Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Undetectable malware?


  • Please log in to reply
38 replies to this topic

#1 enfant terrible

enfant terrible

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 30 December 2015 - 11:36 AM

Lately, I've been noticing some suspicious behavior by my computer. There's been choppy video playback and generally "sticky" performance. What I mean by "sticky" is that I'll tell the 'puter to do something, like open a new tab, and it will lag for a split second before executing the command. Also, when I load a page with lots of images it will sometimes load the images a second or two after the text. I know that this is not a problem with my internet speed, because it's happening with offline processes, too. 

 

Now, I've run slimcleaner and vit registry fix, so I know it's not just registry errors or a fragged disk. I also have bitdefender and malwarebytes and have run them and they found nothing. But here's the thing: I was unfortunately taken in by a phishing attempt a little while ago and I think they may have gotten my computers password or one close to it. I'm worried that someone had the password, they could have installed malware that disabled my security programs but left them looking as if they were still functioning. (For various reasons I won't get into here, I stupidly didn't change the password right away.) 

 

Anyway, I suspect that this is probably all just a figment of my OCD imagination and there's probably no malware on my computer. As computers get older, they naturally do this sort of thing. But I would appreciate it if someone could put my mind at ease about this. I sure as hell don't want to wind up like Matthew Bandy. 



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:55 AM

Posted 30 December 2015 - 11:54 AM

:welcome:

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


:step4: MiniToolbox by Farbar

Disable your antivirus if it does not allow you to download the tool!
Please download MiniToolBox, save it to your desktop and run it.
Place a checkmark in Select all, then click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 enfant terrible

enfant terrible
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 30 December 2015 - 09:33 PM

Hi. Jo, and thanks for your help!

 

I did number one--you will find checkup.txt posted below--and am trying to do to do number two, but i can't find the MBAR-log-***.txt file you're talking about. Perhaps you mean system-log.txt?  After you get back to me and explain what is needed, I will finish #2 and try to do the rest. 

 

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Results of screen317's Security Check version 1.009  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender                     
Bitdefender Antivirus Free Edition   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 SlimCleaner     
 Adobe Flash Player 20.0.0.267  
 Mozilla Firefox (43.0.2) 
 Google Chrome (47.0.2526.106) 
 Google Chrome (47.0.2526.80) 
````````Process Check: objlist.exe by Laurent````````
 Bitdefender Antivirus Free Edition gzserv.exe  
 Bitdefender Antivirus Free Edition gziface.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 

***

 


Edited by enfant terrible, 30 December 2015 - 10:09 PM.


#4 Jo*

Jo*

  • Malware Response Team
  • 3,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:55 AM

Posted 31 December 2015 - 02:10 AM

ok, post the system-log.txt

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 enfant terrible

enfant terrible
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 31 December 2015 - 09:17 AM

ok, post the system-log.txt

Here it is. I will post the other stuff later on today when I get the time. Incidentally, this program appeared to find several malware programs, but I did not delete them, just like the instructions said

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.20.10586.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.893000 GHz
Memory total: 4174233600, free: 733818880
 
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     12/30/2015 19:07:29
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\trufos.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\DRIVERS\avc3.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\system32\DRIVERS\gzflt.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\TIxHCIlfilter.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TIxHCIufilter.sys
\SystemRoot\System32\drivers\athw10x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\System32\drivers\usbscan.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe000adac34f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe000adac2040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe000adac34f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000ad56d680, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe000ad58a060, DeviceName: \Device\0000002a\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 97FBBF6C
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3810762794
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid a2a5a24-3bf2-4ac9-8660-04ebeb2601d
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3810762794
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid a2a5a24-3bf2-4ac9-8660-04ebeb2601d
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 3bdb84e9-e412-4f1f-955b-ea73863e5435
    FirstLBA 2048  Last LBA 2097151
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 4ab7a4ee-e150-48ed-9595-824cc3d142e
    FirstLBA 2097152  Last LBA 2834431
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 8bbdeddb-dfe5-4d65-9fa9-90d0f4668797
    FirstLBA 2834432  Last LBA 3096575
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 60a3d3b9-67a7-432e-9a3e-46e0e639136
    FirstLBA 3096576  Last LBA 1912913919
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 688db735-6dd8-4575-8c86-554e4567d1cf
    FirstLBA 1912913920  Last LBA 1913835519
    Attributes 1
    Partition Name                                     
 
    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 45be8c41-600b-4014-93fe-239035892cad
    FirstLBA 1913835520  Last LBA 1914552319
    Attributes 1
    Partition Name                                     
 
    Partition 6 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID efacee16-aeb2-4281-a489-b37836c9b5b8
    FirstLBA 1914552320  Last LBA 1953525134
    Attributes 1
    Partition Name                 Basic data partition
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
File "C:\Users\Michael\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe --> [Trojan.Agent]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe --> [Trojan.Agent]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe --> [Security.Hijack]
Scan finished
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File "C:\Users\Michael\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)


#6 enfant terrible

enfant terrible
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 31 December 2015 - 11:21 AM

I just ran ADWCleaner. I can't find a "report" button. There is a "Logfile" button that opens a notepad with some sort of gobbldeygook in it. the file name id AdwCleaner[S3].txt. Is that what you need to see? If so, here it is:

 

# AdwCleaner v5.027 - Logfile created 31/12/2015 at 09:10:50
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Michael - MIKESPC
# Running from : C:\Users\Michael\Downloads\AdwCleaner (1).exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : YahooAUService
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\Yahoo!\Companion
Folder Found : C:\ProgramData\Yahoo! Companion
Folder Found : C:\Users\Michael\AppData\Local\slimware utilities inc
Folder Found : C:\Users\Michael\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Michael\AppData\LocalLow\Yahoo!\Companion
Folder Found : C:\Users\Michael\AppData\Roaming\Yahoo!\Companion
 
***** [ Files ] *****
 
File Found : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsfreak.com_0.localstorage
File Found : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
File Found : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage
File Found : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
File Found : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage
File Found : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKCU\Software\SlimWare Utilities Inc
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2984 bytes] ##########
 
Here is the minitoolbox log:
 
MiniToolBox by Farbar  Version: 02-11-2015
Ran by Michael (administrator) on 31-12-2015 at 09:20:02
Running from "C:\Users\Michael\Downloads"
Microsoft Windows 10 Home  (X64)
Model: 400-034 Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Ethernet (Connected)
Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter = Wi-Fi (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : MikesPC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Home
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : A4-DB-30-8C-67-50
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 16-DB-30-8C-67-50
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 2C-44-FD-17-CE-3A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::dc85:211f:9219:3913%5(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, December 30, 2015 6:27:27 PM
   Lease Expires . . . . . . . . . . : Friday, January 1, 2016 6:27:27 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 288113917
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-DB-96-AA-2C-44-FD-17-CE-3A
   DNS Servers . . . . . . . . . . . : 192.168.0.1
                                       205.171.2.25
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.Home:
 
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.0.5%4(Preferred) 
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 67108864
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-DB-96-AA-2C-44-FD-17-CE-3A
   DNS Servers . . . . . . . . . . . : 192.168.0.1
                                       205.171.2.25
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:1c21:19ac:51e5:2b11(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1c21:19ac:51e5:2b11%6(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 318767104
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-DB-96-AA-2C-44-FD-17-CE-3A
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2607:f8b0:4007:808::200e
 216.58.217.206
 
 
Pinging google.com [216.58.217.206] with 32 bytes of data:
Reply from 216.58.217.206: bytes=32 time=30ms TTL=57
Reply from 216.58.217.206: bytes=32 time=31ms TTL=57
 
Ping statistics for 216.58.217.206:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 30ms, Maximum = 31ms, Average = 30ms
Server:  UnKnown
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:58:c02::a9
 2001:4998:c:a06::2:4008
 98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=61ms TTL=50
Reply from 206.190.36.45: bytes=32 time=60ms TTL=50
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 60ms, Maximum = 61ms, Average = 60ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  8...a4 db 30 8c 67 50 ......Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
  2...16 db 30 8c 67 50 ......Microsoft Wi-Fi Direct Virtual Adapter
  5...2c 44 fd 17 ce 3a ......Realtek PCIe GBE Family Controller
  4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  1...........................Software Loopback Interface 1
  6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.5     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.5    266
      192.168.0.5  255.255.255.255         On-link       192.168.0.5    266
    192.168.0.255  255.255.255.255         On-link       192.168.0.5    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.5    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.5    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  6    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  6    306 2001::/32                On-link
  6    306 2001:0:9d38:6abd:1c21:19ac:51e5:2b11/128
                                    On-link
  5    266 fe80::/64                On-link
  6    306 fe80::/64                On-link
  4    266 fe80::5efe:192.168.0.5/128
                                    On-link
  6    306 fe80::1c21:19ac:51e5:2b11/128
                                    On-link
  5    266 fe80::dc85:211f:9219:3913/128
                                    On-link
  1    306 ff00::/8                 On-link
  5    266 ff00::/8                 On-link
  6    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/30/2015 06:48:03 PM) (Source: MsiInstaller) (User: MIKESPC)
Description: Product: HP Deskjet 1010 series Basic Device Software -- Error 25000. Please disconnect the USB cable from your 'HP Deskjet 1010 series' device to complete the uninstallation.
 
Error: (12/30/2015 06:20:42 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 43.0.2.5833 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1ec
 
Start Time: 01d1430c85791b18
 
Termination Time: 70
 
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Report Id: b23155e9-af5c-11e5-bf03-2c44fd17ce3a
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (12/30/2015 07:06:25 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (12/23/2015 10:51:25 AM) (Source: Application Error) (User: )
Description: Faulting application name: SkypeHost.exe, version: 10.1.0.2123, time stamp: 0x566f6bfe
Faulting module name: SkyWrap.dll, version: 10.1.0.2123, time stamp: 0x566f6bdd
Exception code: 0xc0000005
Fault offset: 0x0010f4ef
Faulting process id: 0x3b4
Faulting application start time: 0xSkypeHost.exe0
Faulting application path: SkypeHost.exe1
Faulting module path: SkypeHost.exe2
Report Id: SkypeHost.exe3
Faulting package full name: SkypeHost.exe4
Faulting package-relative application ID: SkypeHost.exe5
 
Error: (12/23/2015 03:42:55 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (12/22/2015 02:49:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10586.0, time stamp: 0x5632d4c0
Faulting module name: Protect.dll, version: 5.5.0.6208, time stamp: 0x51149f22
Exception code: 0xc0000005
Fault offset: 0x0000000000013572
Faulting process id: 0xedc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
 
Error: (12/22/2015 12:04:02 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 43.0.1.5828 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 180c
 
Start Time: 01d13a8674a26998
 
Termination Time: 272
 
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Report Id: be804cf9-a8de-11e5-bf03-2c44fd17ce3a
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (12/22/2015 12:03:51 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 47.0.2526.106 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 12e0
 
Start Time: 01d13a8674a521e0
 
Termination Time: 991
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: ac932175-a8de-11e5-bf03-2c44fd17ce3a
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (12/17/2015 07:01:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MIKESPC)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/17/2015 06:51:48 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (12/30/2015 06:33:46 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
 
Error: (12/30/2015 06:26:39 PM) (Source: Service Control Manager) (User: )
Description: The Sync Host_15929a service terminated with the following error: 
%%5
 
Error: (12/30/2015 06:26:39 PM) (Source: Service Control Manager) (User: )
Description: The User Data Access_15929a service terminated with the following error: 
%%1018
 
Error: (12/30/2015 06:26:31 PM) (Source: DCOM) (User: MIKESPC)
Description: {0002DF02-0000-0000-C000-000000000046}
 
Error: (12/30/2015 06:26:28 PM) (Source: Service Control Manager) (User: )
Description: The User Data Access_15929a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/30/2015 06:26:28 PM) (Source: Service Control Manager) (User: )
Description: The User Data Storage_15929a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/30/2015 06:26:28 PM) (Source: Service Control Manager) (User: )
Description: The Contact Data_15929a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/30/2015 06:26:28 PM) (Source: Service Control Manager) (User: )
Description: The Sync Host_15929a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/30/2015 06:26:26 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/29/2015 03:34:31 PM) (Source: DCOM) (User: MIKESPC)
Description: {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775}
 
 
Microsoft Office Sessions:
=========================
Error: (12/30/2015 06:48:03 PM) (Source: MsiInstaller)(User: MIKESPC)
Description: Product: HP Deskjet 1010 series Basic Device Software -- Error 25000. Please disconnect the USB cable from your 'HP Deskjet 1010 series' device to complete the uninstallation.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (12/30/2015 06:20:42 PM) (Source: Application Hang)(User: )
Description: firefox.exe43.0.2.58331ec01d1430c85791b1870C:\Program Files (x86)\Mozilla Firefox\firefox.exeb23155e9-af5c-11e5-bf03-2c44fd17ce3a
 
Error: (12/30/2015 07:06:25 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (12/23/2015 10:51:25 AM) (Source: Application Error)(User: )
Description: SkypeHost.exe10.1.0.2123566f6bfeSkyWrap.dll10.1.0.2123566f6bddc00000050010f4ef3b401d13a6b0d468da4C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exeC:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dllced1e74c-cf1d-4eb2-b594-e5d279030cc6Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/23/2015 03:42:55 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (12/22/2015 02:49:32 PM) (Source: Application Error)(User: )
Description: Explorer.EXE10.0.10586.05632d4c0Protect.dll5.5.0.620851149f22c00000050000000000013572edc01d13a6b0c9a207bC:\WINDOWS\Explorer.EXEC:\Program Files (x86)\Hewlett-Packard\Recovery\Protect.dllbd0a4b52-7af5-4b09-a375-d7c6f53afda1
 
Error: (12/22/2015 12:04:02 PM) (Source: Application Hang)(User: )
Description: firefox.exe43.0.1.5828180c01d13a8674a26998272C:\Program Files (x86)\Mozilla Firefox\firefox.exebe804cf9-a8de-11e5-bf03-2c44fd17ce3a
 
Error: (12/22/2015 12:03:51 PM) (Source: Application Hang)(User: )
Description: chrome.exe47.0.2526.10612e001d13a8674a521e0991C:\Program Files (x86)\Google\Chrome\Application\chrome.exeac932175-a8de-11e5-bf03-2c44fd17ce3a
 
Error: (12/17/2015 07:01:52 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: MIKESPC)
Description: Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009280
 
Error: (12/17/2015 06:51:48 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-12-30 18:30:06.138
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-23 23:21:24.953
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-19 03:32:03.352
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-18 04:14:01.878
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-16 03:37:37.598
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-16 03:34:15.066
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-16 03:19:54.372
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
4 Elements II (HKLM-x32\...\WTA-61a5ad38-a25a-40ef-a400-2bc9d7ec353c) (Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Airport Mania (HKLM-x32\...\WTA-d89abdc8-b1e6-4e8e-bb1f-8887bc51999e) (Version: 2.2.0.95 - WildTangent) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\{0DEB2EEB-BE9A-44B1-9D90-183250B61785}) (Version: 20.13.3317.03143 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{0DEB2EEB-BE9A-44B1-9D90-183250B61785}) (Version: 20.13.3317.03143 - Alcor Micro Corp.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Azteca (HKLM-x32\...\WTA-f9f39086-c0c6-439d-993a-a15533375896) (Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-6543bea0-3ced-4396-a25d-d14e10705b5b) (Version: 2.2.0.98 - WildTangent) Hidden
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WTA-a1d3d6a0-294b-4e51-b969-cf368d11c7af) (Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (HKLM-x32\...\WTA-5040a32b-074d-4922-a6bf-b70f95c237dd) (Version: 2.2.0.98 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-c9db6900-1545-4278-ae19-34e1391210bd) (Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-4ae7e91e-f538-475a-a524-96b2f3a6e1bc) (Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (HKLM-x32\...\WTA-23dfeaf3-2360-4298-8d96-0946f4006b27) (Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3724 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2524 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (HKLM-x32\...\WTA-b26552df-ddc3-43b9-8edb-1459df3ec3b3) (Version: 3.0.2.32 - WildTangent) Hidden
Dell System Detect (HKCU\...\73f463568823ebbe) (Version: 5.12.0.3 - Dell)
Farm Frenzy (HKLM-x32\...\WTA-d8126042-f042-4884-a33a-a6d529e84da9) (Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{ADA8583A-C20B-414B-8CB7-3AA7A89F7952}) (Version: 7.1.4.1529 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.1 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-e6aaa9ac-cb38-472b-be2a-5da4b8b571d5) (Version: 2.2.0.110 - WildTangent) Hidden
House of 1000 Doors: Family Secrets (HKLM-x32\...\WTA-39af6640-991d-4676-b9f2-171c0c3de1d9) (Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 126) hp - Meridian Audio Ltd)
HP Deskjet 1010 series Basic Device Software (HKLM\...\{CFD917BE-F1F6-410E-ABEC-9EC819507D0D}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 1010 series Help (HKLM-x32\...\{BFB6C2B0-9643-4B59-A706-71DEB3017A99}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6451.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Jewel Match 3 (HKLM-x32\...\WTA-69b3f0cd-4e0e-4acd-b765-b798a5f5fab4) (Version: 2.2.0.98 - WildTangent) Hidden
Luxor Evolved (HKLM-x32\...\WTA-dd6aac02-b2df-400e-9279-0f632371b7e4) (Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (HKLM-x32\...\WTA-1d362632-1125-48a2-8b79-57f28edd00bf) (Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (HKLM-x32\...\WTA-193f2745-2f9c-42e1-806f-24d866b7e0d5) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 en-US)) (Version: 43.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.2.5833 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-5fd5c271-856f-4a8d-b6cc-577c0871fe2f) (Version: 2.2.0.98 - WildTangent) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Peggle Nights (HKLM-x32\...\WTA-2ab2e74a-3a96-4150-80f0-f4074fec9059) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-cd77d915-cae2-4e52-8918-ed29560881d1) (Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-91c10c19-2018-4280-8137-d5eea0bcaf3e) (Version: 2.2.0.97 - WildTangent) Hidden
Product Improvement Study for HP Deskjet 1010 series (HKLM\...\{37839D69-6DA4-4125-B33A-30DE86345DF4}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30153 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Roads of Rome 3 (HKLM-x32\...\WTA-f232dca2-bb1d-4f37-988e-1cef8d3eafb3) (Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (HKLM-x32\...\WTA-5a1cbc34-fb93-40de-be23-da5a6673f402) (Version: 3.0.2.32 - WildTangent) Hidden
SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
Tales of Lagoona (HKLM-x32\...\WTA-af905941-a701-49d0-b8ad-2c80c2ac4163) (Version: 2.2.0.110 - WildTangent) Hidden
TI xHCI Filter Driver 1.0.0.4 (HKLM-x32\...\TI xHCI Filter Driver) (Version: 1.0.0.4 - Texas Instruments Inc.)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (HKLM-x32\...\WTA-06d2e35e-f81b-4cfa-b5d0-b8d96d162136) (Version: 3.0.2.32 - WildTangent) Hidden
Vit Registry Fix 9.5.9 (remove only) (HKLM\...\Vit Registry Fix) (Version:  - VITSOFT)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Youda Jewel Shop (HKLM-x32\...\WTA-26208257-529a-442d-b4e0-84985dcab671) (Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (HKLM-x32\...\WTA-5dd60d52-845f-4b28-9b85-792acc4510e4) (Version: 2.2.0.98 - WildTangent) Hidden
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 51%
Total physical RAM: 3980.86 MB
Available physical RAM: 1920.1 MB
Total Virtual: 5884.13 MB
Available Virtual: 3201.03 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:910.67 GB) (Free:849.71 GB) NTFS
2 Drive d: (Recovery Image) (Fixed) (Total:18.58 GB) (Free:2.28 GB) NTFS
3 Drive e: (REDDAWN_D1) (CDROM) (Total:6.72 GB) (Free:0 GB) UDF
 
========================= Users: ========================================
 
User accounts for \\MIKESPC
 
Administrator            DefaultAccount           Guest                    
Michael                  
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
17-12-2015 13:51:41 Windows Update
23-12-2015 10:42:50 Windows Modules Installer
30-12-2015 14:06:17 Windows Update
 
**** End of log ****
 


#7 Jo*

Jo*

  • Malware Response Team
  • 3,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:55 AM

Posted 31 December 2015 - 11:29 AM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup
  • button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


:step4: How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 enfant terrible

enfant terrible
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 31 December 2015 - 06:11 PM

No malware was found by Malwarebytes this time. Here is the log that was in system-log.txt after I ran the scan:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.20.10586.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.893000 GHz
Memory total: 4174233600, free: 733818880
 
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     12/30/2015 19:07:29
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\trufos.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\DRIVERS\avc3.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\system32\DRIVERS\gzflt.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\TIxHCIlfilter.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TIxHCIufilter.sys
\SystemRoot\System32\drivers\athw10x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\System32\drivers\usbscan.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe000adac34f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe000adac2040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe000adac34f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000ad56d680, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe000ad58a060, DeviceName: \Device\0000002a\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 97FBBF6C
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3810762794
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid a2a5a24-3bf2-4ac9-8660-04ebeb2601d
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3810762794
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid a2a5a24-3bf2-4ac9-8660-04ebeb2601d
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 3bdb84e9-e412-4f1f-955b-ea73863e5435
    FirstLBA 2048  Last LBA 2097151
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 4ab7a4ee-e150-48ed-9595-824cc3d142e
    FirstLBA 2097152  Last LBA 2834431
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 8bbdeddb-dfe5-4d65-9fa9-90d0f4668797
    FirstLBA 2834432  Last LBA 3096575
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 60a3d3b9-67a7-432e-9a3e-46e0e639136
    FirstLBA 3096576  Last LBA 1912913919
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 688db735-6dd8-4575-8c86-554e4567d1cf
    FirstLBA 1912913920  Last LBA 1913835519
    Attributes 1
    Partition Name                                     
 
    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 45be8c41-600b-4014-93fe-239035892cad
    FirstLBA 1913835520  Last LBA 1914552319
    Attributes 1
    Partition Name                                     
 
    Partition 6 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID efacee16-aeb2-4281-a489-b37836c9b5b8
    FirstLBA 1914552320  Last LBA 1953525134
    Attributes 1
    Partition Name                 Basic data partition
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
File "C:\Users\Michael\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe --> [Trojan.Agent]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe --> [Trojan.Agent]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe --> [Security.Hijack]
Scan finished
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File "C:\Users\Michael\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
=======================================
 
Scan started
Database versions:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01
 
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 97FBBF6C
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3810762794
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid a2a5a24-3bf2-4ac9-8660-04ebeb2601d
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3810762794
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid a2a5a24-3bf2-4ac9-8660-04ebeb2601d
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 3bdb84e9-e412-4f1f-955b-ea73863e5435
    FirstLBA 2048  Last LBA 2097151
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 4ab7a4ee-e150-48ed-9595-824cc3d142e
    FirstLBA 2097152  Last LBA 2834431
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 8bbdeddb-dfe5-4d65-9fa9-90d0f4668797
    FirstLBA 2834432  Last LBA 3096575
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 60a3d3b9-67a7-432e-9a3e-46e0e639136
    FirstLBA 3096576  Last LBA 1912913919
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 688db735-6dd8-4575-8c86-554e4567d1cf
    FirstLBA 1912913920  Last LBA 1913835519
    Attributes 1
    Partition Name                                     
 
    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 45be8c41-600b-4014-93fe-239035892cad
    FirstLBA 1913835520  Last LBA 1914552319
    Attributes 1
    Partition Name                                     
 
    Partition 6 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID efacee16-aeb2-4281-a489-b37836c9b5b8
    FirstLBA 1914552320  Last LBA 1953525134
    Attributes 1
    Partition Name                 Basic data partition
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Scan Interrupted
Scan was aborted.
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.20.10586.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.893000 GHz
Memory total: 4174233600, free: 1899958272
 
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.20.10586.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.893000 GHz
Memory total: 4174233600, free: 1920253952
 
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     12/31/2015 10:15:44
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\trufos.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\DRIVERS\avc3.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\system32\DRIVERS\gzflt.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\TIxHCIlfilter.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TIxHCIufilter.sys
\SystemRoot\System32\drivers\athw10x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe000adac34f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe000adac2040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe000adac34f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000ad56d680, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe000ad58a060, DeviceName: \Device\0000002a\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 97FBBF6C
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3810762794
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid a2a5a24-3bf2-4ac9-8660-04ebeb2601d
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3810762794
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid a2a5a24-3bf2-4ac9-8660-04ebeb2601d
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 3bdb84e9-e412-4f1f-955b-ea73863e5435
    FirstLBA 2048  Last LBA 2097151
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 4ab7a4ee-e150-48ed-9595-824cc3d142e
    FirstLBA 2097152  Last LBA 2834431
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 8bbdeddb-dfe5-4d65-9fa9-90d0f4668797
    FirstLBA 2834432  Last LBA 3096575
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 60a3d3b9-67a7-432e-9a3e-46e0e639136
    FirstLBA 3096576  Last LBA 1912913919
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 688db735-6dd8-4575-8c86-554e4567d1cf
    FirstLBA 1912913920  Last LBA 1913835519
    Attributes 1
    Partition Name                                     
 
    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 45be8c41-600b-4014-93fe-239035892cad
    FirstLBA 1913835520  Last LBA 1914552319
    Attributes 1
    Partition Name                                     
 
    Partition 6 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID efacee16-aeb2-4281-a489-b37836c9b5b8
    FirstLBA 1914552320  Last LBA 1953525134
    Attributes 1
    Partition Name                 Basic data partition
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Scan Interrupted
Scan was aborted.
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.20.10586.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.893000 GHz
Memory total: 4174233600, free: 1958719488
 
Downloaded database version: v2015.12.31.06
Downloaded database version: v2015.12.26.01
Downloaded database version: v2015.12.15.02
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     12/31/2015 15:50:37
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\trufos.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\DRIVERS\avc3.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\system32\DRIVERS\gzflt.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\TIxHCIlfilter.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TIxHCIufilter.sys
\SystemRoot\System32\drivers\athw10x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\cdd.dll
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2015.12.31.06
  rootkit: v2015.12.26.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe000adac34f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe000adac2040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe000adac34f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000ad56d680, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe000ad58a060, DeviceName: \Device\0000002a\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 97FBBF6C
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3810762794
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid a2a5a24-3bf2-4ac9-8660-04ebeb2601d
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3810762794
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid a2a5a24-3bf2-4ac9-8660-04ebeb2601d
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 3bdb84e9-e412-4f1f-955b-ea73863e5435
    FirstLBA 2048  Last LBA 2097151
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 4ab7a4ee-e150-48ed-9595-824cc3d142e
    FirstLBA 2097152  Last LBA 2834431
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 8bbdeddb-dfe5-4d65-9fa9-90d0f4668797
    FirstLBA 2834432  Last LBA 3096575
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 60a3d3b9-67a7-432e-9a3e-46e0e639136
    FirstLBA 3096576  Last LBA 1912913919
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 688db735-6dd8-4575-8c86-554e4567d1cf
    FirstLBA 1912913920  Last LBA 1913835519
    Attributes 1
    Partition Name                                     
 
    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 45be8c41-600b-4014-93fe-239035892cad
    FirstLBA 1913835520  Last LBA 1914552319
    Attributes 1
    Partition Name                                     
 
    Partition 6 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID efacee16-aeb2-4281-a489-b37836c9b5b8
    FirstLBA 1914552320  Last LBA 1953525134
    Attributes 1
    Partition Name                 Basic data partition
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
File "C:\Users\Michael\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished


#9 enfant terrible

enfant terrible
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 31 December 2015 - 06:22 PM

Here's the ADWcleaner log. In case it matters, I was unable to find AdwCleaner.exe so I just downloaded it again like it said to in the original instructions.
 
# AdwCleaner v5.027 - Logfile created 31/12/2015 at 16:17:43
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Michael - MIKESPC
# Running from : C:\Users\Michael\Downloads\AdwCleaner (2).exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : YahooAUService
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\ProgramData\Yahoo! Companion
[-] Folder Deleted : C:\Users\Michael\AppData\Local\slimware utilities inc
[-] Folder Deleted : C:\Users\Michael\AppData\LocalLow\Yahoo! Companion
[-] Folder Deleted : C:\Users\Michael\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Michael\AppData\Roaming\Yahoo!\Companion
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsfreak.com_0.localstorage
[-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
[-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage
[-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage
[-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3244 bytes] ##########


#10 enfant terrible

enfant terrible
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 31 December 2015 - 06:42 PM

Here's the last log from junkware Removal Tool:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64 
Ran by Michael (Administrator) on Thu 12/31/2015 at 16:38:01.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\0f41daqj.default\searchplugins\youtube-video-search.xml (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/31/2015 at 16:39:48.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#11 Jo*

Jo*

  • Malware Response Team
  • 3,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:55 AM

Posted 31 December 2015 - 08:36 PM

Happy New Year!

How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 enfant terrible

enfant terrible
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 31 December 2015 - 10:36 PM

Happy New Year!

 

Back at you!

 

How the computer is running now? 

 

Much better, thanks.


Edited by enfant terrible, 31 December 2015 - 10:36 PM.


#13 Jo*

Jo*

  • Malware Response Team
  • 3,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:55 AM

Posted 01 January 2016 - 04:42 AM

Hello,

:step1: Please download Farbar Service Scanner and run it on the computer with the issue.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

***


:step2: Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7/8/10 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.


***


:step3: Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download the free version of Malwarebytes' Anti-Malware and save it to your desktop.
Double-click mbam-setup****.exe and follow the prompts to install the program.
Note to Vista | Windows 7/8 users, please right-click and select Run as Administrator.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware.
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply.
Note 1: The log can also be found via the Logs tab when Malwarebytes' Anti-Malware is started.
Note 2: If you receive a notice that some of the items couldn't be removed and they have been added to the delete on reboot list, please reboot.


***


:step4: How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 enfant terrible

enfant terrible
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 01 January 2016 - 11:13 AM

Here's the farbar log:
 
Farbar Service Scanner Version: 10-06-2014
Ran by Michael (administrator) on 01-01-2016 at 09:09:21
Running from "C:\Users\Michael\Downloads"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#15 enfant terrible

enfant terrible
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 01 January 2016 - 11:17 AM

Rkill 2.8.3 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/01/2016 09:15:05 AM in x64 mode.
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * fcvsc [Missing Service]
 * HdAudAddService [Missing Service]
 * HyperVideo [Missing Service]
 * netvsc [Missing Service]
 * wfpcapture [Missing Service]
 
 * CompositeBus => \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys [Incorrect ImagePath]
 * NgcSvc => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted [Incorrect ImagePath]
 * swenum => \SystemRoot\System32\drivers\swenum.sys [Incorrect ImagePath]
 
Here's the rkill log, in case you need to see it:

Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 01/01/2016 09:15:44 AM
Execution time: 0 hours(s), 0 minute(s), and 38 seconds(s)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users