Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

BAT/Fired + Iroffer.C infected in tandem

This is a discussion on BAT/Fired + Iroffer.C infected in tandem within the Resolved HJT Threads forums, part of the Tech Support Forum category. I have a Windows10 O/S on a laptop system which was upgraded from version 8.1 . Therefore, it was installed


 
 
Thread Tools Search this Thread
Old 12-07-2015, 08:35 AM   #1
Registered Member
 
Join Date: Dec 2015
Posts: 4
OS: windows 10



I have a Windows10 O/S on a laptop system which was upgraded from version 8.1 . Therefore, it was installed online without any install disk available. Windows Defender found three different malware existing together. These are Win32/HiddenRun.B + BAT/Fired.A + Win32/Iroffer.C .
Windows Defender thinks it has removed the three versions of a virus. However, they all immediately come back after removal by the Win Defender software. I suspect one virus version hides from the virus scanner and then helps install the other two versions. The Defender software can not simultaneously handle all three virus versions working together.

Since help is needed, the following is the dds.txt file:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16412
Run by mikes at 9:41:33 on 2015-12-07
Microsoft Windows 10 Home 10.0.10240.0.1252.1.1033.18.3978.2216 [GMT -6:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\SearchIndexer.exe
svchost.exe
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Users\mikes\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15361.0_x64__8wekyb3d8bbwe\Video.UI.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files (x86)\ Firefox\firefox.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\System32\svchost.exe -k swprv
C:\WINDOWS\SysWOW64\NOTEPAD.EXE
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
uRun: [OneDrive] "C:\Users\mikes\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
mRun: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mPolicies-System: DSCAutomationHostEnabled = dword:2
TCP: Interfaces\{be5902c9-0af2-4d43-be23-3ef2ae3cf4c5} : NameServer = 192.168.0.1,192.168.43.1
TCP: Interfaces\{fc21af83-8b0e-40b4-9e3b-25babeb7c016}\14D6075646F51405142303F523E243 : DHCPNameServer = 192.168.80.240
TCP: Interfaces\{fc21af83-8b0e-40b4-9e3b-25babeb7c016}\4416C656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{fc21af83-8b0e-40b4-9e3b-25babeb7c016}\458656023586962756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{fc21af83-8b0e-40b4-9e3b-25babeb7c016}\74E43707F647 : DHCPNameServer = 192.168.43.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [Seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\mikes\AppData\Roaming\Mozilla\Firefox\Profiles\rfj5z8rm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wunderground.com/cgi-bin/findweather/hdfForecast?query=78644
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;C:\WINDOWS\System32\drivers\fltsrv.sys [2015-12-1 108832]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
R0 tib;Acronis TIB Manager;C:\WINDOWS\System32\drivers\tib.sys [2015-12-1 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\WINDOWS\System32\drivers\tib_mounter.sys [2015-12-1 183224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-9-22 200528]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-7-10 8192]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-10 39856]
R2 HDHomeRun Service;HDHomeRun Service;C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [2015-8-26 28296]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2015-7-30 330136]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2013-10-30 1128544]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R2 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
R3 BtFilter;BtFilter;C:\WINDOWS\System32\drivers\btfilter.sys [2015-3-9 599240]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 GPIO;Intel SoC GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaiogpioe.sys [2015-9-22 42416]
R3 iaioi2c;I2C Controller Service;C:\WINDOWS\System32\drivers\iaioi2ce.sys [2015-9-22 83576]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-8-21 463112]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-6-26 38976]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\drivers\Rt630x64.sys [2014-8-12 873176]
R3 RTSUER;Realtek USB Card Reader - UER;C:\WINDOWS\System32\drivers\RtsUer.sys [2015-5-14 402960]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
R3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-7-10 362928]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-7-10 39856]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-2 36352]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-7-10 115200]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2015-6-26 50240]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\lsass.exe [2015-7-10 56344]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-9-22 934752]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-9-22 1031680]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-7-10 39856]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-9-22 80720]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-9-22 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-9-22 685568]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-7-10 39856]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-7-10 39856]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2015-7-10 24576]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
S4 HDHomeRun RECORD;HDHomeRun RECORD;C:\Program Files\Silicondust\HDHomeRun\hdhomerun_record.exe [2015-8-26 155784]
.
=============== Created Last 30 ================
.
2015-12-07 15:32:22 16148 ----a-w- C:\WINDOWS\System32\LAPACE_mikes_HistoryPrediction.bin
2015-12-07 04:40:22 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2015-12-07 04:40:22 -------- d-----w- C:\Program Files (x86)\Spybot
2015-12-07 04:38:57 11138400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E33681AD-11D0-49D7-BC69-2D06940708C3}\mpengine.dll
2015-12-07 04:18:14 -------- d-----w- C:\Users\mikes\AppData\Roaming\OpenCandy
2015-12-07 04:18:11 1892184 ----a-w- C:\WINDOWS\SysWow64\D3DX9_42.dll
2015-12-07 04:18:09 2414360 ----a-w- C:\WINDOWS\SysWow64\d3dx9_31.dll
2015-12-07 04:16:44 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2015-12-07 04:16:26 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2015-12-06 14:51:30 11138400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2015-12-01 12:58:37 -------- d-----w- C:\Users\mikes\AppData\Roaming\Seagate
2015-12-01 12:53:51 -------- d-----w- C:\ProgramData\Package Cache
2015-12-01 12:52:10 -------- d-----w- C:\ProgramData\Seagate
2015-12-01 12:51:54 183224 ----a-w- C:\WINDOWS\System32\drivers\tib_mounter.sys
2015-12-01 12:51:53 1120032 ----a-w- C:\WINDOWS\System32\drivers\tib.sys
2015-12-01 12:51:52 1462560 ----a-w- C:\WINDOWS\System32\drivers\tdrpman.sys
2015-12-01 12:51:50 233760 ----a-w- C:\WINDOWS\System32\drivers\snapman.sys
2015-12-01 12:51:49 108832 ----a-w- C:\WINDOWS\System32\drivers\fltsrv.sys
2015-12-01 12:51:38 -------- d-----w- C:\Program Files (x86)\Seagate
2015-12-01 12:51:38 -------- d-----w- C:\Program Files (x86)\Common Files\Seagate
2015-12-01 11:38:19 -------- d-----w- C:\Program Files (x86)\HDDScan_3.3
2015-12-01 11:31:08 -------- d-----w- C:\Program Files (x86)\DiskCheckup
2015-11-25 08:42:54 -------- d--h--w- C:\$WINDOWS.~BT
2015-11-22 13:16:36 -------- d-----w- C:\Users\mikes\AppData\Local\QuickPar
2015-11-22 13:10:47 -------- d-----w- C:\Program Files (x86)\QuickPar
2015-11-22 11:20:48 -------- d-----w- C:\altbinz
2015-11-22 11:15:44 -------- d-----w- C:\Users\mikes\AppData\Local\Alt.Binz
2015-11-22 11:15:27 -------- d-----w- C:\Program Files (x86)\Alt.Binz
.
==================== Find3M ====================
.
2015-11-06 20:31:04 328704 ----a-w- C:\WINDOWS\System32\hpinksts7012LM.dll
2015-11-06 20:31:04 264192 ----a-w- C:\WINDOWS\System32\hpinkcoi7012.dll
2015-11-06 20:31:04 2589184 ----a-w- C:\WINDOWS\System32\hpinkins7012.exe
2015-11-05 05:15:45 8020832 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2015-11-05 05:15:43 541024 ----a-w- C:\WINDOWS\System32\mcupdate_GenuineIntel.dll
2015-11-05 05:14:21 459104 ----a-w- C:\WINDOWS\System32\drivers\netio.sys
2015-11-05 05:13:31 577888 ----a-w- C:\WINDOWS\System32\drivers\afd.sys
2015-11-05 05:11:46 1392480 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2015-11-05 0510 966416 ----a-w- C:\WINDOWS\System32\twinapi.appcore.dll
2015-11-05 05:01:05 607408 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2015-11-05 04:56:48 1083072 ----a-w- C:\WINDOWS\System32\appraiser.dll
2015-11-05 04:56:44 25280 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2015-11-05 04:56:39 116064 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
2015-11-05 04:30:20 961376 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2015-11-05 04:23:42 76800 ----a-w- C:\WINDOWS\System32\browserbroker.dll
2015-11-05 04:23:32 762888 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2015-11-05 04:20:43 21873664 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2015-11-05 04:18:37 3248128 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2015-11-05 04:18:34 539728 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2015-11-05 04:17:35 2418688 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2015-11-05 04:12:31 515072 ----a-w- C:\WINDOWS\System32\internetmail.dll
2015-11-05 04:11:30 333312 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2015-11-05 04:10:48 2987520 ----a-w- C:\WINDOWS\System32\esent.dll
2015-11-05 04:07:02 1068032 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2015-11-05 0441 453120 ----a-w- C:\WINDOWS\System32\Windows.Devices.Usb.dll
2015-11-05 04:03:52 2180608 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2015-11-05 04:03:49 1015808 ----a-w- C:\WINDOWS\System32\RDXService.dll
2015-11-05 04:01:52 949760 ----a-w- C:\WINDOWS\System32\kerberos.dll
2015-11-05 04:01:41 579072 ----a-w- C:\WINDOWS\System32\winlogon.exe
2015-11-05 04:01:38 713216 ----a-w- C:\WINDOWS\System32\usermgr.dll
2015-11-05 03:59:20 3587072 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2015-11-05 03:59:13 2675200 ----a-w- C:\WINDOWS\System32\Windows.StateRepository.dll
2015-11-05 03:58:50 627712 ----a-w- C:\WINDOWS\System32\Windows.UI.dll
2015-11-05 03:58:36 1383936 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2015-11-05 03:58:02 48128 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
2015-11-05 03:56:30 1795072 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2015-11-05 03:55:55 145408 ----a-w- C:\WINDOWS\System32\dssvc.dll
2015-11-05 03:54:44 502272 ----a-w- C:\WINDOWS\System32\dlnashext.dll
2015-11-05 03:42:23 2647040 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2015-11-05 03:40:41 1918976 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2015-11-05 03:35:47 18803712 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2015-11-05 03:35:04 2639872 ----a-w- C:\WINDOWS\SysWow64\esent.dll
2015-11-05 03:34:45 311296 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.Usb.dll
2015-11-05 03:30:03 767488 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2015-11-05 03:27:12 464896 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.dll
2015-11-05 03:27:12 2049536 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepository.dll
2015-11-05 03:26:33 457728 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2015-11-05 03:23:15 441344 ----a-w- C:\WINDOWS\SysWow64\dlnashext.dll
2015-11-03 18:20:11 810488 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2015-11-03 18:20:11 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2015-10-28 21:44:12 644456 ----a-w- C:\WINDOWS\System32\hpzids40.dll
2015-10-18 13:22:03 451 ----a-w- C:\WINDOWS\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-10-10 08:54:45 1143031 ----a-w- C:\WINDOWS\System32\drivers\rtkhdasetting.zip
2015-10-10 08:51:38 618992 ----a-w- C:\WINDOWS\System32\MetroIntelGenericUIFramework.dll
2015-10-10 07:12:02 78528 ----a-w- C:\WINDOWS\System32\acmigration.dll
2015-10-10 01:11:04 144 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-10-06 03:03:57 16708608 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2015-10-06 02:46:57 13027840 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2015-10-01 04:01:10 858408 ----a-w- C:\WINDOWS\System32\winresume.exe
2015-10-01 04:01:10 1018568 ----a-w- C:\WINDOWS\System32\winresume.efi
2015-10-01 04:01:03 1294352 ----a-w- C:\WINDOWS\System32\winload.efi
2015-10-01 04:01:03 1123400 ----a-w- C:\WINDOWS\System32\winload.exe
2015-10-01 03:03:36 757760 ----a-w- C:\WINDOWS\System32\fveapi.dll
2015-09-25 04:01:54 2573768 ----a-w- C:\WINDOWS\System32\msxml6.dll
2015-09-25 04:01:05 498016 ----a-w- C:\WINDOWS\System32\drivers\usbhub.sys
2015-09-25 03:52:05 980832 ----a-w- C:\WINDOWS\System32\SecConfig.efi
2015-09-25 03:33:37 1997336 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2015-09-25 03:11:52 257024 ----a-w- C:\WINDOWS\System32\UserDataAccountApis.dll
2015-09-25 03:11:49 223232 ----a-w- C:\WINDOWS\System32\PhoneCallHistoryApis.dll
2015-09-25 03:07:38 1276416 ----a-w- C:\WINDOWS\System32\wifinetworkmanager.dll
2015-09-25 03:04:12 771072 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2015-09-25 03:03:53 576000 ----a-w- C:\WINDOWS\System32\vbscript.dll
2015-09-25 03:03:35 796160 ----a-w- C:\WINDOWS\System32\TokenBroker.dll
2015-09-25 03:02:56 689152 ----a-w- C:\WINDOWS\System32\Windows.Security.Authentication.Web.Core.dll
2015-09-25 03:02:35 7523840 ----a-w- C:\WINDOWS\System32\Chakra.dll
2015-09-25 03:01:26 4792320 ----a-w- C:\WINDOWS\System32\jscript9.dll
2015-09-25 03:00:50 1423872 ----a-w- C:\WINDOWS\System32\UserDataService.dll
2015-09-25 03:00:07 752640 ----a-w- C:\WINDOWS\System32\ChatApis.dll
2015-09-25 03:00:05 856576 ----a-w- C:\WINDOWS\System32\ContactApis.dll
2015-09-25 02:59:54 720896 ----a-w- C:\WINDOWS\System32\EmailApis.dll
2015-09-25 02:59:48 685568 ----a-w- C:\WINDOWS\System32\AppointmentApis.dll
2015-09-25 02:59:48 288256 ----a-w- C:\WINDOWS\System32\PimIndexMaintenance.dll
2015-09-25 02:59:38 1205248 ----a-w- C:\WINDOWS\System32\Unistore.dll
2015-09-25 02:59:31 163840 ----a-w- C:\WINDOWS\System32\CallHistoryClient.dll
2015-09-25 02:59:04 590336 ----a-w- C:\WINDOWS\System32\MessagingDataModel2.dll
2015-09-25 02:58:37 1871360 ----a-w- C:\WINDOWS\System32\msxml3.dll
2015-09-25 02:47:16 195584 ----a-w- C:\WINDOWS\SysWow64\UserDataAccountApis.dll
2015-09-25 02:47:16 172032 ----a-w- C:\WINDOWS\SysWow64\PhoneCallHistoryApis.dll
2015-09-25 02:38:45 574464 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2015-09-25 02:38:40 504320 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2015-09-25 02:38:19 3580416 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2015-09-25 02:37:35 613376 ----a-w- C:\WINDOWS\SysWow64\TokenBroker.dll
2015-09-25 02:37:09 480256 ----a-w- C:\WINDOWS\SysWow64\Windows.Security.Authentication.Web.Core.dll
2015-09-25 02:36:04 5454848 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2015-09-25 02:34:21 557568 ----a-w- C:\WINDOWS\SysWow64\ChatApis.dll
2015-09-25 02:34:19 625152 ----a-w- C:\WINDOWS\SysWow64\ContactApis.dll
2015-09-25 02:34:07 579584 ----a-w- C:\WINDOWS\SysWow64\AppointmentApis.dll
2015-09-25 02:34:03 525312 ----a-w- C:\WINDOWS\SysWow64\EmailApis.dll
2015-09-25 02:34:00 928256 ----a-w- C:\WINDOWS\SysWow64\Unistore.dll
2015-09-25 02:33:44 131072 ----a-w- C:\WINDOWS\SysWow64\CallHistoryClient.dll
.
============= FINISH: 9:41:49.15 ===============
Attached Files
File Type: txt attach.txt (4.9 KB, 590 views)
mstarbm is offline  
Sponsored Links
Advertisement
 
Old 12-07-2015, 10:45 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-08-2015, 12:04 AM   #3
Registered Member
 
Join Date: Dec 2015
Posts: 4
OS: windows 10



I used the two scan tools in the order as requested. The two txt files are pasted bellow, and the third txt file will be attached. I ran Windows Defender after using the two scans, but the three different malware still seem to be there using the quick scan function of Defender. There seems to be no change.

THIS IS AdwCleaner.txt:
# AdwCleaner v5.024 - Logfile created 08/12/2015 at 00:46:35
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [Server]
# Operating system : Windows 10 Home (x64)
# Username : mikes - LAPACE
# Running from : C:\Users\mikes\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\mikes\AppData\Roaming\OpenCandy

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [940 bytes] ##########

THIS IS FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by mikes (administrator) on LAPACE (08-12-2015 00:53:46)
Running from C:\Users\mikes\Desktop
Loaded Profiles: mikes (Available Profiles: mikes)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16405744 2015-10-10] (Realtek Semiconductor)
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [400376 2013-10-30] (Seagate)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [6382504 2013-10-30] (Seagate)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2010-12-09] (Nullsoft, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{be5902c9-0af2-4d43-be23-3ef2ae3cf4c5}: [NameServer] 192.168.0.1,192.168.43.1
Tcpip\..\Interfaces\{fc21af83-8b0e-40b4-9e3b-25babeb7c016}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================

FireFox:
========
FF ProfilePath: C:\Users\mikes\AppData\Roaming\Mozilla\Firefox\Profiles\rfj5z8rm.default
FF Homepage: hxxp://www.wunderground.com/cgi-bin/findweather/hdfForecast?query=78644
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-23] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-23] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Extension: Gmail Notifier (restartless) - C:\Users\mikes\AppData\Roaming\Mozilla\Firefox\Profiles\rfj5z8rm.default\Extensions\[email protected] [2015-10-29]
FF Extension: User-Agent Switcher - C:\Users\mikes\AppData\Roaming\Mozilla\Firefox\Profiles\rfj5z8rm.default\Extensions\[email protected] [2015-10-07]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\ Firefox\firefox.exe

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.wunderground.com/cgi-bin/findweather/hdfForecast?query=78644"
CHR Profile: C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-22]
CHR Extension: (Google Docs) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-22]
CHR Extension: (Google Drive) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
CHR Extension: (YouTube) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Google Search) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Sheets) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-22]
CHR Extension: (Google Docs Offline) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-22]
CHR Extension: (Gmail) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 HDHomeRun RECORD; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_record.exe [155784 2015-08-26] ()
R2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [28296 2015-08-26] (Silicondust USA Inc)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-10] (Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athwbx.sys [3893248 2014-04-02] (Qualcomm Atheros Communications, Inc.)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [42416 2015-09-22] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [83576 2015-09-22] (Intel Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-12-01] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2015-12-01] (Acronis)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-08 00:53 - 2015-12-08 00:54 - 00008442 _____ C:\Users\mikes\Desktop\FRST.txt
2015-12-08 00:53 - 2015-12-08 00:53 - 00000000 ____D C:\FRST
2015-12-08 00:50 - 2015-12-08 00:50 - 00001018 _____ C:\Users\mikes\Desktop\AdwCleaner[C1].txt
2015-12-08 00:48 - 2015-12-08 00:48 - 00016148 _____ C:\WINDOWS\system32\LAPACE_mikes_HistoryPrediction.bin
2015-12-08 00:39 - 2015-12-08 00:46 - 00000000 ____D C:\AdwCleaner
2015-12-08 00:37 - 2015-12-08 00:53 - 02369024 _____ (Farbar) C:\Users\mikes\Desktop\FRST64.exe
2015-12-08 00:37 - 2015-12-08 00:38 - 01738240 _____ C:\Users\mikes\Desktop\AdwCleaner.exe
2015-12-08 00:36 - 2015-12-08 00:36 - 02369024 _____ (Farbar) C:\Users\mikes\Downloads\FRST64.exe
2015-12-08 00:35 - 2015-12-08 00:35 - 01738240 _____ C:\Users\mikes\Downloads\AdwCleaner.exe
2015-12-07 09:41 - 2015-12-07 09:41 - 00027032 _____ C:\Users\mikes\Desktop\dds.txt
2015-12-07 09:41 - 2015-12-07 09:41 - 00005064 _____ C:\Users\mikes\Desktop\attach.txt
2015-12-06 22:40 - 2015-12-06 22:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-06 22:40 - 2015-12-06 22:45 - 00000000 ____D C:\Program Files (x86)\Spybot
2015-12-06 22:40 - 2015-12-06 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-12-06 22:18 - 2015-12-06 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2015-12-06 22:18 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2015-12-06 22:18 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2015-12-06 22:16 - 2015-12-06 22:30 - 00000000 ____D C:\Program Files (x86)\Winamp
2015-12-06 22:16 - 2015-12-06 22:20 - 00000000 ____D C:\Users\mikes\AppData\Roaming\Winamp
2015-12-06 22:16 - 2015-12-06 22:16 - 00000000 ____D C:\Users\mikes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
2015-12-06 22:16 - 2015-12-06 22:16 - 00000000 ____D C:\Program Files (x86)\Winamp Detect
2015-12-01 06:58 - 2015-12-01 06:58 - 00000000 ____D C:\Users\mikes\AppData\Roaming\Seagate
2015-12-01 06:53 - 2015-12-01 06:53 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-01 06:52 - 2015-12-01 07:01 - 00000000 ____D C:\ProgramData\Seagate
2015-12-01 06:51 - 2015-12-01 06:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2015-12-01 06:51 - 2015-12-01 06:53 - 00000000 ____D C:\Program Files (x86)\Seagate
2015-12-01 06:51 - 2015-12-01 06:51 - 01462560 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\tdrpman.sys
2015-12-01 06:51 - 2015-12-01 06:51 - 01120032 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\tib.sys
2015-12-01 06:51 - 2015-12-01 06:51 - 00233760 _____ (Acronis) C:\WINDOWS\system32\Drivers\snapman.sys
2015-12-01 06:51 - 2015-12-01 06:51 - 00183224 _____ (Acronis) C:\WINDOWS\system32\Drivers\tib_mounter.sys
2015-12-01 06:51 - 2015-12-01 06:51 - 00108832 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\fltsrv.sys
2015-12-01 06:51 - 2015-12-01 06:51 - 00000000 ____D C:\ProgramData\Acronis
2015-12-01 05:38 - 2015-12-01 05:38 - 00000000 ____D C:\Program Files (x86)\HDDScan_3.3
2015-12-01 05:31 - 2015-12-01 05:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup
2015-12-01 05:31 - 2015-12-01 05:31 - 00000000 ____D C:\Program Files (x86)\DiskCheckup
2015-11-25 02:42 - 2015-11-25 02:43 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-22 07:27 - 2015-12-06 22:30 - 00000000 ____D C:\Program Files\7-Zip
2015-11-22 07:27 - 2015-11-22 07:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-11-22 07:16 - 2015-11-22 07:56 - 00000000 ____D C:\Users\mikes\AppData\Local\QuickPar
2015-11-22 07:10 - 2015-11-22 07:10 - 00000000 ____D C:\Users\mikes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
2015-11-22 07:10 - 2015-11-22 07:10 - 00000000 ____D C:\Program Files (x86)\QuickPar
2015-11-22 05:20 - 2015-11-23 21:41 - 00000000 ____D C:\altbinz
2015-11-22 05:15 - 2015-11-22 05:17 - 00000000 ____D C:\Users\mikes\AppData\Local\Alt.Binz
2015-11-22 05:15 - 2015-11-22 05:15 - 00001083 _____ C:\Users\Public\Desktop\Alt.Binz.lnk
2015-11-22 05:15 - 2015-11-22 05:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alt.Binz
2015-11-22 05:15 - 2015-11-22 05:15 - 00000000 ____D C:\Program Files (x86)\Alt.Binz
2015-11-14 01:36 - 2015-11-04 23:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-14 01:36 - 2015-11-04 23:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-14 01:36 - 2015-11-04 23:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-14 01:36 - 2015-11-04 23:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-14 01:36 - 2015-11-04 23:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-14 01:36 - 2015-11-04 22:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-14 01:36 - 2015-11-04 22:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-14 01:36 - 2015-11-04 22:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-14 01:36 - 2015-11-04 22:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-14 01:36 - 2015-11-04 22:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-14 01:36 - 2015-11-04 22:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-14 01:36 - 2015-11-04 22:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-14 01:36 - 2015-11-04 21:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-14 01:36 - 2015-11-04 21:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-14 01:36 - 2015-11-04 21:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-14 01:36 - 2015-11-04 21:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-14 01:36 - 2015-11-04 21:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-14 01:36 - 2015-11-04 21:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-14 01:36 - 2015-11-04 21:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-14 01:36 - 2015-11-04 21:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-14 01:35 - 2015-11-04 23:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-14 01:35 - 2015-11-04 23:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-14 01:35 - 2015-11-04 23:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-14 01:35 - 2015-11-04 22:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-14 01:35 - 2015-11-04 22:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-14 01:35 - 2015-11-04 22:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-14 01:35 - 2015-11-04 22:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-14 01:35 - 2015-11-04 22:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-14 01:35 - 2015-11-04 22:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-14 01:35 - 2015-11-04 22:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-14 01:35 - 2015-11-04 22:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-14 01:35 - 2015-11-04 22:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-14 01:35 - 2015-11-04 22:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-14 01:35 - 2015-11-04 22:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-14 01:35 - 2015-11-04 22:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-14 01:35 - 2015-11-04 22:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-14 01:35 - 2015-11-04 22:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-14 01:35 - 2015-11-04 22:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-14 01:35 - 2015-11-04 22:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-14 01:35 - 2015-11-04 22:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-14 01:35 - 2015-11-04 22:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-14 01:35 - 2015-11-04 21:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-14 01:35 - 2015-11-04 21:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-14 01:35 - 2015-11-04 21:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-14 01:35 - 2015-11-04 21:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-14 01:35 - 2015-11-04 21:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-14 01:35 - 2015-11-04 21:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-14 01:35 - 2015-11-04 21:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-14 01:35 - 2015-11-04 21:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-14 01:35 - 2015-11-04 21:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-14 01:35 - 2015-11-04 21:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-14 01:35 - 2015-11-04 21:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-14 01:35 - 2015-11-04 21:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-08 00:54 - 2015-09-22 07:13 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-08 00:53 - 2015-07-10 03:05 - 00000000 ____D C:\Windows
2015-12-08 00:49 - 2015-09-22 09:49 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-08 00:48 - 2014-12-03 06:39 - 00000000 __SHD C:\Users\mikes\IntelGraphicsProfiles
2015-12-08 00:47 - 2015-07-10 06:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-08 00:47 - 2015-07-10 03:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-07 10:04 - 2015-09-22 09:49 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-07 09:39 - 2015-01-13 17:14 - 00000000 ____D C:\Users\mikes\Downloads\Program installs
2015-12-07 07:44 - 2015-07-10 05:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-06 22:47 - 2015-01-14 07:52 - 00000000 ____D C:\Users\mikes\Desktop\App - Tools
2015-12-06 22:16 - 2015-11-07 06:35 - 00000000 ____D C:\Program Files (x86)\ Firefox
2015-12-06 08:35 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-04 03:59 - 2015-09-22 09:49 - 00003978 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 03:59 - 2015-09-22 09:49 - 00003746 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-04 03:35 - 2015-07-10 05:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-28 08:58 - 2015-09-22 09:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-28 08:56 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-28 08:21 - 2015-10-21 02:21 - 00000000 ____D C:\Users\mikes\AppData\Local\ElevatedDiagnostics
2015-11-25 02:45 - 2015-09-22 07:57 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-19 08:23 - 2015-09-22 07:53 - 00000000 ____D C:\Windows.old
2015-11-19 03:43 - 2015-07-10 04:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-19 03:40 - 2015-09-24 07:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-18 05:57 - 2015-09-30 20:31 - 00000600 _____ C:\Users\mikes\AppData\Local\PUTTY.RND
2015-11-18 05:55 - 2015-09-24 07:44 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2015-09-30 20:31 - 2015-11-18 05:57 - 0000600 _____ () C:\Users\mikes\AppData\Local\PUTTY.RND
2015-10-10 02:54 - 2015-10-10 02:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\mikes\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\mikes\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-07 03:13

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (18.5 KB, 15 views)
mstarbm is offline  
Sponsored Links
Advertisement
 
Old 12-08-2015, 05:43 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello mstarbm. It is not necessary to format the logs. Thanks.

Whatever those detections are, they aren't showing in the logs so far.

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-2.2.0.1024.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-09-2015, 06:21 AM   #5
Registered Member
 
Join Date: Dec 2015
Posts: 4
OS: windows 10



Windows Defender continued to find the same three malware bugs. I had not realized how easy the Defender application automatically turned on its real time protection. Therefore, I repeated your first suggestions with the AdwCleaner and FRST virus scans and removers. However, I then paid particular attention and made sure the Windows Defender real time protection was off when those suggested scans were done. After repeating those two scanners you suggested, the Windows Defender did not detect the discussed three malware bugs. My conclusion was that, because I had the Defender virus protection on, the previous logs from the first runs of AdwCleaner and FRST were erroneously affected by the Defender virus scanner being turned on . If you are interested in looking at the results of the second run of your suggested virus cleaners, I have attached the second-run logs.

I then performed the scans suggested in you last post. The resulting log from Malwarebytes Anti-Malware is attached in the MAMlog_120815.txt file. The discovered threats from the ESET online scan are pasted below. I consider my problems with the three simultaneous bugs were solved because a full scan by Windows Defender is clean now. Thank you very much for your time and thoughtful suggestions.

ESET threats found:


C:\AdwCleaner\Quarantine\C\Users\mikes\AppData\Roaming\OpenCandy\OpenCandy_14678E66A3D24703B9CAF0F1E5975FFB\dhk779.exe.vir a variant of Win32/OpenCandy.E potentially unsafe application
C:\Users\mikes\Documents\Downloads\108 Stitches 2014\Need codec here\Codec\Setup.exe a variant of Win32/AdWare.iBryte.Z application
C:\Users\mikes\Downloads\Program installs\winamp5601_free.exe Win32/OpenCandy potentially unsafe application
C:\Users\mikes\Downloads\Program installs\Microsoft\mini-KMS_Activator_v1.1_Office.2010.VL.ENG.exe Win32/HackKMS.A potentially unsafe application
Attached Files
File Type: txt MAMlog_120815.txt (1.4 KB, 13 views)
File Type: txt dds.txt (26.4 KB, 11 views)
File Type: txt FRST.txt (23.5 KB, 11 views)
File Type: txt Addition.txt (18.4 KB, 11 views)
mstarbm is offline  
Old 12-09-2015, 10:54 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mstarbm. You're very welcome.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Users\mikes\Documents\Downloads\108 Stitches 2014\Need codec here\Codec\Setup.exe"
"C:\Users\mikes\Downloads\Program installs\winamp5601_free.exe"
"C:\Users\mikes\Downloads\Program installs\Microsoft\mini-KMS_Activator_v1.1_Office.2010.VL.ENG.exe"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files to your desktop then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-10-2015, 08:30 PM   #7
Registered Member
 
Join Date: Dec 2015
Posts: 4
OS: windows 10



Per your request:
Right-click on fix.bat and choose 'Run as administrator' to allow it to run.
Tell me what it says in your next reply. Press any key to continue.


The result only said "Deleted Successfully ! !"


mstarbm is offline  
Old 12-11-2015, 04:52 AM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're good to go.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
XP Security 2011/Java-CVE-2010/Cycbot Removal
Hey, everybody. Here's the lowdown: A couple of months ago my sister accidentally sent me the XP Security 2011 virus in a .JPG attached to her e-mail. (I know it was her, alas, as that's how she caught the exact same virus.) I took my PC to a local computer company and paid good money to...
KeithEKimball Resolved HJT Threads 20 08-15-2011 03:34 PM
Laptop barely works, can't access task manager
No access to a Windows install disc or a boot CD Computer takes way too long to start. Takes way too long to restart and shut down. The internet shuts off after a couple of hours and I have to restart the computer. Pop-up keeps appearing even when a web page isn't open....
BalloonBottle Resolved HJT Threads 21 07-25-2011 02:36 PM
"The memory could not be written"
Hi. I appreciate any help you could provide. Recently, I started getting an error that popped up when I run Real Player. Now, anytime I try to install a program I get an application error referencing memory at "0x71ab4a07" and am unable to complete installation. Here is the specific message when...
calbum2 Inactive Malware Help Topics 6 05-09-2011 07:32 AM
Windows 7 Recovery Problem
Hello, I first got this about a month ago as "Win 7 2011 Security Alert" which wouldn't let me open internet explorer, disabled malwarebytes and caused general chaos. I managed to get malware bytes open by running an antivirus scan (Panda) and then malware bytes could update and detect/remove...
RichieFth Virus/Trojan/Spyware Help 21 04-28-2011 01:08 PM
XP security center
Hi, using XP SP3, with up to date AVG free. Using other PC to post this. I got the XP security center malware while browsing. I can not open exe files (but get no prompts like for missing associations for example, anything I have tried like Firefox, etc. I can navigate in windows explorer...
rgmm Resolved HJT Threads 16 04-09-2011 08:00 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:05 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts