Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit/Bootkit Removal assistance


  • This topic is locked This topic is locked
12 replies to this topic

#1 Kompany4

Kompany4

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 25 June 2014 - 08:35 PM

All around slower computer performance, lots of issues with Trusted Installer. System restore files have randomly become present and seems to run on its own, even while im on the PC. Mouse pointer has moved on its own on multiple occasions. Certain settings changing themselves, including strict boot-up procedures.

 

Sorry for the poor structure, I was thinking aloud to myself. I have also done a couple system restores and ran a few different scans that couldn't seem to pinpoint the bug (Including Malware Bytes).

 

Thank you

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by Kompany at 20:19:04 on 2014-06-25
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.6005.4897 [GMT -5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\igfxCUIService.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\dashost.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\System32\dwm.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\Explorer.EXE
C:\windows\system32\igfxEM.exe
C:\windows\system32\igfxHK.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lenovo13.msn.com
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://lenovo13.msn.com
mWinlogon: Userinit = userinit.exe
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [TBAction] C:\Program Files (x86)\Visual TimeAnalyzer\tbaction.exe
uPolicies-Explorer: TaskbarNoNotification = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoCDBurning = dword:1
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoAddPrinter = dword:1
uPolicies-Explorer: NoPropertiesMyComputer = dword:1
mPolicies-Explorer: NoCustomizeThisFolder = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoVirtMemPage = dword:0
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
TCP: NameServer = 192.168.1.1 68.238.96.12
TCP: Interfaces\{B3B140A0-11BB-4CDE-AA76-031DE13EC4DA} : DHCPNameServer = 192.168.1.1 68.238.96.12
SSODL: WebCheck - <orphaned>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-mPolicies-Explorer: NoCustomizeThisFolder = dword:0
x64-mPolicies-System: NoDispAppearancePage = dword:0
x64-mPolicies-System: NoVirtMemPage = dword:0
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kompany\AppData\Roaming\Mozilla\Firefox\Profiles\pqegxyzs.default\
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-9-24 645952]
R0 LHDmgr;LHDmgr;C:\windows\System32\Drivers\LhdX64.sys [2012-9-24 39008]
R2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service;C:\windows\System32\igfxCUIService.exe [2014-6-5 315352]
R2 RzKLService;RzKLService;C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2014-6-25 105448]
R2 RzMaelstromVADStreamingService;Razer Surround Audio Service;C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [2014-5-23 4250624]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-9-24 1153840]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\Drivers\AcpiVpc.sys [2012-5-15 33560]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2014-6-5 450520]
R3 NETwNe64;@oem10.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew00.sys [2012-10-10 4309032]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2012-9-24 331992]
R3 rzendpt;rzendpt;C:\windows\System32\Drivers\rzendpt.sys [2014-5-19 39080]
R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;C:\windows\System32\Drivers\RzMaelstromVAD.sys [2014-5-23 32768]
R3 rzudd;Razer Mouse Driver;C:\windows\System32\Drivers\rzudd.sys [2014-5-19 155816]
S2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-7-16 69640]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-24 364416]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\windows\System32\Drivers\bcbtums.sys [2012-9-24 164152]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2014-6-17 169752]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-9-24 272176]
S3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-9-24 683664]
S3 usb3Hub;USB-IF USB 3.0 Hub;C:\windows\System32\Drivers\usb3Hub.sys [2012-8-9 48096]
S3 wsvd;wsvd;C:\windows\System32\Drivers\wsvd.sys [2012-9-24 102376]
S3 XHCIPort;USB-IF xHCI USB Host Controller;C:\windows\System32\Drivers\xHCIPort.sys [2012-8-9 188384]
S4 BcmBtRSupport;Bluetooth Radio Control Service;C:\windows\System32\BtwRSupportService.exe [2012-9-24 2252600]
S4 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
S4 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-9-24 128896]
S4 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-24 165760]
.
=============== Created Last 30 ================
.
2014-06-25 20:21:42    --------    d-----w-    C:\Users\Kompany\AppData\Local\ElevatedDiagnostics
2014-06-25 19:01:54    85496    ---ha-w-    C:\windows\System32\drivers\PROCMON23.SYS
2014-06-25 18:03:52    10779000    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{03D5FB25-C5FF-4B77-9867-F5A3177BBF07}\mpengine.dll
2014-06-25 14:27:59    785408    ----a-w-    C:\windows\System32\audiosrv.dll
2014-06-25 14:26:02    3236864    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-06-25 14:26:00    1395712    ----a-w-    C:\windows\System32\Windows.UI.Immersive.dll
2014-06-25 14:24:35    1122768    ----a-w-    C:\windows\System32\Taskmgr.exe
2014-06-25 14:23:59    677888    ----a-w-    C:\windows\System32\mfnetcore.dll
2014-06-25 14:21:30    370688    ----a-w-    C:\windows\System32\drivers\mrxsmb.sys
2014-06-25 14:21:29    1120768    ----a-w-    C:\windows\System32\gpedit.dll
2014-06-25 14:21:28    215040    ----a-w-    C:\windows\System32\drivers\mrxsmb20.sys
2014-06-25 14:21:27    83968    ----a-w-    C:\windows\System32\drivers\hidclass.sys
2014-06-25 14:21:27    78336    ----a-w-    C:\windows\System32\drivers\IPMIDrv.sys
2014-06-25 14:21:27    247808    ----a-w-    C:\windows\System32\drivers\srvnet.sys
2014-06-25 14:21:27    1075200    ----a-w-    C:\windows\SysWow64\gpedit.dll
2014-06-25 14:11:24    10779000    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-06-25 10:54:00    --------    d-----w-    C:\Program Files\Process Hacker 2
2014-06-25 08:22:50    --------    d-----w-    C:\Users\Kompany\AppData\Roaming\IObit
2014-06-25 08:22:50    --------    d-----w-    C:\ProgramData\IObit
2014-06-25 08:22:45    --------    d-----w-    C:\Program Files (x86)\IObit
2014-06-25 06:10:04    --------    d-----w-    C:\Program Files (x86)\SystemRequirementsLab
2014-06-25 04:07:29    703992    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2014-06-25 04:07:29    105464    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-25 01:37:07    16114176    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-06-25 01:37:07    15541248    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-06-25 00:50:59    995328    ----a-w-    C:\windows\SysWow64\Windows.Media.Streaming.dll
2014-06-25 00:49:59    68608    ----a-w-    C:\windows\System32\wwanprotdim.dll
2014-06-24 08:21:06    --------    d-----w-    C:\Program Files\Synaptics
2014-06-24 08:13:07    2094592    ----a-w-    C:\windows\System32\mmc.exe
2014-06-24 08:12:56    785624    ----a-w-    C:\windows\System32\drivers\Wdf01000.sys
2014-06-24 08:11:32    96600    ----a-w-    C:\windows\System32\drivers\wfplwfs.sys
2014-06-24 08:04:31    61440    ----a-w-    C:\windows\SysWow64\iesetup.dll
2014-06-24 07:38:16    --------    d-----w-    C:\ProgramData\Analyzer
2014-06-24 07:38:14    --------    d-----w-    C:\Program Files (x86)\Visual TimeAnalyzer
2014-06-23 21:12:56    --------    d-----w-    C:\windows\System32\MRT
2014-06-23 21:10:32    270496    ------w-    C:\windows\System32\MpSigStub.exe
2014-06-21 21:17:27    --------    d-----w-    C:\Program Files\CCleaner
2014-06-21 02:04:44    --------    d-----w-    C:\Users\Kompany\AppData\Local\Diagnostics
2014-06-21 02:03:45    --------    d-----w-    C:\Users\Kompany\AppData\Local\Apps
2014-06-18 17:33:01    --------    d-----w-    C:\Users\Kompany\AppData\Local\Razer_Inc
2014-06-18 17:28:48    --------    d-----w-    C:\ProgramData\RzMaelstromVAD_1.1.58.1854
2014-06-18 17:18:39    --------    d-----w-    C:\Users\Kompany\AppData\Local\Razer
2014-06-18 14:07:32    --------    d-----w-    C:\windows\SysWow64\sda
2014-06-18 14:06:23    9889352    ----a-w-    C:\windows\SysWow64\RsCRIcon.dll
2014-06-18 14:06:23    465624    ----a-w-    C:\windows\System32\drivers\RtsPer.sys
2014-06-18 14:06:23    359128    ----a-w-    C:\windows\System32\drivers\RtsPStor.sys
2014-06-18 14:06:23    313048    ----a-w-    C:\windows\System32\drivers\RtsBaStor.sys
2014-06-18 14:06:23    291544    ----a-w-    C:\windows\System32\drivers\RtsP2Stor.sys
2014-06-18 14:06:23    271064    ----a-w-    C:\windows\System32\drivers\RtsUStor.sys
2014-06-18 08:29:59    38912    ----a-w-    C:\windows\SysWow64\kmddsp.tsp
2014-06-18 08:28:57    405504    ----a-w-    C:\windows\System32\pcasvc.dll
2014-06-18 08:27:57    68096    ----a-w-    C:\windows\System32\cryptsvc.dll
2014-06-18 08:26:44    222720    ----a-w-    C:\windows\System32\scrobj.dll
2014-06-18 08:25:41    583680    ----a-w-    C:\windows\System32\msdrm.dll
2014-06-18 08:24:53    2361344    ----a-w-    C:\windows\System32\msxml6.dll
2014-06-18 08:23:57    1628160    ----a-w-    C:\windows\System32\WindowsCodecs.dll
2014-06-18 08:23:57    1339392    ----a-w-    C:\windows\SysWow64\WindowsCodecs.dll
2014-06-18 08:15:48    312320    ----a-w-    C:\windows\System32\msieftp.dll
2014-06-18 08:15:48    273408    ----a-w-    C:\windows\SysWow64\msieftp.dll
2014-06-18 08:15:18    2048    ----a-w-    C:\windows\SysWow64\tzres.dll
2014-06-18 08:15:18    2048    ----a-w-    C:\windows\System32\tzres.dll
2014-06-18 02:00:08    17536    ----a-w-    C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-06-17 16:35:13    --------    d-----w-    C:\windows\pss
2014-06-17 16:25:57    --------    dc----w-    C:\Users\Kompany\AppData\Local\MigWiz
2014-06-17 16:17:05    --------    d-----w-    C:\ProgramData\SuRe Softwares
2014-06-17 16:17:05    --------    d-----w-    C:\Program Files (x86)\Windows Tweaker
2014-06-17 16:16:41    --------    d-----w-    C:\Users\Kompany\AppData\Local\Downloaded Installations
2014-06-17 13:26:23    144    ----a-w-    C:\windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-06-17 13:13:20    --------    d-sh--w-    C:\Users\Kompany\IntelGraphicsProfiles
2014-06-17 13:13:08    451    ----a-w-    C:\windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-06-17 13:04:19    --------    d-----w-    C:\Program Files (x86)\Cisco
2014-06-17 12:52:51    --------    d-----w-    C:\Drivers
2014-06-17 12:52:45    --------    d-----w-    C:\Users\Kompany\AppData\Local\Programs
2014-06-17 12:10:51    --------    d-----w-    C:\Program Files\COMODO
2014-06-17 12:10:15    --------    d-----w-    C:\ProgramData\Comodo
2014-06-17 11:02:59    4494184    ----a-w-    C:\windows\System32\d3dx9_33.dll
2014-06-17 09:05:36    --------    d-----w-    C:\Program Files (x86)\Common Files\Steam
2014-06-17 09:05:35    --------    d-----w-    C:\Program Files (x86)\Steam
2014-06-17 08:51:04    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-06-05 16:58:58    182784    ----a-w-    C:\windows\System32\igfxCoIn_v3621.dll
2014-05-29 14:32:14    80384    ----a-w-    C:\windows\System32\RazerCoinstaller.dll
.
==================== Find3M  ====================
.
2014-06-25 01:43:06    1301504    ----a-w-    C:\windows\System32\gdi32.dll
2014-06-25 01:41:41    94208    ----a-w-    C:\windows\System32\synceng.dll
2014-06-25 01:36:57    888832    ----a-w-    C:\windows\System32\nshwfp.dll
2014-06-25 01:36:57    723968    ----a-w-    C:\windows\System32\BFE.DLL
2014-06-25 01:36:57    381952    ----a-w-    C:\windows\System32\FWPUCLNT.DLL
2014-06-25 01:36:57    1160192    ----a-w-    C:\windows\System32\IKEEXT.DLL
2014-06-25 01:36:20    576512    ----a-w-    C:\windows\System32\drivers\afd.sys
2014-06-25 01:35:40    4917760    ----a-w-    C:\windows\System32\sppsvc.exe
2014-06-25 01:35:39    120320    ----a-w-    C:\windows\System32\sppc.dll
2014-06-25 01:35:36    1164288    ----a-w-    C:\windows\System32\sppobjs.dll
2014-06-25 01:35:35    204800    ----a-w-    C:\windows\System32\WSClient.dll
2014-06-25 01:35:34    58200    ----a-w-    C:\windows\System32\drivers\dam.sys
2014-06-25 01:35:33    81408    ----a-w-    C:\windows\System32\setupcln.dll
2014-06-25 01:35:32    368640    ----a-w-    C:\windows\System32\sppwinob.dll
2014-06-25 01:35:31    2371728    ----a-w-    C:\windows\System32\WSService.dll
2014-06-25 01:35:26    198656    ----a-w-    C:\windows\System32\Windows.ApplicationModel.Store.dll
2014-06-25 01:35:26    183808    ----a-w-    C:\windows\System32\WSSync.dll
2014-06-25 01:34:31    36352    ----a-w-    C:\windows\System32\rfxvmt.dll
2014-06-25 01:34:31    3246592    ----a-w-    C:\windows\System32\rdpcorets.dll
2014-06-25 01:34:31    27880    ----a-w-    C:\windows\System32\drivers\rdpvideominiport.sys
2014-06-25 01:34:31    235520    ----a-w-    C:\windows\System32\rdpudd.dll
2014-06-25 01:33:54    86016    ----a-w-    C:\windows\System32\ncryptsslp.dll
2014-06-25 01:33:18    62976    ----a-w-    C:\windows\System32\imagehlp.dll
2014-06-25 01:32:42    652288    ----a-w-    C:\windows\System32\comctl32.dll
2014-06-25 01:28:38    35856    ----a-w-    C:\windows\System32\drivers\WdBoot.sys
2014-06-25 01:28:38    269592    ----a-w-    C:\windows\System32\drivers\WdFilter.sys
2014-06-25 01:28:04    600064    ----a-w-    C:\windows\System32\vbscript.dll
2014-06-25 01:25:47    54488    ----a-w-    C:\windows\System32\drivers\WdfLdr.sys
2014-06-25 01:23:05    17888    ----a-w-    C:\windows\System32\msvcr100_clr0400.dll
2014-06-25 01:22:18    136704    ----a-w-    C:\windows\System32\iesysprep.dll
2014-06-25 01:22:17    2239488    ----a-w-    C:\windows\System32\wininet.dll
2014-06-25 01:22:15    2706432    ----a-w-    C:\windows\System32\mshtml.tlb
2014-06-25 01:22:14    3958784    ----a-w-    C:\windows\System32\jscript9.dll
2014-06-25 01:22:13    53760    ----a-w-    C:\windows\System32\UXInit.dll
2014-06-25 01:22:13    1508864    ----a-w-    C:\windows\System32\inetcpl.cpl
2014-06-25 01:22:11    915968    ----a-w-    C:\windows\System32\uxtheme.dll
2014-06-25 01:22:04    67072    ----a-w-    C:\windows\System32\iesetup.dll
2014-06-25 01:19:30    1890816    ----a-w-    C:\windows\System32\crypt32.dll
2014-06-25 01:18:55    1314816    ----a-w-    C:\windows\System32\rpcrt4.dll
2014-06-25 01:18:31    4036608    ----a-w-    C:\windows\System32\win32k.sys
2014-06-25 01:17:39    39936    ----a-w-    C:\windows\apppatch\apppatch64\acspecfc.dll
2014-06-25 01:17:14    141312    ----a-w-    C:\windows\System32\cryptnet.dll
2014-06-25 01:17:14    1255936    ----a-w-    C:\windows\System32\certutil.exe
2014-06-25 01:15:45    2893824    ----a-w-    C:\windows\System32\msmpeg2vdec.dll
2014-06-25 01:14:21    26624    ----a-w-    C:\windows\System32\ReAgentc.exe
2014-06-25 01:13:58    945152    ----a-w-    C:\windows\System32\resetengmig.dll
2014-06-25 01:13:58    443392    ----a-w-    C:\windows\System32\ReAgent.dll
2014-06-25 01:13:58    132096    ----a-w-    C:\windows\System32\sysreset.exe
2014-06-25 01:13:58    1011200    ----a-w-    C:\windows\System32\reseteng.dll
2014-06-25 01:13:11    96256    ----a-w-    C:\windows\System32\fontsub.dll
2014-06-25 01:13:11    46080    ----a-w-    C:\windows\System32\atmlib.dll
2014-06-25 01:13:11    362496    ----a-w-    C:\windows\System32\atmfd.dll
2014-06-25 01:13:11    14336    ----a-w-    C:\windows\System32\dciman32.dll
2014-06-25 01:11:58    475136    ----a-w-    C:\windows\System32\WWanAPI.dll
2014-06-25 01:11:57    385024    ----a-w-    C:\windows\System32\ncsi.dll
2014-06-25 01:11:56    293376    ----a-w-    C:\windows\System32\Windows.Networking.Connectivity.dll
2014-06-25 01:11:54    543232    ----a-w-    C:\windows\System32\wlroamextension.dll
2014-06-25 01:11:53    729600    ----a-w-    C:\windows\System32\duser.dll
2014-06-25 01:11:52    297984    ----a-w-    C:\windows\System32\drivers\ks.sys
2014-06-25 01:11:51    107520    ----a-w-    C:\windows\System32\taskkill.exe
2014-06-25 01:11:51    102400    ----a-w-    C:\windows\System32\tasklist.exe
2014-06-25 01:11:50    87552    ----a-w-    C:\windows\System32\wersvc.dll
2014-06-25 01:11:49    611840    ----a-w-    C:\windows\System32\wpd_ci.dll
2014-06-25 01:11:46    260096    ----a-w-    C:\windows\System32\hotspotauth.dll
2014-06-25 01:11:45    830464    ----a-w-    C:\windows\System32\wbem\WmiPrvSD.dll
2014-06-25 01:10:49    1690624    ----a-w-    C:\windows\System32\GdiPlus.dll
2014-06-25 01:10:28    1838080    ----a-w-    C:\windows\System32\DWrite.dll
2014-06-25 01:10:00    570216    ----a-w-    C:\windows\System32\drivers\cng.sys
2014-06-25 01:10:00    172888    ----a-w-    C:\windows\System32\drivers\ksecpkg.sys
2014-06-25 01:10:00    1281536    ----a-w-    C:\windows\System32\lsasrv.dll
2014-06-25 01:08:51    20992    ----a-w-    C:\windows\System32\drivers\usb8023.sys
2014-06-25 01:08:08    70144    ----a-w-    C:\windows\System32\appinfo.dll
2014-06-25 01:08:08    112872    ----a-w-    C:\windows\System32\consent.exe
2014-06-25 01:05:57    560640    ----a-w-    C:\windows\System32\mfmp4srcsnk.dll
2014-06-25 01:05:57    17408    ----a-w-    C:\windows\System32\muifontsetup.dll
2014-06-25 01:05:56    77824    ----a-w-    C:\windows\System32\taskhost.exe
2014-06-25 01:05:56    72192    ----a-w-    C:\windows\System32\taskhostex.exe
2014-06-25 01:05:55    812544    ----a-w-    C:\windows\System32\Magnify.exe
2014-06-25 01:05:55    501760    ----a-w-    C:\windows\System32\DevicePairing.dll
2014-06-25 01:05:54    179712    ----a-w-    C:\windows\System32\bisrv.dll
2014-06-25 01:05:54    1332736    ----a-w-    C:\windows\System32\sysmain.dll
2014-06-25 01:05:53    122368    ----a-w-    C:\windows\System32\biwinrt.dll
2014-06-25 01:05:51    330240    ----a-w-    C:\windows\System32\stobject.dll
2014-06-25 01:05:01    733184    ----a-w-    C:\windows\System32\win32spl.dll
2014-06-25 01:04:43    2842112    ----a-w-    C:\windows\System32\WMVDECOD.DLL
2014-06-25 01:04:27    194048    ----a-w-    C:\windows\System32\scrrun.dll
2014-06-25 01:04:27    146944    ----a-w-    C:\windows\System32\cscript.exe
2014-06-25 01:04:27    143872    ----a-w-    C:\windows\System32\wshom.ocx
2014-06-25 01:04:11    31232    ----a-w-    C:\windows\System32\pcadm.dll
2014-06-25 01:04:11    13312    ----a-w-    C:\windows\System32\pcalua.exe
2014-06-25 01:04:11    11776    ----a-w-    C:\windows\System32\pcaevts.dll
2014-06-25 01:03:52    98304    ----a-w-    C:\windows\System32\apprepsync.dll
2014-06-25 01:03:52    124416    ----a-w-    C:\windows\System32\apprepapi.dll
2014-06-25 01:03:51    337408    ----a-w-    C:\windows\System32\wintrust.dll
2014-06-25 01:03:11    9216    ----a-w-    C:\windows\System32\dpnhupnp.dll
2014-06-25 01:03:11    9216    ----a-w-    C:\windows\System32\dpnhpast.dll
2014-06-25 01:03:11    67584    ----a-w-    C:\windows\System32\dpnathlp.dll
2014-06-25 01:03:11    463872    ----a-w-    C:\windows\System32\dpnet.dll
2014-06-25 01:03:11    4096    ----a-w-    C:\windows\System32\dpnlobby.dll
2014-06-25 01:03:11    34816    ----a-w-    C:\windows\System32\dpnsvr.exe
.
============= FINISH: 20:20:01.78 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:08 PM

Posted 26 June 2014 - 04:58 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Kompany4

Kompany4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 26 June 2014 - 07:55 PM

Marius,

 

Thank you for your time as well as assistance. Before the scan I was asked to use "Virtualization Technology" while scanning my PC, i selected no as I was not sure. Let me know if I should have chosen yes.

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-06-26 19:32:48
-----------------------------
19:32:48.695    OS Version: Windows x64 6.2.9200
19:32:48.695    Number of processors: 4 586 0x3A09
19:32:48.696    ComputerName: MBSHOE  UserName:
19:32:50.111    Initialize success
19:32:50.166    VM: initialized successfully
19:32:50.239    VM: Intel CPU BiosDisabled
19:33:29.620    VM: not used
19:46:07.781    AVAST engine defs: 14062602
19:46:16.048    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000039
19:46:16.050    Disk 0 Vendor: WDC_WD5000BPVT-24HXZT3 03.01A03 Size: 476940MB BusType: 11
19:46:16.180    Disk 0 MBR read successfully
19:46:16.182    Disk 0 MBR scan
19:46:16.186    Disk 0 unknown MBR code
19:46:16.188    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
19:46:16.243    Disk 0 scanning C:\windows\system32\drivers
19:46:28.375    Service scanning
19:46:52.651    Modules scanning
19:46:52.656    Disk 0 trace - called modules:
19:46:52.700    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
19:46:52.703    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80074d6060]
19:46:52.705    3 CLASSPNP.SYS[fffff88002096e0a] -> nt!IofCallDriver -> \Device\00000039[0xfffffa8005c632b0]
19:46:54.252    AVAST engine scan C:\windows
19:46:56.618    AVAST engine scan C:\windows\system32
19:49:22.525    AVAST engine scan C:\windows\system32\drivers
19:49:37.181    AVAST engine scan C:\Users\Kompany
19:49:59.723    AVAST engine scan C:\ProgramData
19:50:52.567    Scan finished successfully
19:53:03.663    Disk 0 MBR has been saved successfully to "C:\Users\Kompany\Desktop\MBR.dat"
19:53:03.666    The log file has been saved successfully to "C:\Users\Kompany\Desktop\aswMBR.txt"



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:08 PM

Posted 30 June 2014 - 04:15 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Kompany4

Kompany4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 30 June 2014 - 09:05 PM

ComboFix 14-06-30.01 - Kompany 06/30/2014  20:49:46.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.6005.5002 [GMT -5:00]
Running from: c:\users\Kompany\Desktop\ComboFix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
ADS - windows: deleted 192 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-01 to 2014-07-01  )))))))))))))))))))))))))))))))
.
.
2014-07-01 01:54 . 2014-07-01 01:54    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-07-01 00:39 . 2014-06-05 08:54    10779000    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A802AD9-40A2-4FAE-B7B5-64AC472F7984}\mpengine.dll
2014-06-28 03:17 . 2014-04-23 16:50    1031560    ------w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{9273B5D3-B52F-4C04-A5F1-9B244418D13F}\gapaengine.dll
2014-06-25 19:01 . 2014-06-25 19:01    85496    ---ha-w-    c:\windows\system32\drivers\PROCMON23.SYS
2014-06-25 18:18 . 2014-06-25 18:18    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2014-06-25 14:27 . 2013-06-01 09:24    493056    ----a-w-    c:\windows\SysWow64\mscms.dll
2014-06-25 14:26 . 2012-10-24 04:54    396008    ----a-w-    c:\windows\system32\hal.dll
2014-06-25 14:26 . 2012-10-11 05:45    3236864    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-06-25 14:26 . 2012-10-11 05:46    1395712    ----a-w-    c:\windows\system32\Windows.UI.Immersive.dll
2014-06-25 14:24 . 2012-11-27 06:39    1122768    ----a-w-    c:\windows\system32\Taskmgr.exe
2014-06-25 14:23 . 2012-10-17 04:32    677888    ----a-w-    c:\windows\system32\mfnetcore.dll
2014-06-25 14:21 . 2014-03-01 09:47    1258496    ----a-w-    c:\windows\system32\kernel32.dll
2014-06-25 14:21 . 2014-02-26 23:18    370688    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2014-06-25 14:21 . 2014-03-01 09:47    1120768    ----a-w-    c:\windows\system32\gpedit.dll
2014-06-25 14:21 . 2014-02-26 23:18    215040    ----a-w-    c:\windows\system32\drivers\mrxsmb20.sys
2014-06-25 14:21 . 2014-03-01 08:07    1075200    ----a-w-    c:\windows\SysWow64\gpedit.dll
2014-06-25 14:21 . 2014-02-26 23:18    247808    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2014-06-25 14:21 . 2014-02-15 04:15    78336    ----a-w-    c:\windows\system32\drivers\IPMIDrv.sys
2014-06-25 14:21 . 2013-11-25 23:17    83968    ----a-w-    c:\windows\system32\drivers\hidclass.sys
2014-06-25 12:10 . 2014-06-25 12:10    --------    d-----w-    c:\windows\ServiceProfiles\LocalService\winhttp
2014-06-25 10:54 . 2014-06-25 15:48    --------    d-----w-    c:\program files\Process Hacker 2
2014-06-25 08:22 . 2014-06-25 15:48    --------    d-----w-    c:\programdata\IObit
2014-06-25 08:22 . 2014-06-25 15:47    --------    d-----w-    c:\program files (x86)\IObit
2014-06-25 06:10 . 2014-06-25 06:10    --------    d-----w-    c:\program files (x86)\SystemRequirementsLab
2014-06-25 04:07 . 2014-05-31 05:16    703992    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-25 04:07 . 2014-05-31 05:16    105464    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-25 01:37 . 2012-11-26 02:15    16114176    ----a-w-    c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-06-25 01:37 . 2012-11-26 02:14    15541248    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-06-25 00:50 . 2012-09-20 06:47    307192    ----a-w-    c:\windows\SysWow64\MMDevAPI.dll
2014-06-25 00:49 . 2012-10-02 07:34    68608    ----a-w-    c:\windows\system32\wwanprotdim.dll
2014-06-24 08:21 . 2014-06-24 08:21    --------    d-----w-    c:\program files\Synaptics
2014-06-24 08:13 . 2014-06-25 01:39    1964544    ----a-w-    c:\windows\system32\wlidsvc.dll
2014-06-24 08:12 . 2014-06-25 01:25    785624    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2014-06-24 08:11 . 2014-06-25 01:36    96600    ----a-w-    c:\windows\system32\drivers\wfplwfs.sys
2014-06-24 08:04 . 2014-06-25 01:22    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2014-06-24 07:38 . 2014-06-24 07:38    --------    d-----w-    c:\programdata\Analyzer
2014-06-24 07:38 . 2014-06-24 07:38    --------    d-----w-    c:\program files (x86)\Visual TimeAnalyzer
2014-06-23 21:12 . 2014-06-23 21:14    --------    d-----w-    c:\windows\system32\MRT
2014-06-23 21:10 . 2014-01-19 07:38    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-06-23 15:42 . 2014-06-25 19:42    --------    d-----w-    c:\users\Mbleezy
2014-06-21 21:17 . 2014-06-21 21:17    --------    d-----w-    c:\program files\CCleaner
2014-06-18 17:28 . 2014-06-18 17:28    --------    d-----w-    c:\programdata\RzMaelstromVAD_1.1.58.1854
2014-06-18 17:18 . 2014-06-28 07:19    --------    d-----w-    c:\programdata\Razer
2014-06-18 17:18 . 2014-06-28 07:19    --------    d-----w-    c:\program files (x86)\Razer
2014-06-18 14:07 . 2014-06-18 14:07    --------    d-----w-    c:\windows\SysWow64\sda
2014-06-18 14:06 . 2014-01-07 21:24    359128    ----a-w-    c:\windows\system32\drivers\RtsPStor.sys
2014-06-18 14:06 . 2014-01-07 21:10    313048    ----a-w-    c:\windows\system32\drivers\RtsBaStor.sys
2014-06-18 14:06 . 2014-01-03 23:34    465624    ----a-w-    c:\windows\system32\drivers\RtsPer.sys
2014-06-18 14:06 . 2014-01-03 23:08    291544    ----a-w-    c:\windows\system32\drivers\RtsP2Stor.sys
2014-06-18 14:06 . 2014-01-03 20:33    271064    ----a-w-    c:\windows\system32\drivers\RtsUStor.sys
2014-06-18 14:06 . 2013-04-26 01:12    9889352    ----a-w-    c:\windows\SysWow64\RsCRIcon.dll
2014-06-18 10:34 . 2014-06-25 01:30    19759104    ----a-w-    c:\windows\system32\shell32.dll
2014-06-18 08:29 . 2014-06-25 00:58    267264    ----a-w-    c:\windows\system32\EncDump.dll
2014-06-18 08:28 . 2014-06-25 01:04    405504    ----a-w-    c:\windows\system32\pcasvc.dll
2014-06-18 08:27 . 2014-06-25 01:03    68096    ----a-w-    c:\windows\system32\cryptsvc.dll
2014-06-18 08:26 . 2014-06-25 01:04    222720    ----a-w-    c:\windows\system32\scrobj.dll
2014-06-18 08:25 . 2014-06-25 01:05    583680    ----a-w-    c:\windows\system32\msdrm.dll
2014-06-18 08:24 . 2014-06-25 00:56    2361344    ----a-w-    c:\windows\system32\msxml6.dll
2014-06-18 08:23 . 2014-06-25 00:59    1628160    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-06-18 08:23 . 2014-01-31 00:48    1339392    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2014-06-18 08:15 . 2013-11-01 05:38    312320    ----a-w-    c:\windows\system32\msieftp.dll
2014-06-18 08:15 . 2013-11-01 03:49    273408    ----a-w-    c:\windows\SysWow64\msieftp.dll
2014-06-18 08:15 . 2012-12-13 04:00    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-06-18 08:15 . 2012-12-13 03:59    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-06-18 02:00 . 2014-06-18 02:00    17536    ----a-w-    c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-06-17 16:17 . 2014-06-17 16:17    --------    d-----w-    c:\program files (x86)\Windows Tweaker
2014-06-17 16:17 . 2014-06-17 16:17    --------    d-----w-    c:\programdata\SuRe Softwares
2014-06-17 13:26 . 2014-06-17 13:26    144    ----a-w-    c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-06-17 13:13 . 2014-06-17 13:13    451    ----a-w-    c:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-06-17 13:04 . 2014-06-17 13:04    --------    d-----w-    c:\program files (x86)\Cisco
2014-06-17 12:52 . 2014-06-17 13:02    --------    d-----w-    C:\Drivers
2014-06-17 12:10 . 2014-06-17 13:43    --------    d-----w-    c:\program files\COMODO
2014-06-17 12:10 . 2014-06-17 13:43    --------    d-----w-    c:\programdata\Comodo
2014-06-17 11:02 . 2007-03-12 23:42    4494184    ----a-w-    c:\windows\system32\d3dx9_33.dll
2014-06-17 10:38 . 2014-06-17 10:54    --------    d-----w-    c:\program files (x86)\Notepad++
2014-06-17 09:30 . 2014-06-17 13:04    --------    d-----w-    c:\users\ADMINI~1
2014-06-17 09:05 . 2014-06-17 10:11    --------    d-----w-    c:\program files (x86)\Common Files\Steam
2014-06-17 09:05 . 2014-07-01 00:43    --------    d-----w-    c:\program files (x86)\Steam
2014-06-17 08:48 . 2014-06-25 12:50    --------    d-----w-    c:\users\Kompany
2014-06-17 08:41 . 2014-06-17 08:41    --------    d--h--r-    c:\users\Public\AccountPictures
2014-06-05 16:58 . 2014-06-05 16:58    182784    ----a-w-    c:\windows\system32\igfxCoIn_v3621.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-25 01:17 . 2014-06-18 08:26    39936    ----a-w-    c:\windows\apppatch\apppatch64\acspecfc.dll
2014-06-25 00:58 . 2012-07-26 02:26    199680    ----a-w-    c:\windows\system32\cdd.dll
2014-06-17 09:47 . 2012-07-26 08:13    23264    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-06-05 16:59 . 2012-08-22 08:14    444376    ----a-w-    c:\windows\system32\igfxTray.exe
2014-05-29 14:32 . 2014-05-29 14:32    80384    ----a-w-    c:\windows\system32\RazerCoinstaller.dll
2014-05-24 02:33 . 2014-05-24 02:33    864256    ----a-w-    c:\windows\SysWow64\rzdevicedll.dll
2014-05-24 02:33 . 2014-05-24 02:33    325120    ----a-w-    c:\windows\SysWow64\rzaudiodll.dll
2014-05-23 11:02 . 2014-05-23 11:02    136704    ----a-w-    c:\windows\SysWow64\RzVAD.dll
2014-05-23 10:34 . 2014-05-23 10:34    32768    ----a-w-    c:\windows\system32\drivers\RzMaelstromVAD.sys
2014-05-23 10:31 . 2014-05-23 10:31    245760    ----a-w-    c:\windows\system32\DriverInstallCACMD.exe
2014-05-23 10:31 . 2014-05-23 10:31    69632    ----a-w-    c:\windows\system32\DriverInstallCA.dll
2014-05-19 06:47 . 2014-05-19 06:47    39080    ----a-w-    c:\windows\system32\drivers\rzendpt.sys
2014-05-19 06:47 . 2014-05-19 06:47    155816    ----a-w-    c:\windows\system32\drivers\rzudd.sys
2014-05-19 06:26 . 2014-05-19 06:26    89088    ----a-w-    c:\windows\SysWow64\rzdevinfo.dll
2014-05-19 06:26 . 2014-05-19 06:26    155136    ----a-w-    c:\windows\SysWow64\rztouchdll.dll
2014-05-19 06:26 . 2014-05-19 06:26    117248    ----a-w-    c:\windows\SysWow64\rzdisplaydll.dll
2014-05-17 04:27 . 2014-05-17 04:27    4590152    ----a-w-    c:\windows\system32\igdusc64.dll
2014-05-17 04:27 . 2014-05-17 04:27    433560    ----a-w-    c:\windows\system32\igdmd64.dll
2014-05-17 04:27 . 2014-05-17 04:27    3658520    ----a-w-    c:\windows\SysWow64\igdusc32.dll
2014-05-17 04:27 . 2014-05-17 04:27    348088    ----a-w-    c:\windows\SysWow64\igdmd32.dll
2014-05-17 04:27 . 2014-05-17 04:27    31408    ----a-w-    c:\windows\system32\igfxexps.dll
2014-05-17 04:27 . 2014-05-17 04:27    218808    ----a-w-    c:\windows\system32\iglhcp64.dll
2014-05-17 04:27 . 2014-05-17 04:27    187408    ----a-w-    c:\windows\system32\igfxcmrt64.dll
2014-05-17 04:27 . 2014-05-17 04:27    183800    ----a-w-    c:\windows\SysWow64\iglhcp32.dll
2014-05-17 04:27 . 2014-05-17 04:27    17791136    ----a-w-    c:\windows\system32\igd10iumd64.dll
2014-05-17 04:27 . 2014-05-17 04:27    16586584    ----a-w-    c:\windows\system32\igdumdim64.dll
2014-05-17 04:27 . 2014-05-17 04:27    16114320    ----a-w-    c:\windows\SysWow64\igdumdim32.dll
2014-05-17 04:27 . 2014-05-17 04:27    158032    ----a-w-    c:\windows\SysWow64\igfxcmrt32.dll
2014-05-17 04:27 . 2014-05-17 04:27    1137080    ----a-w-    c:\windows\system32\iglhsip64.dll
2014-05-17 04:27 . 2014-05-17 04:27    1132960    ----a-w-    c:\windows\SysWow64\iglhsip32.dll
2014-05-17 04:27 . 2014-05-17 04:27    17409536    ----a-w-    c:\windows\SysWow64\igd10iumd32.dll
2014-05-17 04:25 . 2014-05-17 04:25    8120320    ----a-w-    c:\windows\system32\ig7icd64.dll
2014-05-17 04:25 . 2014-05-17 04:25    3791872    ----a-w-    c:\windows\system32\drivers\igdkmd64.sys
2014-05-17 04:25 . 2014-05-17 04:25    223744    ----a-w-    c:\windows\system32\igdde64.dll
2014-05-17 04:25 . 2014-05-17 04:25    160256    ----a-w-    c:\windows\system32\igdail64.dll
2014-05-17 04:25 . 2014-05-17 04:25    5120    ----a-w-    c:\windows\system32\igfxLHMLibv2_0.dll
2014-05-17 04:25 . 2014-05-17 04:25    5120    ----a-w-    c:\windows\system32\igfxLHMLib.dll
2014-05-17 04:25 . 2014-05-17 04:25    373248    ----a-w-    c:\windows\system32\igfxOSP.dll
2014-05-17 04:25 . 2014-05-17 04:25    249856    ----a-w-    c:\windows\system32\igfxLHM.dll
2014-05-17 04:25 . 2014-05-17 04:25    10240    ----a-w-    c:\windows\system32\igfxEMLibv2_0.dll
2014-05-17 04:25 . 2014-05-17 04:25    10240    ----a-w-    c:\windows\system32\igfxEMLib.dll
2014-05-17 04:25 . 2014-05-17 04:25    212992    ----a-w-    c:\windows\system32\igfxDTCM.dll
2014-05-17 04:25 . 2014-05-17 04:25    10752    ----a-w-    c:\windows\system32\igfxDILib.dll
2014-05-17 04:25 . 2014-05-17 04:25    10240    ----a-w-    c:\windows\system32\igfxDILibv2_0.dll
2014-05-17 04:25 . 2014-05-17 04:25    69632    ----a-w-    c:\windows\system32\igfxDHLibv2_0.dll
2014-05-17 04:25 . 2014-05-17 04:25    57856    ----a-w-    c:\windows\system32\igfxDHLib.dll
2014-05-17 04:25 . 2014-05-17 04:25    267264    ----a-w-    c:\windows\system32\igfxDI.dll
2014-05-17 04:24 . 2014-05-17 04:24    70144    ----a-w-    c:\windows\system32\igfxCUIServicePS.dll
2014-05-17 04:24 . 2014-05-17 04:24    655360    ----a-w-    c:\windows\system32\igfxDH.dll
2014-05-17 04:24 . 2014-05-17 04:24    734208    ----a-w-    c:\windows\system32\MetroIntelGenericUIFramework.dll
2014-05-17 04:24 . 2014-05-17 04:24    254976    ----a-w-    c:\windows\system32\igfxCPL.cpl
2014-05-17 04:23 . 2014-05-17 04:23    6364672    ----a-w-    c:\windows\SysWow64\ig7icd32.dll
2014-05-17 04:23 . 2014-05-17 04:23    183808    ----a-w-    c:\windows\SysWow64\igdde32.dll
2014-05-17 04:23 . 2014-05-17 04:23    30720    ----a-w-    c:\windows\SysWow64\igfxexps32.dll
2014-05-17 04:23 . 2014-05-17 04:23    142848    ----a-w-    c:\windows\SysWow64\igdail32.dll
2014-05-17 04:18 . 2014-05-17 04:18    358912    ----a-w-    c:\windows\system32\IntelOpenCL64.dll
2014-05-17 04:18 . 2014-05-17 04:18    330240    ----a-w-    c:\windows\system32\igdbcl64.dll
2014-05-17 04:18 . 2014-05-17 04:18    1673216    ----a-w-    c:\windows\system32\igdrcl64.dll
2014-05-17 04:18 . 2014-05-17 04:18    23048704    ----a-w-    c:\windows\system32\igdfcl64.dll
2014-05-17 04:18 . 2014-05-17 04:18    294912    ----a-w-    c:\windows\SysWow64\IntelOpenCL32.dll
2014-05-17 04:18 . 2014-05-17 04:18    291328    ----a-w-    c:\windows\SysWow64\igdbcl32.dll
2014-05-17 04:18 . 2014-05-17 04:18    1551872    ----a-w-    c:\windows\SysWow64\igdrcl32.dll
2014-05-17 04:18 . 2014-05-17 04:18    18032640    ----a-w-    c:\windows\SysWow64\igdfcl32.dll
2014-05-16 22:49 . 2014-05-16 22:49    64000    ----a-w-    c:\windows\system32\Intel_OpenCL_ICD64.dll
2014-05-16 22:49 . 2014-05-16 22:49    60416    ----a-w-    c:\windows\SysWow64\Intel_OpenCL_ICD32.dll
2014-05-16 22:49 . 2012-09-25 01:21    64000    ----a-w-    c:\windows\system32\OpenCL.DLL
2014-05-16 22:49 . 2012-09-25 01:21    60416    ----a-w-    c:\windows\SysWow64\OpenCL.DLL
2014-05-16 22:49 . 2014-05-16 22:49    2023936    ----a-w-    c:\windows\system32\igfxcmjit64.dll
2014-05-16 22:49 . 2014-05-16 22:49    182784    ----a-w-    c:\windows\system32\igfx11cmrt64.dll
2014-05-16 22:49 . 2014-05-16 22:49    1755648    ----a-w-    c:\windows\SysWow64\igfxcmjit32.dll
2014-05-16 22:49 . 2014-05-16 22:49    155136    ----a-w-    c:\windows\SysWow64\igfx11cmrt32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2014-05-31 585048]
"TBAction"="c:\program files (x86)\Visual TimeAnalyzer\tbaction.exe" [2013-01-30 131504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"NoVirtMemPage"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCustomizeThisFolder"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"NoAddPrinter"= 1 (0x1)
.
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 iwdbus;IWD Bus Enumerator;c:\windows\System32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
R3 rzendpt;rzendpt;c:\windows\System32\drivers\rzendpt.sys;c:\windows\SYSNATIVE\drivers\rzendpt.sys [x]
R3 rzudd;Razer Mouse Driver;c:\windows\System32\drivers\rzudd.sys;c:\windows\SYSNATIVE\drivers\rzudd.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
R3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\System32\drivers\usb3Hub.sys;c:\windows\SYSNATIVE\drivers\usb3Hub.sys [x]
R3 vm332avs;Lenovo Camera2;c:\windows\System32\Drivers\vm332avs.sys;c:\windows\SYSNATIVE\Drivers\vm332avs.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\System32\drivers\XHCIPort.sys;c:\windows\SYSNATIVE\drivers\XHCIPort.sys [x]
R4 BcmBtRSupport;Bluetooth Radio Control Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
R4 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
R4 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 RzMaelstromVADStreamingService;Razer Surround Audio Service;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys;c:\windows\SYSNATIVE\drivers\AcpiVpc.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 NETwNe64;@oem10.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-27 12937872]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-07-10 1214608]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-09-25 17079376]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-09-25 191568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo13.msn.com
TCP: DhcpNameServer = 192.168.1.1 68.238.96.12
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
FF - ProfilePath - c:\users\Kompany\AppData\Roaming\Mozilla\Firefox\Profiles\pqegxyzs.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file)
ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file)
ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file)
ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-06-30  20:59:48 - machine was rebooted
ComboFix-quarantined-files.txt  2014-07-01 01:59
.
Pre-Run: 404,128,604,160 bytes free
Post-Run: 404,007,133,184 bytes free
.
- - End Of File - - BDDE46DE58CC967A34E79B2ED181DBAA



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:08 PM

Posted 02 July 2014 - 07:09 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Kompany4

Kompany4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 05 July 2014 - 12:03 AM

Sorry about the delay, went to the lake to celebrate the 4th. The ESET Online Scan did not pick up anything but the first scan did. I was waiting to post both scans together but the second one came back clean so here is the first.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/2/2014
Scan Time: 7:39:20 PM
Logfile: Malwarebytes log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.02.08
Rootkit Database: v2014.02.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Kompany

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 321067
Time Elapsed: 8 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.AmazonBrowserBar.A, C:\Program Files (x86)\Amazon\ABB, Quarantined, [4f2e37a75c1e75c1e9308d20c73b18e8],

Files: 1
PUP.Optional.AmazonBrowserBar.A, C:\Program Files (x86)\Amazon\ABB\abb-bundler-uninstall.exe, Quarantined, [4f2e37a75c1e75c1e9308d20c73b18e8],

Physical Sectors: 0
(No malicious items detected)


(end)



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:08 PM

Posted 07 July 2014 - 02:40 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also



Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Kompany4

Kompany4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 07 July 2014 - 07:44 AM

Thank you again for your time I could just be paranoid but I feel like something is still hiding ...

 

# AdwCleaner v3.214 - Report created 07/07/2014 at 06:31:33
# Updated 29/06/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Kompany - MBSHOE
# Running from : C:\Users\Kompany\Desktop\adwcleaner_3.214.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Kompany\AppData\Roaming\Mozilla\Firefox\Profiles\pqegxyzs.default\prefs.js ]


[ File : C:\Users\Mbleezy\AppData\Roaming\Mozilla\Firefox\Profiles\dxzkaicu.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [840 octets] - [07/07/2014 02:03:55]
AdwCleaner[R1].txt - [964 octets] - [07/07/2014 06:31:13]
AdwCleaner[S0].txt - [900 octets] - [07/07/2014 02:04:35]
AdwCleaner[S1].txt - [886 octets] - [07/07/2014 06:31:33]

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Kompany on Mon 07/07/2014 at  6:34:54.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/07/2014 at  6:37:35.76
End of JRT log

 

 Results of screen317's Security Check version 0.99.85  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

 

Thanks again
 



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:08 PM

Posted 07 July 2014 - 07:59 AM

Why do you think there is something hiding?

Are you facing any issues or symptoms?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Kompany4

Kompany4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 07 July 2014 - 09:19 AM

When I install the drivers for my mouse it for some reason has the drivers dated for May. Similar symptoms with other installments as well. Perhaps my 'inner clock' is off ?

#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:08 PM

Posted 08 July 2014 - 09:02 AM

 

Scan was completed on Mon 07/07/2014 at  6:37:35.76

Your CMOS clock is working fine.

 

The driver shows the date when it was created. That has nothing to do with the install time.

The software installations within add/remove programs shoul show the installation date - is anything else displayed?

 

Please be more detailed or ad some explaining screenshots.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:08 PM

Posted 15 July 2014 - 07:41 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users