-07 03:18:57 -------- d-----w- C:\ProgramData\ProductData
    2014-01-07 03:18:07 -------- d-----w- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
    2014-01-07 03:18:05 -------- d-----w- C:\ProgramData\IObit
    2014-01-07 03:17:38 -------- d-----w- C:\Program Files (x86)\IObit
    2014-01-07 03:17:02 -------- d-----w- C:\Users\Mae\AppData\Roaming\IObit
    2014-01-06 08:43:23 -------- d-----w- C:\Program Files\Enigma Software Group
    2014-01-06 08:42:06 -------- d-----w- C:\windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
    2014-01-06 08:42:00 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2014-01-06 08:04:50 -------- d-----w- C:\AdwCleaner
    2014-01-04 07:16:56 -------- d-----w- C:\Users\Mae\AppData\Roaming\Malwarebytes
    2014-01-04 07:16:39 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-01-04 07:16:38 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
    2014-01-04 07:16:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-04 07:15:41 -------- d-----w- C:\Users\Mae\AppData\Local\Programs
    2014-01-04 06:34:24 -------- d-----w- C:\windows\System32\MRT
    .
    ==================== Find3M  ====================
    .
    2013-12-12 04:03:17 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-12-12 04:03:17 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2013-11-19 10:21:41 267936 ------w- C:\windows\System32\MpSigStub.exe
    .
    ============= FINISH: 15:20:45.77 ===============





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users