Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: How do I get rid of the DLL malware file that Avast is saying that is malware?  (Read 4134 times)

0 Members and 1 Guest are viewing this topic.

WWE1982

    Topic Starter


    Greenhorn

    • Experience: Familiar
    • OS: Windows 7
    Avast keeps on telling me that it has blocked a file which has malware on it. How do I remove it because I have tried the following:

    Avast.

    Malwarebytes.

    Super Antispyware.

    Spybot Search and Destroy.

    Windows Defender.

    And nothing has shown up.

    SuperDave

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Thanked: 991
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    That's because it has been blocked. Have you installed and new programs prior to this happening?
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

    WWE1982

      Topic Starter


      Greenhorn

      • Experience: Familiar
      • OS: Windows 7
      That's because it has been blocked. Have you installed and new programs prior to this happening?


      Yes, I have.

      SuperDave

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Thanked: 991
      • Certifications: List
      • Experience: Expert
      • OS: Windows 8
      We can do some scans, if you wish, to make sure your computer is clean. Please indicate yes or no.
      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

      WWE1982

        Topic Starter


        Greenhorn

        • Experience: Familiar
        • OS: Windows 7
        We can do some scans, if you wish, to make sure your computer is clean. Please indicate yes or no.


        1. What time will the scan happen?

        2. Will I be able to use my PC during the scan?

        3. Do I need to keep the PC on and online?

        SuperDave

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Thanked: 991
        • Certifications: List
        • Experience: Expert
        • OS: Windows 8
        Quote
        1. What time will the scan happen?

        2. Will I be able to use my PC during the scan?

        3. Do I need to keep the PC on and online?
        You may start the scans anytime after you receive them. It's best not to use the computer while the scans are running but they shouldn't take too long and your computer should remain connected the internet.

        Please download AdwCleaner by Xplode onto your Desktop.

        Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.



        If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
        When the AdwCleaner program will open, click on the Scan button as shown below.



        AdwCleaner will now start to search for malicious files that may be installed on your computer.
        To remove the files that were detected in the previous step, please click on the Clean button.



        AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
        Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
        *********************************************
        Please download Malwarebytes Anti-Malware from here.
        Double Click mbam-setup.exe to install the application.
        • It should update automatically if the computer is connected to the internet.
        • Click on Threat Scan and click on Scan Now.
        • The scan may take some time to finish,so please be patient.
        • When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
        • Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
        • When disinfection is completed you can click on "Copy to Clipboard".
        • Paste the log in you next reply (CTRL+ V)
        *************************************************
        Please download Junkware Removal Tool to your desktop.

        Warning! Once the scan is complete JRT will shut down your browser with NO warning.

        Shut down your protection software now to avoid potential conflicts.

        •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

        •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

        •The tool will open and start scanning your system.

        •Please be patient as this can take a while to complete depending on your system's specifications.

        •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

        •Copy and Paste the JRT.txt log into your next message.
        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

        WWE1982

          Topic Starter


          Greenhorn

          • Experience: Familiar
          • OS: Windows 7
          I've done the scans as requested and the info is as follows:

          Junkware Removal Tool:

          Junkware Removal Tool (JRT) by Thisisu
          Version: 7.0.3 (06.19.2015:1)
          OS: Windows 7 Home Premium x64
          Ran by TARDIS on 20/06/2015 at 18:00:00.93
          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




          ~~~ Services



          ~~~ Tasks



          ~~~ Registry Values



          ~~~ Registry Keys

          Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}
          Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}
          Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}



          ~~~ Files

          Successfully deleted: [File] C:\users\public\desktop\jzip.lnk
          Successfully deleted: [File] C:\users\public\desktop\ytd video downloader.lnk
          Successfully deleted: [File] C:\Users\TARDIS\appdata\local\google\chrome\user data\default\local storage\hxxp_lyrics.wikia.com_0.localstorage
          Successfully deleted: [File] C:\Users\TARDIS\appdata\local\google\chrome\user data\default\local storage\hxxp_lyrics.wikia.com_0.localstorage-journal
          Successfully deleted: [File] C:\Users\TARDIS\appdata\local\google\chrome\user data\default\local storage\hxxp_www.azlyrics.com_0.localstorage
          Successfully deleted: [File] C:\Users\TARDIS\appdata\local\google\chrome\user data\default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
          Successfully deleted: [File] C:\Users\TARDIS\appdata\local\google\chrome\user data\default\local storage\hxxp_www.lyricsmode.com_0.localstorage
          Successfully deleted: [File] C:\Users\TARDIS\appdata\local\google\chrome\user data\default\local storage\hxxp_www.lyricsmode.com_0.localstorage-journal
          Successfully deleted: [File] C:\Users\TARDIS\appdata\local\google\chrome\user data\default\local storage\hxxp_www.metrolyrics.com_0.localstorage
          Successfully deleted: [File] C:\Users\TARDIS\appdata\local\google\chrome\user data\default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
          Successfully deleted: [File] C:\Users\TARDIS\appdata\local\google\chrome\user data\default\local storage\hxxps_static.olark.com_0.localstorage
          Successfully deleted: [File] C:\Users\TARDIS\appdata\local\google\chrome\user data\default\local storage\hxxps_static.olark.com_0.localstorage-journal
          Successfully deleted: [File] C:\Users\TARDIS\AppData\Roaming\microsoft\internet explorer\quick launch\jzip.lnk



          ~~~ Folders

          Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\ytd video downloader



          ~~~ Chrome


          [C:\Users\TARDIS\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

          [C:\Users\TARDIS\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

          [C:\Users\TARDIS\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

          [C:\Users\TARDIS\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
          []





          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          Scan was completed on 20/06/2015 at 18:09:44.32
          End of JRT log
          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




          Adw Cleaner:

          # AdwCleaner v4.206 - Logfile created 20/06/2015 at 17:04:44
          # Updated 01/06/2015 by Xplode
          # Database : 2015-06-17.1 [Server]
          # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
          # Username : TARDIS - TARDIS-PC
          # Running from : C:\Users\TARDIS\Downloads\adwcleaner_4.206.exe
          # Option : Cleaning

          ***** [ Services ] *****

          • Service Deleted : ReimageRealTimeProtector

          Service Deleted : netfilter2

          ***** [ Files / Folders ] *****

          Folder Deleted : C:\ProgramData\Reimage Protector
          Folder Deleted : C:\ProgramData\ytd video downloader
          Folder Deleted : C:\ProgramData\95bce84300006d5a
          Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
          Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
          Folder Deleted : C:\Program Files (x86)\GreenTree Applications
          Folder Deleted : C:\Program Files (x86)\jZip
          Folder Deleted : C:\Program Files\Reimage
          Folder Deleted : C:\Users\TARDIS\AppData\Local\jZip
          Folder Deleted : C:\Users\TARDIS\AppData\LocalLow\jZip
          Folder Deleted : C:\Users\TARDIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
          [/!\] Not Deleted ( Junction ) : C:\Users\TARDIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
          File Deleted : C:\Users\Public\Desktop\jZip.lnk
          File Deleted : C:\Users\Public\Desktop\YTD Video Downloader.lnk
          File Deleted : C:\Windows\Reimage.ini
          File Deleted : C:\Users\TARDIS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
          File Deleted : C:\Users\TARDIS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
          File Deleted : C:\Users\TARDIS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

          ***** [ Scheduled tasks ] *****

          Task Deleted : ReimageUpdater

          ***** [ Shortcuts ] *****


          ***** [ Registry ] *****

          Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
          Key Deleted : HKLM\SOFTWARE\Classes\jZip.file
          Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
          Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
          Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
          Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
          Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
          Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
          Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
          Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
          Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
          Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
          Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
          Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
          Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
          Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
          Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
          Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
          Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
          Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
          Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
          Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
          Key Deleted : HKCU\Software\Conduit
          Key Deleted : HKCU\Software\Reimage
          Key Deleted : HKCU\Software\SpeedBit
          Key Deleted : HKCU\Software\PRODUCTSETUP
          Key Deleted : HKLM\SOFTWARE\DeviceVM
          Key Deleted : HKLM\SOFTWARE\jZip
          Key Deleted : HKLM\SOFTWARE\SpeedBit
          Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jZip
          Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
          Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
          Key Deleted : [x64] HKLM\SOFTWARE\Reimage
          Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Protector

          ***** [ Web browsers ] *****

          -\\ Internet Explorer v11.0.9600.17840


          -\\ Pale Moon v


          -\\ Google Chrome v43.0.2357.124

          [C:\Users\TARDIS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
          [C:\Users\TARDIS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.speedbit.com/search.aspx?s=F4Oa&q={searchTerms}

          *************************

          AdwCleaner[R0].txt - [5282 bytes] - [20/06/2015 15:38:50]
          AdwCleaner[S0].txt - [5054 bytes] - [20/06/2015 17:04:44]

          ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5113  bytes] ##########




          Malwarebytes found none-malware threats.


          [attachment deleted by admin to conserve space]

          SuperDave

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Thanked: 991
          • Certifications: List
          • Experience: Expert
          • OS: Windows 8
          Malwarebytes' Anti-Rootkit

          Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
          • Be sure to print out and follow the instructions provided on that same page for performing a scan.
          • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
          • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
          • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
          • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
          • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
          • Copy and paste the contents of these two log files in your next reply.
          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

          WWE1982

            Topic Starter


            Greenhorn

            • Experience: Familiar
            • OS: Windows 7
            System Log:

            Malwarebytes Anti-Rootkit BETA 1.09.1.1004

            (c) Malwarebytes Corporation 2011-2012

            OS version: 6.1.7601 Windows 7 Service Pack 1 x64

            Account is Administrative

            Internet Explorer version: 11.0.9600.17843

            File system is: NTFS
            Disk drives: C:\ DRIVE_FIXED
            CPU speed: 1.236000 GHz
            Memory total: 3184775168, free: 2109329408

            Downloaded database version: v2015.06.27.03
            Downloaded database version: v2015.06.26.01
            Downloaded database version: v2015.06.26.01
            =======================================
            Initializing...
            ------------ Kernel report ------------
                 06/27/2015 20:34:11
            ------------ Loaded modules -----------
            \SystemRoot\system32\ntoskrnl.exe
            \SystemRoot\system32\hal.dll
            \SystemRoot\system32\kdcom.dll
            \SystemRoot\system32\mcupdate_GenuineIntel.dll
            \SystemRoot\system32\PSHED.dll
            \SystemRoot\system32\CLFS.SYS
            \SystemRoot\system32\CI.dll
            \SystemRoot\system32\drivers\Wdf01000.sys
            \SystemRoot\system32\drivers\WDFLDR.SYS
            \SystemRoot\system32\drivers\ACPI.sys
            \SystemRoot\system32\drivers\WMILIB.SYS
            \SystemRoot\system32\drivers\msisadrv.sys
            \SystemRoot\system32\drivers\pci.sys
            \SystemRoot\system32\drivers\vdrvroot.sys
            \SystemRoot\System32\drivers\partmgr.sys
            \SystemRoot\system32\DRIVERS\compbatt.sys
            \SystemRoot\system32\DRIVERS\BATTC.SYS
            \SystemRoot\system32\drivers\volmgr.sys
            \SystemRoot\System32\drivers\volmgrx.sys
            \SystemRoot\system32\drivers\pciide.sys
            \SystemRoot\system32\drivers\PCIIDEX.SYS
            \SystemRoot\System32\drivers\mountmgr.sys
            \SystemRoot\system32\DRIVERS\iaStor.sys
            \SystemRoot\system32\drivers\atapi.sys
            \SystemRoot\system32\drivers\ataport.SYS
            \SystemRoot\system32\drivers\msahci.sys
            \SystemRoot\system32\drivers\amdxata.sys
            \SystemRoot\system32\drivers\fltmgr.sys
            \SystemRoot\system32\drivers\fileinfo.sys
            \SystemRoot\System32\Drivers\Ntfs.sys
            \SystemRoot\System32\Drivers\msrpc.sys
            \SystemRoot\System32\Drivers\ksecdd.sys
            \SystemRoot\System32\Drivers\cng.sys
            \SystemRoot\System32\drivers\pcw.sys
            \SystemRoot\System32\Drivers\Fs_Rec.sys
            \SystemRoot\system32\drivers\ndis.sys
            \SystemRoot\system32\drivers\NETIO.SYS
            \SystemRoot\System32\Drivers\ksecpkg.sys
            \SystemRoot\System32\drivers\tcpip.sys
            \SystemRoot\System32\drivers\fwpkclnt.sys
            \SystemRoot\system32\drivers\volsnap.sys
            \SystemRoot\System32\Drivers\spldr.sys
            \SystemRoot\System32\drivers\rdyboost.sys
            \SystemRoot\System32\Drivers\mup.sys
            \SystemRoot\System32\drivers\hwpolicy.sys
            \SystemRoot\System32\DRIVERS\fvevol.sys
            \SystemRoot\system32\DRIVERS\disk.sys
            \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
            \SystemRoot\System32\Drivers\aswVmm.sys
            \SystemRoot\System32\Drivers\aswRvrt.sys
            \SystemRoot\system32\drivers\aswSnx.sys
            \SystemRoot\system32\drivers\aswSP.sys
            \SystemRoot\System32\Drivers\Null.SYS
            \SystemRoot\System32\Drivers\Beep.SYS
            \SystemRoot\System32\drivers\vga.sys
            \SystemRoot\System32\drivers\VIDEOPRT.SYS
            \SystemRoot\System32\drivers\watchdog.sys
            \SystemRoot\System32\DRIVERS\RDPCDD.sys
            \SystemRoot\system32\drivers\rdpencdd.sys
            \SystemRoot\system32\drivers\rdprefmp.sys
            \SystemRoot\System32\Drivers\Msfs.SYS
            \SystemRoot\System32\Drivers\Npfs.SYS
            \SystemRoot\system32\DRIVERS\tdx.sys
            \SystemRoot\system32\DRIVERS\TDI.SYS
            \SystemRoot\system32\drivers\netfilter2.sys
            \SystemRoot\system32\drivers\afd.sys
            \SystemRoot\system32\drivers\aswRdr2.sys
            \SystemRoot\System32\DRIVERS\netbt.sys
            \SystemRoot\system32\DRIVERS\wfplwf.sys
            \SystemRoot\system32\DRIVERS\pacer.sys
            \SystemRoot\system32\DRIVERS\vwififlt.sys
            \SystemRoot\system32\DRIVERS\netbios.sys
            \SystemRoot\system32\DRIVERS\wanarp.sys
            \SystemRoot\system32\drivers\termdd.sys
            \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
            \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
            \SystemRoot\system32\DRIVERS\rdbss.sys
            \SystemRoot\system32\drivers\nsiproxy.sys
            \SystemRoot\system32\drivers\mssmbios.sys
            \SystemRoot\System32\drivers\discache.sys
            \SystemRoot\System32\Drivers\dfsc.sys
            \SystemRoot\system32\DRIVERS\blbdrive.sys
            \SystemRoot\system32\DRIVERS\intelppm.sys
            \SystemRoot\system32\DRIVERS\igdkmd64.sys
            \SystemRoot\System32\drivers\dxgkrnl.sys
            \SystemRoot\System32\drivers\dxgmms1.sys
            \SystemRoot\system32\DRIVERS\usbuhci.sys
            \SystemRoot\system32\DRIVERS\USBPORT.SYS
            \SystemRoot\system32\DRIVERS\usbehci.sys
            \SystemRoot\system32\drivers\HDAudBus.sys
            \SystemRoot\system32\DRIVERS\athrx.sys
            \SystemRoot\system32\DRIVERS\vwifibus.sys
            \SystemRoot\system32\DRIVERS\L1C62x64.sys
            \SystemRoot\system32\drivers\i8042prt.sys
            \SystemRoot\system32\DRIVERS\kbfiltr.sys
            \SystemRoot\system32\drivers\kbdclass.sys
            \SystemRoot\system32\DRIVERS\ETD.sys
            \SystemRoot\system32\drivers\mouclass.sys
            \SystemRoot\system32\DRIVERS\CmBatt.sys
            \SystemRoot\system32\DRIVERS\ATK64AMD.sys
            \SystemRoot\system32\drivers\CompositeBus.sys
            \SystemRoot\system32\DRIVERS\AgileVpn.sys
            \SystemRoot\system32\DRIVERS\rasl2tp.sys
            \SystemRoot\system32\DRIVERS\ndistapi.sys
            \SystemRoot\system32\DRIVERS\ndiswan.sys
            \SystemRoot\system32\DRIVERS\raspppoe.sys
            \SystemRoot\system32\DRIVERS\raspptp.sys
            \SystemRoot\system32\DRIVERS\rassstp.sys
            \SystemRoot\system32\DRIVERS\tapSF0901.sys
            \SystemRoot\system32\drivers\swenum.sys
            \SystemRoot\system32\drivers\ks.sys
            \SystemRoot\system32\drivers\umbus.sys
            \SystemRoot\system32\DRIVERS\usbhub.sys
            \SystemRoot\System32\Drivers\NDProxy.SYS
            \SystemRoot\system32\drivers\RTKVHD64.sys
            \SystemRoot\system32\drivers\portcls.sys
            \SystemRoot\system32\drivers\drmk.sys
            \SystemRoot\system32\drivers\ksthunk.sys
            \SystemRoot\system32\drivers\IntcHdmi.sys
            \SystemRoot\system32\DRIVERS\usbccgp.sys
            \SystemRoot\system32\DRIVERS\USBD.SYS
            \SystemRoot\system32\DRIVERS\snp2uvc.sys
            \SystemRoot\system32\DRIVERS\STREAM.SYS
            \SystemRoot\system32\DRIVERS\sncduvc.SYS
            \SystemRoot\System32\win32k.sys
            \SystemRoot\System32\drivers\Dxapi.sys
            \SystemRoot\System32\Drivers\crashdmp.sys
            \SystemRoot\System32\Drivers\dump_iaStor.sys
            \SystemRoot\System32\Drivers\dump_dumpfve.sys
            \SystemRoot\system32\DRIVERS\monitor.sys
            \SystemRoot\System32\TSDDD.dll
            \SystemRoot\System32\cdd.dll
            \SystemRoot\system32\drivers\luafv.sys
            \SystemRoot\system32\drivers\aswMonFlt.sys
            \??\C:\Windows\system32\drivers\mbam.sys
            \SystemRoot\system32\drivers\aswStm.sys
            \SystemRoot\system32\DRIVERS\lltdio.sys
            \SystemRoot\system32\DRIVERS\nwifi.sys
            \SystemRoot\system32\DRIVERS\ndisuio.sys
            \SystemRoot\system32\DRIVERS\rspndr.sys
            \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
            \SystemRoot\system32\drivers\HTTP.sys
            \SystemRoot\system32\DRIVERS\bowser.sys
            \SystemRoot\System32\drivers\mpsdrv.sys
            \SystemRoot\system32\DRIVERS\mrxsmb.sys
            \SystemRoot\system32\DRIVERS\mrxsmb10.sys
            \SystemRoot\system32\DRIVERS\mrxsmb20.sys
            \SystemRoot\system32\drivers\aswHwid.sys
            \SystemRoot\system32\drivers\peauth.sys
            \SystemRoot\System32\Drivers\secdrv.SYS
            \SystemRoot\System32\DRIVERS\srvnet.sys
            \SystemRoot\System32\drivers\tcpipreg.sys
            \SystemRoot\System32\DRIVERS\srv2.sys
            \SystemRoot\System32\DRIVERS\srv.sys
            \SystemRoot\System32\Drivers\fastfat.SYS
            \??\C:\Windows\system32\drivers\mbamchameleon.sys
            \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
            \Windows\System32\ntdll.dll
            \Windows\System32\smss.exe
            \Windows\System32\apisetschema.dll
            \Windows\System32\autochk.exe
            \Windows\System32\shell32.dll
            \Windows\System32\advapi32.dll
            \Windows\System32\msctf.dll
            \Windows\System32\gdi32.dll
            \Windows\System32\clbcatq.dll
            \Windows\System32\user32.dll
            \Windows\System32\psapi.dll
            \Windows\System32\usp10.dll
            \Windows\System32\msvcrt.dll
            \Windows\System32\normaliz.dll
            \Windows\System32\difxapi.dll
            \Windows\System32\iertutil.dll
            \Windows\System32\nsi.dll
            \Windows\System32\imagehlp.dll
            \Windows\System32\rpcrt4.dll
            \Windows\System32\oleaut32.dll
            \Windows\System32\urlmon.dll
            \Windows\System32\sechost.dll
            \Windows\System32\ole32.dll
            \Windows\System32\setupapi.dll
            \Windows\System32\ws2_32.dll
            \Windows\System32\Wldap32.dll
            \Windows\System32\shlwapi.dll
            \Windows\System32\kernel32.dll
            \Windows\System32\imm32.dll
            \Windows\System32\wininet.dll
            \Windows\System32\lpk.dll
            \Windows\System32\comdlg32.dll
            \Windows\System32\userenv.dll
            \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
            \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
            \Windows\System32\comctl32.dll
            \Windows\System32\wintrust.dll
            \Windows\System32\KernelBase.dll
            \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
            \Windows\System32\cfgmgr32.dll
            \Windows\System32\crypt32.dll
            \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
            \Windows\System32\devobj.dll
            \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
            \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
            \Windows\System32\msasn1.dll
            \Windows\System32\profapi.dll
            \Windows\SysWOW64\normaliz.dll
            ----------- End -----------
            Done!

            Scan started
            Database versions:
              main:    v2015.06.27.03
              rootkit: v2015.06.26.01

            <<<2>>>
            Physical Sector Size: 512
            Drive: 0, DevicePointer: 0xfffffa8002fe9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
            --------- Disk Stack ------
            DevicePointer: 0xfffffa8002fe9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
            DevicePointer: 0xfffffa8002fe9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
            DevicePointer: 0xfffffa8002476ac0, DeviceName: Unknown, DriverName: \Driver\ACPI\
            DevicePointer: 0xfffffa8002e7b050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
            ------------ End ----------
            Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
            Upper DeviceData: 0x0, 0x0, 0x0
            Lower DeviceData: 0x0, 0x0, 0x0
            <<<3>>>
            Volume: C:
            File system type: NTFS
            SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
            <<<2>>>
            <<<3>>>
            Volume: C:
            File system type: NTFS
            SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
            Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
            Done!
            Drive 0
            This is a System drive
            Scanning MBR on drive 0...
            Inspecting partition table:
            MBR Signature: 55AA
            Disk Signature: D9B3496E

            Partition information:

                Partition 0 type is Other (0x1c)
                Partition is NOT ACTIVE.
                Partition starts at LBA: 2048  Numsec = 30713856

                Partition 1 type is Primary (0x7)
                Partition is ACTIVE.
                Partition starts at LBA: 30715904  Numsec = 594423808
                Partition file system is NTFS
                Partition is bootable

                Partition 2 type is Empty (0x0)
                Partition is NOT ACTIVE.
                Partition starts at LBA: 0  Numsec = 0

                Partition 3 type is Empty (0x0)
                Partition is NOT ACTIVE.
                Partition starts at LBA: 0  Numsec = 0

            Disk Size: 320072933376 bytes
            Sector size: 512 bytes

            Done!
            File "C:\ProgramData\AVAST Software\Avast\log\AvastSvc.log" is compressed (flags = 1)
            File "C:\ProgramData\AVAST Software\Avast\log\AvastUI.log" is compressed (flags = 1)
            File "C:\ProgramData\AVAST Software\Avast\log\CommChannel.Protocol.log" is compressed (flags = 1)
            File "C:\ProgramData\AVAST Software\Avast\log\Grimefighter.log" is compressed (flags = 1)
            File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-EFD49C4E5794FCF1A856420317D3DF153D140234.bin.VE1" is compressed (flags = 1)
            File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-EFD49C4E5794FCF1A856420317D3DF153D140234.bin.VF" is compressed (flags = 1)
            Scan finished
            =======================================


            Removal queue found; removal started
            Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
            Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-30715904-i.mbam...
            Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
            Removal finished


            Malwarebytes Anti-Rootkit Log:

            Malwarebytes Anti-Rootkit BETA 1.09.1.1004
            www.malwarebytes.org

            Database version:
              main:    v2015.06.27.03
              rootkit: v2015.06.26.01

            Windows 7 Service Pack 1 x64 NTFS
            Internet Explorer 11.0.9600.17843
            TARDIS :: TARDIS-PC [administrator]

            27/06/2015 20:34:45
            mbar-log-2015-06-27 (20-34-45).txt

            Scan type: Quick scan
            Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
            Scan options disabled:
            Objects scanned: 346356
            Time elapsed: 29 minute(s), 28 second(s)

            Memory Processes Detected: 0
            (No malicious items detected)

            Memory Modules Detected: 0
            (No malicious items detected)

            Registry Keys Detected: 0
            (No malicious items detected)

            Registry Values Detected: 0
            (No malicious items detected)

            Registry Data Items Detected: 0
            (No malicious items detected)

            Folders Detected: 0
            (No malicious items detected)

            Files Detected: 0
            (No malicious items detected)

            Physical Sectors Detected: 0
            (No malicious items detected)

            (end)

            SuperDave

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Thanked: 991
            • Certifications: List
            • Experience: Expert
            • OS: Windows 8
            I'd like to scan your machine with ESET OnlineScan

            •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
            ESET OnlineScan

            •Click the button.
            •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
            • Click on to download the ESET Smart Installer. Save it to your desktop.
            • Double click on the icon on your desktop.
            •Check
            •Click the button.
            •Accept any security warnings from your browser.
            • Leave the check mark next to Remove found threats.
            •Check
            •Push the Start button.
            •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
            •When the scan completes, push
            •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
            •Push the button.
            •Push
            A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
            Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

            WWE1982

              Topic Starter


              Greenhorn

              • Experience: Familiar
              • OS: Windows 7
              The eset txt:

              C:\Users\TARDIS\Downloads\BatteryMeterVersion23.exe   a variant of Win32/OpenInstall potentially unwanted application
              C:\Users\TARDIS\Downloads\CR_Downloader_for_epsxe.exe   a variant of Win32/InstallCore.YV potentially unwanted application
              C:\Users\TARDIS\Downloads\CR_Downloader_for_metal-gear-solid-(disc-1)-(v1.1).exe   a variant of Win32/InstallCore.YV potentially unwanted application

              The eset log:

              [email protected] as downloader log:
              all ok
              # product=EOS
              # version=8
              # OnlineScannerApp.exe=1.0.0.1
              # EOSSerial=969f43983d87ad43bfdf573f8b8730bd
              # end=init
              # utc_time=2015-06-29 02:18:42
              # local_time=2015-06-29 03:18:42 (+0000, GMT Daylight Time)
              # country="United Kingdom"
              # osver=6.1.7601 NT Service Pack 1
              Update Init
              Update Download
              Update Finalize
              Updated modules version: 24557
              # product=EOS
              # version=8
              # OnlineScannerApp.exe=1.0.0.1
              # EOSSerial=969f43983d87ad43bfdf573f8b8730bd
              # end=updated
              # utc_time=2015-06-29 02:21:28
              # local_time=2015-06-29 03:21:28 (+0000, GMT Daylight Time)
              # country="United Kingdom"
              # osver=6.1.7601 NT Service Pack 1
              # product=EOS
              # version=8
              # OnlineScannerApp.exe=1.0.0.1
              # OnlineScanner.ocx=1.0.0.7777
              # api_version=3.1.1
              # EOSSerial=969f43983d87ad43bfdf573f8b8730bd
              # engine=24557
              # end=finished
              # remove_checked=false
              # archives_checked=false
              # unwanted_checked=true
              # unsafe_checked=false
              # antistealth_checked=true
              # utc_time=2015-06-29 03:31:19
              # local_time=2015-06-29 04:31:19 (+0000, GMT Daylight Time)
              # country="United Kingdom"
              # lang=1033
              # osver=6.1.7601 NT Service Pack 1
              # compatibility_mode_1='avast! Internet Security'
              # compatibility_mode=779 16777213 85 72 87540 200015969 0 0
              # compatibility_mode_1=''
              # compatibility_mode=5893 16776573 100 94 0 188056929 0 0
              # scanned=145720
              # found=3
              # cleaned=0
              # scan_time=4191
              sh=B21FD453CC650641C949068A0EA597B1914AEAC1 ft=1 fh=7783b92a0e2cbc12 vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\TARDIS\Downloads\BatteryMeterVersion23.exe"
              sh=3E4692EBB5E813BAE3E38BAA5BD41741B7A028C1 ft=1 fh=c82c2ad8b563db73 vn="a variant of Win32/InstallCore.YV potentially unwanted application" ac=I fn="C:\Users\TARDIS\Downloads\CR_Downloader_for_epsxe.exe"
              sh=B44819D7EA4BE8AC172215D59AC2BAAEA6F903D2 ft=1 fh=c82c2ad8c0d31fbd vn="a variant of Win32/InstallCore.YV potentially unwanted application" ac=I fn="C:\Users\TARDIS\Downloads\CR_Downloader_for_metal-gear-solid-(disc-1)-(v1.1).exe"

              SuperDave

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Thanked: 991
              • Certifications: List
              • Experience: Expert
              • OS: Windows 8
              How's your computer running now? Any other issues?
              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

              WWE1982

                Topic Starter


                Greenhorn

                • Experience: Familiar
                • OS: Windows 7
                The computer is running fine, apart from the same message popping up.

                SuperDave

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Thanked: 991
                • Certifications: List
                • Experience: Expert
                • OS: Windows 8
                Ok. Let's try this. Download, install and run a scan with MSE (below) and see if it finds anything.
                MicroSoft Security Essentials   All versions and all languages.
                Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender