Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem with pop ups


  • This topic is locked This topic is locked
21 replies to this topic

#1 enjoyyy

enjoyyy

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 01 June 2014 - 04:15 AM

Hey guys recently my mums pc has started getting pop ups in the firefox browser for adcash amoung other things. She doesnt understand that clicking some things can harm the computer...however everyone connected to the same router has been infected. My pc randomly started getting them when im in a game application they might pop up in firefox or if i click somewhere on the screen while on youtube one will pop up. My gf's laptop which connects to our router via wifi has also started getting them occasionally. I have already gone through the add-ons and control panel to find any programs that might be harmful and cant find anything and ive run Avast scan, Malwarebytes scan, Hitman pro scan, JRT and Adwcleaner and they have all come up with nothing found. Last time mum downlaoded a Re-direct virus that i had to restart the router to cure will i need to do the same again? thanks.



BC AdBot (Login to Remove)

 


m

#2 enjoyyy

enjoyyy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 03 June 2014 - 01:29 AM

I ran JRT and this is the log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by William on Tue 06/03/2014 at 16:24:14.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\William\AppData\Roaming\mozilla\firefox\profiles\lyfi86cn.default-1396410500399\minidumps [17 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/03/2014 at 16:28:51.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#3 enjoyyy

enjoyyy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 03 June 2014 - 01:36 AM

Here is the AdwCleaner Log:

 

# AdwCleaner v3.211 - Report created 03/06/2014 at 16:34:36
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : William - WILLIAM-PC
# Running from : C:\Users\William\Downloads\adwcleaner_3.211.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\lyfi86cn.default-1396410500399\prefs.js ]


*************************

AdwCleaner[R0].txt - [795 octets] - [02/04/2014 13:42:23]
AdwCleaner[R1].txt - [913 octets] - [23/04/2014 22:41:37]
AdwCleaner[R2].txt - [1087 octets] - [31/05/2014 12:29:19]
AdwCleaner[R3].txt - [1160 octets] - [03/06/2014 16:34:10]
AdwCleaner[S0].txt - [855 octets] - [02/04/2014 13:46:26]
AdwCleaner[S1].txt - [973 octets] - [23/04/2014 22:42:30]
AdwCleaner[S2].txt - [1151 octets] - [31/05/2014 12:30:00]
AdwCleaner[S3].txt - [1082 octets] - [03/06/2014 16:34:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1142 octets] ##########



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 06 June 2014 - 04:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/536223 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 enjoyyy

enjoyyy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 08 June 2014 - 08:29 PM

In reply to the Helpbot post. I am getting pop ups on every device connected to my router/modem no matter the browser used they are mostly ad.cash pop ups but they vary, sometimes it will just happen randomly and other times just when i click the mouse. I run windows 7 home 64-bit version and i do have the original cd available. I have had a similar problem in the past with only redirect pages coming up instead of the desired webpage but i fixed that by doing a hard reset of the router. I have run every a/v, malware, adware, spyware program i could find but they all come up with no infected files or if they do have 1 or 2 when i quarantine the problem is still there.

 

Here is the DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by William at 11:23:52 on 2014-06-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8079.5357 [GMT 10:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\ASGT.exe
C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\igfxpers.exe
C:\Program Files\GIGABYTE\SmartRecovery2\RPMDaemon.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\File Association Helper\FAHWindow.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\GIGABYTE\Smart TimeLock\AlarmClock.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRunOnce: [EasyTune] C:\Program Files (x86)\GIGABYTE\EasyTune\RunOnceTask.exe
mRunOnce: [PreRun] C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 66.118.165.22 69.65.41.33
TCP: Interfaces\{AA933654-EB90-4C26-BD3D-886794E48ACA} : DHCPNameServer = 66.118.165.22 69.65.41.33
SSODL: WebCheck - <orphaned>
x64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} -
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} -
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [FAHConsole] C:\Program Files\File Association Helper\FAHConsole.exe
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
x64-RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SmartRecovery2\RPMKickstartEx.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\lyfi86cn.default-1396410500399\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\lyfi86cn.default-1396410500399\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2014-5-8 9216]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-4-10 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-4-10 208416]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-8-7 644968]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-8-7 28008]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-1-14 20464]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2014-1-13 22240]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-4-10 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-4-10 423240]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-16 239616]
R2 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2012-1-17 55296]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-5 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-4-10 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-4-10 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-5 50344]
R2 gadjservice;GIGABYTE Adjust;C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe [2014-4-16 16384]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-7-8 195336]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2014-1-10 169432]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe [2013-2-22 102400]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-12-20 94720]
R3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2014-1-13 495376]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2014-1-10 171632]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-1-10 442368]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-1-14 368112]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-1-14 786416]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2014-5-19 39080]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2014-5-19 155816]
S1 UsbCharger;UsbCharger;C:\Windows\System32\drivers\UsbCharger.sys [2014-1-13 22240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 atillk64;atillk64;C:\Program Files (x86)\ASUS\GPU Tweak\atillk64.sys [2006-7-19 14608]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2014-1-10 25640]
S3 etocdrv;etocdrv;C:\Windows\etocdrv.sys [2014-4-12 15584]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-23 111616]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-3-28 119512]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-6-5 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-5 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-6-5 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-11 1255736]
.
=============== Created Last 30 ================
.
2014-06-08 11:47:45    6574592    ----a-w-    C:\Windows\System32\mstscax.dll
2014-06-08 11:47:45    5694464    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-06-08 10:21:17    10702536    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24700878-CB10-44E6-AA76-DA7464A74DEB}\mpengine.dll
2014-06-05 09:17:01    44544    ----a-w-    C:\Windows\System32\TsUsbGDCoInstaller.dll
2014-06-05 08:00:22    792576    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2014-06-05 08:00:22    1030144    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2014-06-05 08:00:04    514560    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-06-05 08:00:04    366592    ----a-w-    C:\Windows\System32\qdvd.dll
2014-06-05 05:51:34    --------    d-----w-    C:\Users\William\AppData\Roaming\Guitar Pro 6
2014-06-05 05:51:34    --------    d-----w-    C:\ProgramData\Guitar Pro 6
2014-05-30 07:48:18    --------    d-sh--w-    C:\Users\William\AppData\Local\EmieUserList
2014-05-30 07:48:18    --------    d-sh--w-    C:\Users\William\AppData\Local\EmieSiteList
2014-05-28 21:32:14    80384    ----a-w-    C:\Windows\System32\RazerCoinstaller.dll
2014-05-28 08:49:09    --------    d-----w-    C:\Users\William\AppData\Roaming\StunlockStudios
2014-05-25 06:20:55    --------    d-----w-    C:\Users\William\AppData\Local\ApplicationHistory
2014-05-24 02:33:58    864256    ----a-w-    C:\Windows\SysWow64\rzdevicedll.dll
2014-05-24 02:33:56    325120    ----a-w-    C:\Windows\SysWow64\rzaudiodll.dll
2014-05-20 12:31:42    --------    d-----w-    C:\Users\William\AppData\Roaming\Unity
2014-05-20 12:26:33    --------    d-----w-    C:\Users\William\AppData\Local\Unity
2014-05-19 06:47:30    39080    ----a-w-    C:\Windows\System32\drivers\rzendpt.sys
2014-05-19 06:47:28    155816    ----a-w-    C:\Windows\System32\drivers\rzudd.sys
2014-05-19 06:26:50    155136    ----a-w-    C:\Windows\SysWow64\rztouchdll.dll
2014-05-19 06:26:46    117248    ----a-w-    C:\Windows\SysWow64\rzdisplaydll.dll
2014-05-15 15:19:19    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-15 15:19:19    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-14 06:43:54    --------    d-----w-    C:\Program Files (x86)\Geeks3D
2014-05-14 06:02:14    282296    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2014-05-14 02:59:48    --------    d-----w-    C:\Program Files (x86)\EA Games
.
==================== Find3M  ====================
.
2014-06-09 01:18:28    25640    ----a-w-    C:\Windows\gdrv.sys
2014-05-31 01:24:03    119512    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-20 12:41:54    76888    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2014-05-20 12:41:45    282296    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2014-05-20 12:37:50    270240    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2014-05-19 13:17:10    70832    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-19 13:17:10    692400    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-15 19:56:28    85328    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2014-05-15 19:56:28    1039096    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
2014-05-09 06:14:03    477184    ----a-w-    C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-05-05 08:20:01    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-05-05 08:20:01    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-05-05 08:20:01    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-05-05 08:20:01    43152    ----a-w-    C:\Windows\avastSS.scr
2014-05-05 08:20:01    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-05-05 08:20:01    208416    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-04-24 06:42:47    25640    ----a-w-    C:\Windows\etdrv.sys
2014-04-16 02:39:52    274656    ----a-w-    C:\Windows\System32\drivers\amdacpksd.sys
2014-04-16 02:37:30    15376384    ----a-w-    C:\Windows\System32\drivers\atikmdag.sys
2014-04-16 02:23:38    231424    ----a-w-    C:\Windows\System32\clinfo.exe
2014-04-16 02:23:24    98816    ----a-w-    C:\Windows\System32\OpenVideo64.dll
2014-04-16 02:23:18    83456    ----a-w-    C:\Windows\SysWow64\OpenVideo.dll
2014-04-16 02:23:12    86528    ----a-w-    C:\Windows\System32\OVDecode64.dll
2014-04-16 02:23:08    73216    ----a-w-    C:\Windows\SysWow64\OVDecode.dll
2014-04-16 02:23:02    28685824    ----a-w-    C:\Windows\System32\amdocl64.dll
2014-04-16 02:20:22    24107520    ----a-w-    C:\Windows\SysWow64\amdocl.dll
2014-04-16 02:17:56    65024    ----a-w-    C:\Windows\System32\OpenCL.dll
2014-04-16 02:17:52    58880    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2014-04-16 02:13:40    127488    ----a-w-    C:\Windows\System32\mantle64.dll
2014-04-16 02:13:20    113664    ----a-w-    C:\Windows\SysWow64\mantle32.dll
2014-04-16 02:13:00    5442048    ----a-w-    C:\Windows\System32\amdmantle64.dll
2014-04-16 02:12:38    27907584    ----a-w-    C:\Windows\System32\atio6axx.dll
2014-04-16 01:58:48    4358656    ----a-w-    C:\Windows\SysWow64\amdmantle32.dll
2014-04-16 01:51:34    23409152    ----a-w-    C:\Windows\SysWow64\atioglxx.dll
2014-04-16 01:46:32    368128    ----a-w-    C:\Windows\System32\atiapfxx.exe
2014-04-16 01:46:24    62464    ----a-w-    C:\Windows\System32\aticalrt64.dll
2014-04-16 01:46:22    52224    ----a-w-    C:\Windows\SysWow64\aticalrt.dll
2014-04-16 01:46:20    91136    ----a-w-    C:\Windows\System32\mantleaxl64.dll
2014-04-16 01:46:16    55808    ----a-w-    C:\Windows\System32\aticalcl64.dll
2014-04-16 01:46:14    49152    ----a-w-    C:\Windows\SysWow64\aticalcl.dll
2014-04-16 01:46:08    85504    ----a-w-    C:\Windows\SysWow64\mantleaxl32.dll
2014-04-16 01:46:00    15716352    ----a-w-    C:\Windows\System32\aticaldd64.dll
2014-04-16 01:42:48    14302208    ----a-w-    C:\Windows\SysWow64\aticaldd.dll
2014-04-16 01:33:08    48128    ----a-w-    C:\Windows\System32\amdmmcl6.dll
2014-04-16 01:33:04    37888    ----a-w-    C:\Windows\SysWow64\amdmmcl.dll
2014-04-16 01:30:08    442368    ----a-w-    C:\Windows\System32\atidemgy.dll
2014-04-16 01:29:56    31232    ----a-w-    C:\Windows\System32\atimuixx.dll
2014-04-16 01:29:48    586240    ----a-w-    C:\Windows\System32\atieclxx.exe
2014-04-16 01:29:18    239616    ----a-w-    C:\Windows\System32\atiesrxx.exe
2014-04-16 01:28:24    190976    ----a-w-    C:\Windows\System32\atitmm64.dll
2014-04-16 01:19:46    806912    ----a-w-    C:\Windows\System32\coinst_14.100.dll
2014-04-16 01:09:00    1177600    ----a-w-    C:\Windows\System32\atiadlxx.dll
2014-04-16 01:08:58    95744    ----a-w-    C:\Windows\System32\amdave64.dll
2014-04-16 01:08:54    90112    ----a-w-    C:\Windows\SysWow64\amdave32.dll
2014-04-16 01:08:48    848896    ----a-w-    C:\Windows\SysWow64\atiadlxy.dll
2014-04-16 01:08:42    89088    ----a-w-    C:\Windows\System32\atisamu64.dll
2014-04-16 01:08:38    80896    ----a-w-    C:\Windows\SysWow64\atisamu32.dll
2014-04-16 01:07:48    75264    ----a-w-    C:\Windows\System32\atig6pxx.dll
2014-04-16 01:07:42    69632    ----a-w-    C:\Windows\SysWow64\atiglpxx.dll
2014-04-16 01:07:42    69632    ----a-w-    C:\Windows\System32\atiglpxx.dll
2014-04-16 01:07:34    146944    ----a-w-    C:\Windows\System32\atig6txx.dll
2014-04-16 01:07:20    133632    ----a-w-    C:\Windows\SysWow64\atigktxx.dll
2014-04-16 01:07:04    638976    ----a-w-    C:\Windows\System32\drivers\atikmpag.sys
2014-04-16 01:04:46    43520    ----a-w-    C:\Windows\System32\drivers\ati2erec.dll
2014-04-15 12:33:30    51200    ----a-w-    C:\Windows\System32\kdbsdk64.dll
2014-04-15 12:28:56    38912    ----a-w-    C:\Windows\SysWow64\kdbsdk32.dll
2014-04-12 02:22:05    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05    155072    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37    28160    ----a-w-    C:\Windows\System32\secur32.dll
2014-04-12 02:19:32    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05    31232    ----a-w-    C:\Windows\System32\lsass.exe
2014-04-12 02:12:06    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-04-03 08:20:19    1700352    ----a-w-    C:\Windows\SysWow64\gdiplus.dll
2014-04-02 22:51:16    63192    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-04-02 22:51:04    88280    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-02 22:50:58    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-03-30 23:35:08    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-03-23 22:40:32    447752    ----a-w-    C:\Windows\SysWow64\vp6vfw.dll
.
============= FINISH: 11:24:36.83 ===============


Edited by enjoyyy, 08 June 2014 - 08:32 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:32 AM

Posted 09 June 2014 - 12:39 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download these tools and place them on your Desktop.
No not run them just yet.
===

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

Do not restart the computer after this reset.
===

Run the tools from your Desktop.

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
  • Note:
    Do not mouse click ComboFix's window while it's running. That may cause it to stall


    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ==============

    Download the correct version of this tool for your operating system.
    Farbar Recovery Scan Tool (64 bit)
    Farbar Recovery Scan Tool (32 bit)
    and save it to a folder on your computer's Desktop.
    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

    ===

    Restart the computer normally.

    Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

    Let me know what problem persists.


#7 enjoyyy

enjoyyy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 09 June 2014 - 10:59 PM

I have completed the scans as asked.

 

Rogue killer:

 

RogueKiller V9.0.2.0 (x64) [Jun  3 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : William [Admin rights]
Mode : Remove -- Date : 06/10/2014  12:24:50

¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] (SVC) gdrv -- \??\C:\Windows\gdrv.sys[7] -> STOPPED

¤¤¤ Registry Entries : 17 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\etdrv -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\etocdrv -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gdrv -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\etdrv -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\etocdrv -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gdrv -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\etdrv -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\etocdrv -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv -> NOT SELECTED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1776957638-1836971773-1101846250-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1776957638-1836971773-1101846250-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1776957638-1836971773-1101846250-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1776957638-1836971773-1101846250-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED

¤¤¤ Scheduled tasks : 1 ¤¤¤
[Suspicious.Path] \\{9B6AB639-60B9-47D4-9864-CB4C3DD4A438} -- C:\Windows\system32\pcalua.exe (-a C:\Users\William\AppData\Local\Temp\wzcc83\AMD_VGADriver_Win7_32_64_VER13_101\Setup.exe -d C:\Users\William\Downloads) -> DELETED

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1003FZEX-00MK2 SCSI Disk Device +++++
--- User ---
[MBR] 1e1358c7e3ec99de71747e6341f63fce
[BSP] 8078b57edde6878797cca4921c7e16fb : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB
User = LL1 ... OK
Error reading LL2 MBR! ([18] The program issued a command but the command length is incorrect. )


============================================
RKreport_SCN_06102014_122357.log

 

Combofix report:

 

ComboFix 14-06-09.01 - William 06/10/2014  12:28:46.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8079.4676 [GMT 10:00]
Running from: c:\users\William\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-10 to 2014-06-10  )))))))))))))))))))))))))))))))
.
.
2014-06-10 02:57 . 2014-06-10 02:57    --------    d-----w-    c:\users\Mcx1-WILLIAM-PC\AppData\Local\temp
2014-06-10 02:57 . 2014-06-10 02:57    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-06-10 02:34 . 2014-06-10 02:34    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{24700878-CB10-44E6-AA76-DA7464A74DEB}\offreg.dll
2014-06-10 02:04 . 2014-06-10 02:05    --------    d-----w-    c:\programdata\RogueKiller
2014-06-08 11:47 . 2014-01-09 02:22    5694464    ----a-w-    c:\windows\SysWow64\mstscax.dll
2014-06-08 11:47 . 2014-01-03 22:44    6574592    ----a-w-    c:\windows\system32\mstscax.dll
2014-06-08 10:21 . 2014-04-30 23:20    10702536    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{24700878-CB10-44E6-AA76-DA7464A74DEB}\mpengine.dll
2014-06-05 09:17 . 2013-10-02 01:10    44544    ----a-w-    c:\windows\system32\TsUsbGDCoInstaller.dll
2014-06-05 08:00 . 2013-09-25 02:23    1030144    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-06-05 08:00 . 2013-09-25 01:57    792576    ----a-w-    c:\windows\SysWow64\TSWorkspace.dll
2014-06-05 08:00 . 2012-05-04 11:00    366592    ----a-w-    c:\windows\system32\qdvd.dll
2014-06-05 08:00 . 2012-05-04 09:59    514560    ----a-w-    c:\windows\SysWow64\qdvd.dll
2014-06-05 05:51 . 2014-06-05 05:56    --------    d-----w-    c:\users\William\AppData\Roaming\Guitar Pro 6
2014-06-05 05:51 . 2014-06-05 05:51    --------    d-----w-    c:\programdata\Guitar Pro 6
2014-05-30 07:48 . 2014-05-30 07:48    --------    d-sh--w-    c:\users\William\AppData\Local\EmieUserList
2014-05-30 07:48 . 2014-05-30 07:48    --------    d-sh--w-    c:\users\William\AppData\Local\EmieSiteList
2014-05-28 21:32 . 2014-05-28 21:32    80384    ----a-w-    c:\windows\system32\RazerCoinstaller.dll
2014-05-28 08:49 . 2014-05-28 08:49    --------    d-----w-    c:\users\William\AppData\Roaming\StunlockStudios
2014-05-25 06:20 . 2014-05-31 07:43    --------    d-----w-    c:\users\William\AppData\Local\ApplicationHistory
2014-05-24 02:33 . 2014-05-24 02:33    864256    ----a-w-    c:\windows\SysWow64\rzdevicedll.dll
2014-05-24 02:33 . 2014-05-24 02:33    325120    ----a-w-    c:\windows\SysWow64\rzaudiodll.dll
2014-05-20 12:31 . 2014-05-20 12:31    --------    d-----w-    c:\users\William\AppData\Roaming\Unity
2014-05-20 12:26 . 2014-06-05 05:56    --------    d-----w-    c:\users\William\AppData\Local\Unity
2014-05-19 06:47 . 2014-05-19 06:47    39080    ----a-w-    c:\windows\system32\drivers\rzendpt.sys
2014-05-19 06:47 . 2014-05-19 06:47    155816    ----a-w-    c:\windows\system32\drivers\rzudd.sys
2014-05-19 06:26 . 2014-05-19 06:26    155136    ----a-w-    c:\windows\SysWow64\rztouchdll.dll
2014-05-19 06:26 . 2014-05-19 06:26    117248    ----a-w-    c:\windows\SysWow64\rzdisplaydll.dll
2014-05-15 15:19 . 2014-05-06 04:40    23544320    ----a-w-    c:\windows\system32\mshtml.dll
2014-05-15 15:19 . 2014-05-06 03:00    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2014-05-15 15:19 . 2014-05-06 04:17    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-05-15 15:19 . 2014-05-06 03:07    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-05-14 06:43 . 2014-05-14 06:43    --------    d-----w-    c:\program files (x86)\Geeks3D
2014-05-14 06:02 . 2014-05-20 12:41    282296    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2014-05-14 02:59 . 2014-05-14 02:59    --------    d-----w-    c:\program files (x86)\EA Games
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-10 02:12 . 2014-03-28 11:03    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-10 02:02 . 2014-01-10 07:06    25640    ----a-w-    c:\windows\gdrv.sys
2014-05-20 12:41 . 2014-01-11 13:51    76888    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2014-05-20 12:41 . 2014-01-11 13:51    282296    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2014-05-20 12:37 . 2014-01-11 13:51    270240    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2014-05-19 13:17 . 2014-01-22 05:10    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-19 13:17 . 2014-01-22 05:10    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-15 19:56 . 2014-04-10 03:56    85328    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2014-05-15 19:56 . 2014-04-10 03:56    1039096    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-05-15 19:56 . 2014-04-10 03:56    423240    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-05-15 15:18 . 2014-01-13 01:29    93223848    ----a-w-    c:\windows\system32\MRT.exe
2014-05-11 21:26 . 2014-03-28 11:02    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-05-11 21:26 . 2014-03-28 11:02    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-11 21:25 . 2014-03-28 11:02    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-05-06 05:14 . 2014-05-06 05:14    736952    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-05-06 05:12 . 2014-05-06 05:12    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-05-06 05:03 . 2014-05-06 05:03    42168    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-05-06 05:03 . 2014-05-06 05:03    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-05-05 08:20 . 2014-05-05 08:20    29208    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-05-05 08:20 . 2014-05-05 08:20    43152    ----a-w-    c:\windows\avastSS.scr
2014-05-05 08:20 . 2014-04-10 03:56    208416    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-05-05 08:20 . 2014-04-10 03:56    79184    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-05-05 08:20 . 2014-04-10 03:56    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-05-05 08:20 . 2014-04-10 03:56    93568    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-05-05 08:20 . 2014-04-10 03:56    334648    ----a-w-    c:\windows\system32\aswBoot.exe
2014-04-24 06:42 . 2014-01-10 10:46    25640    ----a-w-    c:\windows\etdrv.sys
2014-04-16 02:43 . 2014-04-16 02:43    127872    ----a-w-    c:\windows\system32\amdhcp64.dll
2014-04-16 02:43 . 2014-04-16 02:43    78432    ----a-w-    c:\windows\system32\atimpc64.dll
2014-04-16 02:43 . 2014-04-16 02:43    78432    ----a-w-    c:\windows\system32\amdpcom64.dll
2014-04-16 02:43 . 2014-04-16 02:43    117560    ----a-w-    c:\windows\SysWow64\amdhcp32.dll
2014-04-16 02:43 . 2014-04-16 02:43    71704    ----a-w-    c:\windows\SysWow64\atimpc32.dll
2014-04-16 02:43 . 2014-04-16 02:43    71704    ----a-w-    c:\windows\SysWow64\amdpcom32.dll
2014-04-16 02:43 . 2013-06-05 07:12    143304    ----a-w-    c:\windows\system32\atiuxp64.dll
2014-04-16 02:43 . 2013-06-05 07:12    126336    ----a-w-    c:\windows\SysWow64\atiuxpag.dll
2014-04-16 02:43 . 2014-04-16 02:43    117584    ----a-w-    c:\windows\system32\atiu9p64.dll
2014-04-16 02:43 . 2013-06-05 07:12    99520    ----a-w-    c:\windows\SysWow64\atiu9pag.dll
2014-04-16 02:43 . 2013-12-06 22:01    1343272    ----a-w-    c:\windows\system32\aticfx64.dll
2014-04-16 02:43 . 2013-06-05 07:11    1117184    ----a-w-    c:\windows\SysWow64\aticfx32.dll
2014-04-16 02:43 . 2013-12-06 22:00    10335208    ----a-w-    c:\windows\system32\atidxx64.dll
2014-04-16 02:43 . 2013-06-05 07:11    8866928    ----a-w-    c:\windows\SysWow64\atidxx32.dll
2014-04-16 02:43 . 2013-06-05 07:11    6796592    ----a-w-    c:\windows\SysWow64\atiumdva.dll
2014-04-16 02:43 . 2013-06-05 07:11    6799688    ----a-w-    c:\windows\SysWow64\atiumdag.dll
2014-04-16 02:43 . 2014-04-16 02:43    7520200    ----a-w-    c:\windows\system32\atiumd6a.dll
2014-04-16 02:43 . 2014-04-16 02:43    8010968    ----a-w-    c:\windows\system32\atiumd64.dll
2014-04-16 02:39 . 2014-04-16 02:39    274656    ----a-w-    c:\windows\system32\drivers\amdacpksd.sys
2014-04-16 02:37 . 2014-04-16 02:37    15376384    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2014-04-16 02:23 . 2014-04-16 02:23    231424    ----a-w-    c:\windows\system32\clinfo.exe
2014-04-16 02:23 . 2014-04-16 02:23    98816    ----a-w-    c:\windows\system32\OpenVideo64.dll
2014-04-16 02:23 . 2014-04-16 02:23    83456    ----a-w-    c:\windows\SysWow64\OpenVideo.dll
2014-04-16 02:23 . 2014-04-16 02:23    86528    ----a-w-    c:\windows\system32\OVDecode64.dll
2014-04-16 02:23 . 2014-04-16 02:23    73216    ----a-w-    c:\windows\SysWow64\OVDecode.dll
2014-04-16 02:23 . 2014-04-16 02:23    28685824    ----a-w-    c:\windows\system32\amdocl64.dll
2014-04-16 02:20 . 2014-04-16 02:20    24107520    ----a-w-    c:\windows\SysWow64\amdocl.dll
2014-04-16 02:17 . 2014-04-16 02:17    65024    ----a-w-    c:\windows\system32\OpenCL.dll
2014-04-16 02:17 . 2014-04-16 02:17    58880    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2014-04-16 02:13 . 2014-04-16 02:13    127488    ----a-w-    c:\windows\system32\mantle64.dll
2014-04-16 02:13 . 2014-04-16 02:13    113664    ----a-w-    c:\windows\SysWow64\mantle32.dll
2014-04-16 02:13 . 2014-04-16 02:13    5442048    ----a-w-    c:\windows\system32\amdmantle64.dll
2014-04-16 02:12 . 2014-04-16 02:12    27907584    ----a-w-    c:\windows\system32\atio6axx.dll
2014-04-16 01:58 . 2014-04-16 01:58    4358656    ----a-w-    c:\windows\SysWow64\amdmantle32.dll
2014-04-16 01:51 . 2014-04-16 01:51    23409152    ----a-w-    c:\windows\SysWow64\atioglxx.dll
2014-04-16 01:46 . 2014-04-16 01:46    368128    ----a-w-    c:\windows\system32\atiapfxx.exe
2014-04-16 01:46 . 2014-04-16 01:46    62464    ----a-w-    c:\windows\system32\aticalrt64.dll
2014-04-16 01:46 . 2014-04-16 01:46    52224    ----a-w-    c:\windows\SysWow64\aticalrt.dll
2014-04-16 01:46 . 2014-04-16 01:46    91136    ----a-w-    c:\windows\system32\mantleaxl64.dll
2014-04-16 01:46 . 2014-04-16 01:46    55808    ----a-w-    c:\windows\system32\aticalcl64.dll
2014-04-16 01:46 . 2014-04-16 01:46    49152    ----a-w-    c:\windows\SysWow64\aticalcl.dll
2014-04-16 01:46 . 2014-04-16 01:46    85504    ----a-w-    c:\windows\SysWow64\mantleaxl32.dll
2014-04-16 01:46 . 2014-04-16 01:46    15716352    ----a-w-    c:\windows\system32\aticaldd64.dll
2014-04-16 01:42 . 2014-04-16 01:42    14302208    ----a-w-    c:\windows\SysWow64\aticaldd.dll
2014-04-16 01:33 . 2014-04-16 01:33    48128    ----a-w-    c:\windows\system32\amdmmcl6.dll
2014-04-16 01:33 . 2014-04-16 01:33    37888    ----a-w-    c:\windows\SysWow64\amdmmcl.dll
2014-04-16 01:30 . 2014-04-16 01:30    442368    ----a-w-    c:\windows\system32\atidemgy.dll
2014-04-16 01:29 . 2014-04-16 01:29    31232    ----a-w-    c:\windows\system32\atimuixx.dll
2014-04-16 01:29 . 2014-04-16 01:29    586240    ----a-w-    c:\windows\system32\atieclxx.exe
2014-04-16 01:29 . 2014-04-16 01:29    239616    ----a-w-    c:\windows\system32\atiesrxx.exe
2014-04-16 01:28 . 2014-04-16 01:28    190976    ----a-w-    c:\windows\system32\atitmm64.dll
2014-04-16 01:19 . 2014-04-16 01:19    806912    ----a-w-    c:\windows\system32\coinst_14.100.dll
2014-04-16 01:09 . 2014-04-16 01:09    1177600    ----a-w-    c:\windows\system32\atiadlxx.dll
2014-04-16 01:08 . 2014-04-16 01:08    95744    ----a-w-    c:\windows\system32\amdave64.dll
2014-04-16 01:08 . 2014-04-16 01:08    90112    ----a-w-    c:\windows\SysWow64\amdave32.dll
2014-04-16 01:08 . 2014-04-16 01:08    848896    ----a-w-    c:\windows\SysWow64\atiadlxy.dll
2014-04-16 01:08 . 2014-04-16 01:08    89088    ----a-w-    c:\windows\system32\atisamu64.dll
2014-04-16 01:08 . 2014-04-16 01:08    80896    ----a-w-    c:\windows\SysWow64\atisamu32.dll
2014-04-16 01:07 . 2014-04-16 01:07    75264    ----a-w-    c:\windows\system32\atig6pxx.dll
2014-04-16 01:07 . 2014-04-16 01:07    69632    ----a-w-    c:\windows\SysWow64\atiglpxx.dll
2014-04-16 01:07 . 2014-04-16 01:07    69632    ----a-w-    c:\windows\system32\atiglpxx.dll
2014-04-16 01:07 . 2014-04-16 01:07    146944    ----a-w-    c:\windows\system32\atig6txx.dll
2014-04-16 01:07 . 2014-04-16 01:07    133632    ----a-w-    c:\windows\SysWow64\atigktxx.dll
2014-04-16 01:07 . 2014-04-16 01:07    638976    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2014-04-16 01:04 . 2014-04-16 01:04    43520    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2014-04-15 12:33 . 2014-04-15 12:33    51200    ----a-w-    c:\windows\system32\kdbsdk64.dll
2014-04-15 12:28 . 2014-04-15 12:28    38912    ----a-w-    c:\windows\SysWow64\kdbsdk32.dll
2014-04-03 08:20 . 2014-04-03 08:20    1700352    ----a-w-    c:\windows\SysWow64\gdiplus.dll
2014-03-30 23:35 . 2010-11-21 03:27    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-03-23 22:40 . 2014-03-23 22:41    447752    ----a-w-    c:\windows\SysWow64\vp6vfw.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2013-06-04 389120]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-05-14 55360]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-06-09 1753280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2014-05-31 585048]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-08 3890208]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-15 767200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTune"="c:\program files (x86)\GIGABYTE\EasyTune\RunOnceTask.exe" [2013-11-13 10240]
"PreRun"="c:\program files (x86)\Gigabyte\AppCenter\PreRun.exe" [2013-04-29 8192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x]
R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 atillk64;atillk64;c:\program files (x86)\ASUS\GPU Tweak\atillk64.sys;c:\program files (x86)\ASUS\GPU Tweak\atillk64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 etocdrv;etocdrv;c:\windows\etocdrv.sys;c:\windows\etocdrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 gadjservice;GIGABYTE Adjust;c:\program files (x86)\Gigabyte\AppCenter\AdjustService.exe;c:\program files (x86)\Gigabyte\AppCenter\AdjustService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe;c:\program files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-10 05:34]
.
2014-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-10 05:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-21 03:23    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-05 08:20    290888    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-04-25 00:03    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 00:03    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-25 00:03    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-25 00:03    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-04-25 00:03    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-04-25 00:03    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 441840]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-02-26 13423688]
"FAHConsole"="c:\program files\File Association Helper\FAHConsole.exe" [2013-09-26 216248]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-08-07 36352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SmartRecovery2\RPMKickstartEx.exe" [2014-04-01 2320384]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\William\AppData\Roaming\Mozilla\Firefox\Profiles\lyfi86cn.default-1396410500399\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1776957638-1836971773-1101846250-1000\Software\SecuROM\License information*]
"datasecu"=hex:f3,e9,1e,80,d8,97,b3,4c,fa,d6,58,db,cf,fe,65,5e,f6,4b,89,5e,e2,
   2d,22,c8,29,15,1f,b4,3d,a9,2c,5e,2c,19,9e,38,50,0c,c0,54,e4,7a,20,93,d0,1e,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-06-10  13:05:03
ComboFix-quarantined-files.txt  2014-06-10 03:05
.
Pre-Run: 703,556,292,608 bytes free
Post-Run: 705,760,808,960 bytes free
.
- - End Of File - - 8C00949764F3A5F48EC286F4D7BE69FB
A36C5E4F47E84449FF07ED3517B43A31
 

 

Farbar log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014
Ran by William (administrator) on WILLIAM-PC on 10-06-2014 13:08:49
Running from C:\Users\William\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(WinZip Computing International, LLC) C:\Program Files\File Association Helper\FAHWindow.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\Smart TimeLock\AlarmClock.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-27] (Realtek Semiconductor)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [216248 2013-09-26] (WinZip Computing International, LLC)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585048 2014-05-31] (Razer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-08] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-15] (Advanced Micro Devices, Inc.)
HKLM\...\RunOnce: [RPMKickstart] - C:\Program Files\GIGABYTE\SmartRecovery2\RPMKickstartEx.exe [2320384 2014-04-01] (TODO: <Company name>)
HKLM-x32\...\RunOnce: [EasyTune] - C:\Program Files (x86)\GIGABYTE\EasyTune\RunOnceTask.exe [10240 2013-11-13] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM-x32\...\RunOnce: [PreRun] - C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [8192 2013-04-29] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1776957638-1836971773-1101846250-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-06-04] (AMD)
HKU\S-1-5-21-1776957638-1836971773-1101846250-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-05-15] (Raptr, Inc)
HKU\S-1-5-21-1776957638-1836971773-1101846250-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1753280 2014-06-10] (Valve Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: GBHO.BHO - {45d30484-7ded-43d9-957a-d2fd1f046511} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\lyfi86cn.default-1396410500399
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Extension: Battlefield Heroes Updater - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\lyfi86cn.default-1396410500399\Extensions\battlefieldheroespatcher@ea.com [2014-05-14]
FF Extension: YouTube Center - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\lyfi86cn.default-1396410500399\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2014-05-01]
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-10]

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-05] (AVAST Software)
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16384 2014-04-16] () [File not signed]
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-03-01] (Hi-Rez Studios) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-20] ()
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe [102400 2013-02-22] (Gigabyte Technology CO., LTD.) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-16] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-05] ()
S3 atillk64; C:\Program Files (x86)\ASUS\GPU Tweak\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
S3 etocdrv; C:\Windows\etocdrv.sys [15584 2013-10-30] (Giga-Byte Technology CO., LTD.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-05-19] (Razer Inc)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-10 13:08 - 2014-06-10 13:08 - 00011784 _____ () C:\Users\William\Desktop\FRST.txt
2014-06-10 13:06 - 2014-06-10 13:08 - 00000000 ____D () C:\FRST
2014-06-10 13:05 - 2014-06-10 13:05 - 00025136 _____ () C:\ComboFix.txt
2014-06-10 13:05 - 2014-06-10 13:05 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-10 13:05 - 2014-06-10 13:05 - 00000000 ____D () C:\Users\Mcx1-WILLIAM-PC\AppData\Local\temp
2014-06-10 13:05 - 2014-06-10 13:05 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-10 13:05 - 2014-06-10 13:05 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-10 12:27 - 2014-06-10 13:05 - 00000000 ____D () C:\Qoobox
2014-06-10 12:27 - 2014-06-10 13:03 - 00000000 ____D () C:\Windows\erdnt
2014-06-10 12:27 - 2011-06-26 16:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-10 12:27 - 2010-11-08 03:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-10 12:27 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-10 12:27 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-10 12:27 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-10 12:27 - 2000-08-31 10:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-10 12:27 - 2000-08-31 10:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-10 12:27 - 2000-08-31 10:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-10 12:25 - 2014-06-10 12:25 - 00003876 _____ () C:\Users\William\Desktop\RKreport_DEL_06102014_122450.log
2014-06-10 12:07 - 2014-06-10 12:07 - 02080768 _____ (Farbar) C:\Users\William\Desktop\FRST64.exe
2014-06-10 12:05 - 2014-06-10 12:06 - 05205664 ____R (Swearware) C:\Users\William\Desktop\ComboFix.exe
2014-06-10 12:04 - 2014-06-10 12:05 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-10 12:03 - 2014-06-10 12:04 - 05245952 _____ () C:\Users\William\Desktop\RogueKillerX64.exe
2014-06-09 11:24 - 2014-06-09 11:24 - 00020389 _____ () C:\Users\William\Desktop\dds.txt
2014-06-09 11:24 - 2014-06-09 11:24 - 00006866 _____ () C:\Users\William\Desktop\attach.txt
2014-06-09 11:23 - 2014-06-09 11:23 - 00688992 ____R (Swearware) C:\Users\William\Downloads\dds.com
2014-06-08 21:47 - 2014-01-09 12:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-06-08 21:47 - 2014-01-04 08:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-06-05 19:17 - 2013-10-02 11:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-06-05 19:16 - 2013-10-02 12:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-06-05 19:16 - 2013-10-02 12:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-05 19:16 - 2013-10-02 12:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-05 19:16 - 2013-10-02 11:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-06-05 19:16 - 2013-10-02 11:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-06-05 19:16 - 2013-10-02 11:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-06-05 19:16 - 2013-10-02 10:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-06-05 19:16 - 2013-10-02 10:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-06-05 19:16 - 2013-10-02 10:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-06-05 19:16 - 2013-10-02 10:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-06-05 19:16 - 2013-10-02 10:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-06-05 19:16 - 2013-10-02 09:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-06-05 19:16 - 2013-10-02 09:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-06-05 19:16 - 2013-10-02 09:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-06-05 19:16 - 2013-10-02 08:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-06-05 19:16 - 2012-08-24 00:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-06-05 19:16 - 2012-08-24 00:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-06-05 19:16 - 2012-08-24 00:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-06-05 19:16 - 2012-08-23 23:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-05 19:16 - 2012-08-23 21:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-06-05 19:16 - 2012-08-23 20:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-06-05 19:16 - 2012-08-23 19:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-05 18:00 - 2013-09-25 12:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-06-05 18:00 - 2013-09-25 11:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-06-05 18:00 - 2012-05-04 21:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-06-05 18:00 - 2012-05-04 19:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-06-05 15:51 - 2014-06-05 15:56 - 00000000 ____D () C:\Users\William\AppData\Roaming\Guitar Pro 6
2014-06-05 15:51 - 2014-06-05 15:51 - 00000000 ____D () C:\ProgramData\Guitar Pro 6
2014-06-05 14:40 - 2014-06-05 15:50 - 154449468 _____ (Arobas Music ) C:\Users\William\Downloads\gp6-full-win-demo-r11621.exe
2014-06-03 16:28 - 2014-06-03 16:28 - 00000783 _____ () C:\Users\William\Desktop\JRT.txt
2014-05-31 12:29 - 2014-05-31 12:29 - 01327971 _____ () C:\Users\William\Downloads\adwcleaner_3.211.exe
2014-05-30 17:48 - 2014-05-30 17:48 - 00000000 __SHD () C:\Users\William\AppData\Local\EmieUserList
2014-05-30 17:48 - 2014-05-30 17:48 - 00000000 __SHD () C:\Users\William\AppData\Local\EmieSiteList
2014-05-29 07:32 - 2014-05-29 07:32 - 00080384 _____ (Razer Inc) C:\Windows\system32\RazerCoinstaller.dll
2014-05-28 18:49 - 2014-05-28 18:49 - 00000000 ____D () C:\Users\William\AppData\Roaming\StunlockStudios
2014-05-24 12:33 - 2014-05-24 12:33 - 00864256 _____ (Razer Inc) C:\Windows\SysWOW64\rzdevicedll.dll
2014-05-24 12:33 - 2014-05-24 12:33 - 00325120 _____ (Razer Inc) C:\Windows\SysWOW64\rzaudiodll.dll
2014-05-20 22:31 - 2014-05-20 22:31 - 00000000 ____D () C:\Users\William\AppData\Roaming\Unity
2014-05-20 22:26 - 2014-06-05 15:56 - 00000000 ____D () C:\Users\William\AppData\Local\Unity
2014-05-20 22:26 - 2014-05-20 22:26 - 01070624 _____ (Unity Technologies ApS) C:\Users\William\Downloads\UnityWebPlayer.exe
2014-05-19 16:47 - 2014-05-19 16:47 - 00155816 _____ (Razer Inc) C:\Windows\system32\Drivers\rzudd.sys
2014-05-19 16:47 - 2014-05-19 16:47 - 00039080 _____ (Razer Inc) C:\Windows\system32\Drivers\rzendpt.sys
2014-05-19 16:26 - 2014-05-19 16:26 - 00155136 _____ (Razer Inc) C:\Windows\SysWOW64\rztouchdll.dll
2014-05-19 16:26 - 2014-05-19 16:26 - 00117248 _____ (Razer Inc) C:\Windows\SysWOW64\rzdisplaydll.dll
2014-05-16 01:19 - 2014-05-06 14:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 01:19 - 2014-05-06 14:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 01:19 - 2014-05-06 13:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-16 01:19 - 2014-05-06 13:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-16 01:19 - 2014-05-06 13:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 01:19 - 2014-05-06 12:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 16:22 - 2014-05-09 16:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 16:22 - 2014-05-09 16:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 16:22 - 2014-04-12 12:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 16:22 - 2014-04-12 12:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 16:22 - 2014-04-12 12:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 16:22 - 2014-04-12 12:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 16:22 - 2014-04-12 12:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 16:22 - 2014-04-12 12:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 16:22 - 2014-04-12 12:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 16:22 - 2014-04-12 12:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 16:22 - 2014-04-12 12:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 16:22 - 2014-03-25 12:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 16:22 - 2014-03-25 12:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 16:22 - 2014-03-04 19:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 16:22 - 2014-03-04 19:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 16:22 - 2014-03-04 19:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 16:22 - 2014-03-04 19:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 16:22 - 2014-03-04 19:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 16:22 - 2014-03-04 19:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 16:22 - 2014-03-04 19:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 16:22 - 2014-03-04 19:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 16:22 - 2014-03-04 19:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 16:22 - 2014-03-04 19:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 16:22 - 2014-03-04 19:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 16:22 - 2014-03-04 19:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 16:22 - 2014-03-04 19:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 16:22 - 2014-03-04 19:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 16:22 - 2014-03-04 19:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 16:22 - 2014-03-04 19:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 16:22 - 2014-03-04 19:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 16:22 - 2014-03-04 19:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 16:22 - 2014-03-04 19:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 16:22 - 2014-03-04 19:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 16:22 - 2014-03-04 19:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 16:22 - 2014-03-04 19:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 16:22 - 2014-03-04 19:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 16:22 - 2014-03-04 19:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 16:22 - 2014-03-04 19:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 16:22 - 2014-03-04 19:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 16:22 - 2014-03-04 19:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 16:22 - 2014-03-04 19:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 16:22 - 2014-03-04 19:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 16:22 - 2014-03-04 19:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 16:22 - 2014-03-04 19:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 16:22 - 2014-03-04 19:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 16:22 - 2013-04-10 09:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-05-15 16:22 - 2013-04-03 08:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-05-14 16:43 - 2014-05-14 16:43 - 00000000 ____D () C:\Program Files (x86)\Geeks3D
2014-05-14 16:42 - 2014-05-14 16:43 - 05345004 _____ (Geeks3D ) C:\Users\William\Downloads\FurMark_1.13.0_Setup.exe
2014-05-14 16:40 - 2014-05-14 16:41 - 01141408 _____ ( ) C:\Users\William\Downloads\hwmonitor_1.25-setup.exe
2014-05-14 16:35 - 2014-05-14 16:36 - 00281472 _____ () C:\Windows\Minidump\051414-16785-01.dmp
2014-05-14 16:12 - 2014-05-14 16:12 - 00281472 _____ () C:\Windows\Minidump\051414-16660-01.dmp
2014-05-14 16:02 - 2014-05-20 22:41 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-05-14 16:00 - 2014-05-20 22:44 - 00000000 ____D () C:\Users\William\Documents\Battlefield Heroes
2014-05-14 14:46 - 2014-05-14 14:46 - 00000000 ____D () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
2014-05-14 12:59 - 2014-05-14 12:59 - 00000000 ____D () C:\Program Files (x86)\EA Games
2014-05-14 02:16 - 2014-05-14 02:16 - 00281472 _____ () C:\Windows\Minidump\051414-12667-01.dmp
2014-05-14 02:12 - 2014-05-14 02:12 - 00281472 _____ () C:\Windows\Minidump\051414-12776-01.dmp
2014-05-14 02:00 - 2014-05-14 02:00 - 00281472 _____ () C:\Windows\Minidump\051414-11934-01.dmp
2014-05-11 15:08 - 2014-05-11 15:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-06-10 13:08 - 2014-06-10 13:08 - 00011784 _____ () C:\Users\William\Desktop\FRST.txt
2014-06-10 13:08 - 2014-06-10 13:06 - 00000000 ____D () C:\FRST
2014-06-10 13:08 - 2014-01-10 14:36 - 00000000 ____D () C:\Users\William\AppData\Local\Temp
2014-06-10 13:05 - 2014-06-10 13:05 - 00025136 _____ () C:\ComboFix.txt
2014-06-10 13:05 - 2014-06-10 13:05 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-10 13:05 - 2014-06-10 13:05 - 00000000 ____D () C:\Users\Mcx1-WILLIAM-PC\AppData\Local\temp
2014-06-10 13:05 - 2014-06-10 13:05 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-10 13:05 - 2014-06-10 13:05 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-10 13:05 - 2014-06-10 12:27 - 00000000 ____D () C:\Qoobox
2014-06-10 13:05 - 2009-07-14 13:20 - 00000000 __RHD () C:\Users\Default
2014-06-10 13:04 - 2014-01-10 15:34 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-10 13:03 - 2014-06-10 12:27 - 00000000 ____D () C:\Windows\erdnt
2014-06-10 12:57 - 2009-07-14 12:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-10 12:50 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-10 12:25 - 2014-06-10 12:25 - 00003876 _____ () C:\Users\William\Desktop\RKreport_DEL_06102014_122450.log
2014-06-10 12:16 - 2014-01-10 14:36 - 01494817 _____ () C:\Windows\WindowsUpdate.log
2014-06-10 12:12 - 2014-03-28 21:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 12:12 - 2014-03-28 21:02 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-10 12:12 - 2014-03-28 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-10 12:12 - 2014-03-28 21:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-10 12:09 - 2009-07-14 14:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 12:09 - 2009-07-14 14:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 12:07 - 2014-06-10 12:07 - 02080768 _____ (Farbar) C:\Users\William\Desktop\FRST64.exe
2014-06-10 12:07 - 2009-07-14 15:13 - 00798146 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-10 12:06 - 2014-06-10 12:05 - 05205664 ____R (Swearware) C:\Users\William\Desktop\ComboFix.exe
2014-06-10 12:05 - 2014-06-10 12:04 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-10 12:04 - 2014-06-10 12:03 - 05245952 _____ () C:\Users\William\Desktop\RogueKillerX64.exe
2014-06-10 12:04 - 2014-01-10 19:30 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-10 12:03 - 2014-04-26 19:42 - 00000000 ____D () C:\Users\William\AppData\Roaming\Raptr
2014-06-10 12:02 - 2014-04-10 13:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-10 12:02 - 2014-01-10 17:06 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-06-10 12:01 - 2014-01-10 15:34 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 12:01 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-10 12:01 - 2009-07-14 14:51 - 00060293 _____ () C:\Windows\setupact.log
2014-06-09 11:24 - 2014-06-09 11:24 - 00020389 _____ () C:\Users\William\Desktop\dds.txt
2014-06-09 11:24 - 2014-06-09 11:24 - 00006866 _____ () C:\Users\William\Desktop\attach.txt
2014-06-09 11:23 - 2014-06-09 11:23 - 00688992 ____R (Swearware) C:\Users\William\Downloads\dds.com
2014-06-08 22:54 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
2014-06-08 20:07 - 2014-05-06 14:59 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-06-05 20:26 - 2009-07-14 13:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-05 20:24 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-06-05 15:56 - 2014-06-05 15:51 - 00000000 ____D () C:\Users\William\AppData\Roaming\Guitar Pro 6
2014-06-05 15:56 - 2014-05-20 22:26 - 00000000 ____D () C:\Users\William\AppData\Local\Unity
2014-06-05 15:51 - 2014-06-05 15:51 - 00000000 ____D () C:\ProgramData\Guitar Pro 6
2014-06-05 15:50 - 2014-06-05 14:40 - 154449468 _____ (Arobas Music ) C:\Users\William\Downloads\gp6-full-win-demo-r11621.exe
2014-06-05 13:31 - 2014-01-10 21:34 - 00212898 _____ () C:\Windows\DPINST.LOG
2014-06-05 13:31 - 2014-01-10 21:17 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-06-03 16:44 - 2009-07-14 15:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-03 16:35 - 2010-11-21 13:47 - 01162456 _____ () C:\Windows\PFRO.log
2014-06-03 16:34 - 2014-04-02 13:42 - 00000000 ____D () C:\AdwCleaner
2014-06-03 16:28 - 2014-06-03 16:28 - 00000783 _____ () C:\Users\William\Desktop\JRT.txt
2014-06-02 17:14 - 2009-07-14 15:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-31 23:12 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-05-31 12:29 - 2014-05-31 12:29 - 01327971 _____ () C:\Users\William\Downloads\adwcleaner_3.211.exe
2014-05-30 17:48 - 2014-05-30 17:48 - 00000000 __SHD () C:\Users\William\AppData\Local\EmieUserList
2014-05-30 17:48 - 2014-05-30 17:48 - 00000000 __SHD () C:\Users\William\AppData\Local\EmieSiteList
2014-05-29 07:32 - 2014-05-29 07:32 - 00080384 _____ (Razer Inc) C:\Windows\system32\RazerCoinstaller.dll
2014-05-28 22:44 - 2014-01-12 20:51 - 00000000 ____D () C:\Fraps
2014-05-28 18:49 - 2014-05-28 18:49 - 00000000 ____D () C:\Users\William\AppData\Roaming\StunlockStudios
2014-05-24 12:33 - 2014-05-24 12:33 - 00864256 _____ (Razer Inc) C:\Windows\SysWOW64\rzdevicedll.dll
2014-05-24 12:33 - 2014-05-24 12:33 - 00325120 _____ (Razer Inc) C:\Windows\SysWOW64\rzaudiodll.dll
2014-05-22 11:17 - 2014-04-18 15:10 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-05-20 22:44 - 2014-05-14 16:00 - 00000000 ____D () C:\Users\William\Documents\Battlefield Heroes
2014-05-20 22:41 - 2014-05-14 16:02 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-05-20 22:41 - 2014-01-11 23:51 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-20 22:41 - 2014-01-11 23:51 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-20 22:37 - 2014-01-11 23:51 - 00270240 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-05-20 22:31 - 2014-05-20 22:31 - 00000000 ____D () C:\Users\William\AppData\Roaming\Unity
2014-05-20 22:26 - 2014-05-20 22:26 - 01070624 _____ (Unity Technologies ApS) C:\Users\William\Downloads\UnityWebPlayer.exe
2014-05-19 23:17 - 2014-01-22 15:10 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-19 23:17 - 2014-01-22 15:10 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-19 19:44 - 2014-02-28 19:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-19 16:47 - 2014-05-19 16:47 - 00155816 _____ (Razer Inc) C:\Windows\system32\Drivers\rzudd.sys
2014-05-19 16:47 - 2014-05-19 16:47 - 00039080 _____ (Razer Inc) C:\Windows\system32\Drivers\rzendpt.sys
2014-05-19 16:26 - 2014-05-19 16:26 - 00155136 _____ (Razer Inc) C:\Windows\SysWOW64\rztouchdll.dll
2014-05-19 16:26 - 2014-05-19 16:26 - 00117248 _____ (Razer Inc) C:\Windows\SysWOW64\rzdisplaydll.dll
2014-05-16 05:56 - 2014-04-10 13:56 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-16 05:56 - 2014-04-10 13:56 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-16 05:56 - 2014-04-10 13:56 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-16 05:53 - 2014-01-10 14:36 - 00000000 ___RD () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 05:53 - 2014-01-10 14:36 - 00000000 ___RD () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 05:51 - 2014-05-07 02:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 01:19 - 2014-01-13 11:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 01:18 - 2014-01-13 11:29 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 16:43 - 2014-05-14 16:43 - 00000000 ____D () C:\Program Files (x86)\Geeks3D
2014-05-14 16:43 - 2014-05-14 16:42 - 05345004 _____ (Geeks3D ) C:\Users\William\Downloads\FurMark_1.13.0_Setup.exe
2014-05-14 16:41 - 2014-05-14 16:40 - 01141408 _____ ( ) C:\Users\William\Downloads\hwmonitor_1.25-setup.exe
2014-05-14 16:36 - 2014-05-14 16:35 - 00281472 _____ () C:\Windows\Minidump\051414-16785-01.dmp
2014-05-14 16:35 - 2014-04-23 22:40 - 649922772 _____ () C:\Windows\MEMORY.DMP
2014-05-14 16:35 - 2014-04-23 22:40 - 00000000 ____D () C:\Windows\Minidump
2014-05-14 16:12 - 2014-05-14 16:12 - 00281472 _____ () C:\Windows\Minidump\051414-16660-01.dmp
2014-05-14 16:01 - 2014-02-01 13:31 - 00000000 ____D () C:\Users\William\AppData\Local\PunkBuster
2014-05-14 14:46 - 2014-05-14 14:46 - 00000000 ____D () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
2014-05-14 12:59 - 2014-05-14 12:59 - 00000000 ____D () C:\Program Files (x86)\EA Games
2014-05-14 02:37 - 2014-04-03 18:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-05-14 02:16 - 2014-05-14 02:16 - 00281472 _____ () C:\Windows\Minidump\051414-12667-01.dmp
2014-05-14 02:12 - 2014-05-14 02:12 - 00281472 _____ () C:\Windows\Minidump\051414-12776-01.dmp
2014-05-14 02:00 - 2014-05-14 02:00 - 00281472 _____ () C:\Windows\Minidump\051414-11934-01.dmp
2014-05-12 19:09 - 2014-01-10 19:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 07:26 - 2014-03-28 21:02 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-03-28 21:02 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-03-28 21:02 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 15:08 - 2014-05-11 15:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 22:47

==================== End Of Log ============================

 

 

 

Im still getting the occasional pop up after all that.


Edited by enjoyyy, 10 June 2014 - 06:03 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:32 AM

Posted 10 June 2014 - 07:58 AM

Looking good.

If the pop-ups are seen by many user using the Router, it may just be that you need to reset it.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/
===

To reset the default setting for the browsers follow these instructions.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox.
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca
%2F
===

Internet Explorer,
Menu > Internet Options > Advanced tab.
At the bottom Reset IE settings...

===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Keep me posted.

#9 enjoyyy

enjoyyy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 10 June 2014 - 09:01 AM

I have only got 1 random pop up since i did what you said so hopefully that was unrelated to my issue.

 

 Results of screen317's Security Check version 0.99.84  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 13.0.0.214  
 Adobe Reader XI  
 Mozilla Firefox (29.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:32 AM

Posted 10 June 2014 - 12:37 PM

If it happens again run this.

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]


Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.

On a Vista or Windows 7 operating system right click on the fixme.reg file and run as Administrator.

Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.
=================

#11 enjoyyy

enjoyyy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 11 June 2014 - 12:14 AM

Ok thank you very much!



#12 enjoyyy

enjoyyy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 12 June 2014 - 09:26 PM

Hey the pop ups are still going on ive tried the registry fix but they still come up.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:32 AM

Posted 13 June 2014 - 07:19 AM

Did you reset the router, post No. 8?

Disable all the Add-ons, extensions in Firefox.

Do the same for Chrome and Internet explorer is these browsers are also problematic.

If you are still getting popups can you give me some information as to what you get.

#14 enjoyyy

enjoyyy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 13 June 2014 - 07:23 AM

Yeah i reset the router and disabled everything i've never used IE or chrome on this computer. When i click on a link or click a blank space of a website i'll have a window pop up with something like "binary money making" or "your flash player needs an update" and then sometimes ill just be sitting on a page and a pop up window will just open constantly every few seconds until i leave that page. I usually on visit facebook, youtube and play games through steam on this computer. however all the computers connected to this router immediately becomne infected while using it.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:32 AM

Posted 13 June 2014 - 08:14 AM

Try this.

Please download JavaRa

Double click JavaRa.exe then click Remove Older Versions.
In Vista and Windows 7 right click the JavaRa.exe and select run as Administrator.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

===

Empty flash cache.
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
<<<>>>

Clean the Java Cache. Tutorial here.
http://www.java.com/en/download/help/plugin_cache.xml

Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users