Solved have I been hacked on Chrome browser?

[ShamrockRig]

Links embedded in previous post.

Check Proxy:
https://support.google.com/chrome/answer/96815?hl=en

Reset Chrome:
https://support.google.com/chrome/answer/3296214?hl=en

MBAM:
Malwarebytes : Thank you for download Malwarebytes Anti-Malware

Download Malwarebytes' Anti-Malware (aka MBAM): Malwarebytes : Malwarebytes Anti-Malware FREE to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Here are the Instructions for running MalwareBytes, Be sure not to click on the free trial of pro if it offers one.

 

[sdowney717]

jrt log
then onto rogue killer
jrt always says it finds a bad module.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Ultimate x86
Ran by Tricia on Thu 02/13/2014 at 17:40:12.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/13/2014 at 17:47:56.73
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[shellcode]

Was there a proxy being used? If so remove it. IE and Chrome used the proxy configured in Internet Options under Windows. Unlike IE, Chrome enforces certificate pinning on select websites, like google.com. This could suggest why Chrome was alerting you, while IE was not.

Check proxy settings by:

Opening Control Panel, and then clicking Internet Options. Click the Connections tab, and then click LAN settings. Was an address listed in the address box?

Do not do anything sensitive on this computer, even if using a different browser!

 

[sdowney717]

I found out chrome was alerting me because the date was set to year 2000.
No proxies are being used.
rogue killer is running and look like it will take a while.
PC is still fast.

unfortunately our taxes are being done on this PC

 

[shellcode]

Glad you solved the certificate error. What are the remaining indicators of infection?

 

[ShamrockRig]

I found out chrome was alerting me because the date was set to year 2000.
No proxies are being used.
rogue killer is running and look like it will take a while.
PC is still fast.

unfortunately our taxes are being done on this PC

I pointed out the date in post #3

 

[shellcode]

I noticed you did and assumed they had already ruled that out as a possibility.

 

[sdowney717]

Roguekiller, the bar is only about 1 inches completed.

How long does it take to complete?
Might be a day when I can post back the results.

makes me wonder if it is hung up, it is flashing the green bar across.
not much hard drive action.

 

[sdowney717]

I think it is stuck.
I let it run all night,
It scan file and folders, but building tree never progresses

 

[sdowney717]

Check this out.
I went to malwarebytes web site, and was rejected saying they would not accept the connection on their free download page.

 

[ShamrockRig]

Hmmm thats weird for roguekiller, Did you try restarting and running it again?
Also, im not a fan of IE and have always thought of it to cause problems, i suggest using firefox until your personal preference is available again.

 

[sdowney717]

yes restarted once.
I just got malwarebytes from filehippo
uninstalled it and reinstalled it and did a full scan and it found 3 items, one a Trojan.

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
Tricia :: TRICIA-PC [administrator]
2/14/2014 7:14:10 AM
mbam-log-2014-02-14 (07-14-10).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 335283
Time elapsed: 1 hour(s), 3 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Users\Tricia\Pictures\Downloads\mediaplayerlite_d166371.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Tricia\Pictures\Downloads\setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\Tricia\Pictures\Downloads\Ticket.zip (Trojan.CryptPro.Gen) -> Quarantined and deleted successfully.

(end)

 

[sdowney717]

I went direct to the site and downloaded OTL and roguekiller.

After malwarebytes killed that Trojan, I restarted roquekiller and it is running to completion. It has gone beyond where it had hung up. So prescan completed and now it is doing the full scan.

 

[sdowney717]

RK report.

In the gui window, it shows reg entries and in the driver tab shows false illegitimate programs

RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : Adlice forum - Index
Website : RogueKiller download
Blog : Adlice Software | malware analysis
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Tricia [Admin rights]
Mode : Scan -- Date : 02/14/2014 08:53:15
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x5C9313C5)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9461D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9462D)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D90DC5)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9460D)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x75B546E9)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9461D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9462D)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D90DC5)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9460D)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x75B546E9)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9461D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9462D)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D90DC5)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9460D)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x75B546E9)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9461D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9462D)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D90DC5)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9460D)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x75B546E9)
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) MAXTOR STM3200820A ATA Device +++++
--- User ---
[MBR] 7ab1e9c4f037b7cc2939d3b2f6f59c1f
[BSP] f0fd0e653df2b2f115e11cf7a255ff35 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 Mo
2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 156301310 | Size: 114462 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_02142014_085315.txt >>

I told it to fix everything, except shortcuts as it gave a warning about hidden files.etc...

 

[ShamrockRig]

Go ahead and run the delete part.

 

[ShamrockRig]

Download DDS from here: dds.scr or here: dds.com and save it to your desktop.

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Anti-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

• When done, DDS will open two (2) logs:
• DDS.txt
• Attach.txt

• Save both reports to your desktop
• Please Copy & Paste the contents of the following logs in your next reply: DDS.txt and Attach.txt

Then run this



Please download Malwarebytes Anti-Rootkit from here

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

 

[sdowney717]

DDS first, then attach second.
Why does it say not to post attach.txt as text?

I uninstalled Chrome and reinstalled Chrome and so far no troubles.
I am using chrome to post this.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2
Run by Tricia at 9:50:38 on 2014-02-14
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3039.1407 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Google\Chrome Remote Desktop\32.0.1700.98\remoting_host.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files\Google\Chrome Remote Desktop\32.0.1700.98\remoting_host.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Windows\System32\alg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\kX Audio Driver\3550\kxmixer.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\vVX6000.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\ubuntuone\dist\ubuntuone-syncdaemon.exe
C:\Program Files\ubuntuone\dist\ubuntuone-control-panel-qt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\C2MP\UpdateChecker.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ubuntuone\dist\ubuntuone-proxy-tunnel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conhost.exe
C:\Program Files\ubuntuone\dist\ubuntu-sso-login.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Windows\notepad.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Ubuntu One] "c:\program files\ubuntuone\dist\ubuntuone-syncdaemon.exe"
uRun: [Ubuntu One Icon] "c:\program files\ubuntuone\dist\ubuntuone-control-panel-qt.exe" --minimized --with-icon
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [SkyDrive] "c:\users\tricia\appdata\local\microsoft\skydrive\SkyDrive.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [kX Mixer] c:\program files\kx audio driver\3550\kxmixer.exe --startup
mRun: [PowerDVD12DMREngine] "c:\program files\cyberlink\powerdvd12\kernel\dmr\PowerDVD12DMREngine.exe"
mRun: [PowerDVD12Agent] "c:\program files\cyberlink\powerdvd12\PowerDVD12Agent.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\codecp~1.lnk - c:\windows\system32\c2mp\UpdateChecker.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{71ACC367-6EDA-44D8-95B9-EF737496DB3D} : DHCPNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tricia\appdata\roaming\mozilla\firefox\profiles\7qf6qhde.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-5-1 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-5-1 180248]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2013-1-10 16504]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-16 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-1-16 410784]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/01/21 12:35:16];c:\program files\cyberlink\powerdvd12\common\navfilter\000.fcl [2012-9-10 89616]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-2-12 172032]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-1-16 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-2-12 50344]
R2 chromoting;Chrome Remote Desktop Service;c:\program files\google\chrome remote desktop\32.0.1700.98\remoting_host.exe [2014-1-13 50456]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\CLHNServiceForPowerDVD12.exe [2013-1-21 90640]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files\cyberlink\powerdvd12\kernel\dms\CLMSMonitorServicePDVD12.exe [2013-1-21 78352]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files\cyberlink\powerdvd12\kernel\dms\CLMSServerPDVD12.exe [2013-1-21 295440]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-2-14 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-2-14 701512]
R2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\ntk_PowerDVD12.sys [2013-1-21 121208]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2013-1-10 225400]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2013-1-22 13880]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-1-11 64168]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [2009-9-17 607496]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-2-14 22856]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2010-5-20 2074480]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Bda8600;VBox TV Receiver, BDA Tuner Driver (DTF8600);c:\windows\system32\drivers\Dtf8600b.sys [2013-12-20 102016]
S3 BdaVb35xx;VBox Vb35xx BDA driver;c:\windows\system32\drivers\Vb35xxB.sys [2013-12-20 157696]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-1-12 108032]
S3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2013-1-16 13704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-1-15 1343400]
.
=============== Created Last 30 ================
.
2014-02-14 12:12:31 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-14 12:12:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-13 21:29:08 -------- d-----w- C:\AdwCleaner
2014-02-13 20:59:38 -------- d-----w- C:\$RECYCLE.BIN
2014-02-13 20:58:00 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9f7aa91a-f1de-4573-a156-a2ccd9cd285a}\offreg.dll
2014-02-13 20:42:37 -------- d-----w- C:\Qoobox - Copy (2)
2014-02-13 20:42:21 -------- d-----w- C:\Qoobox - Copy
2014-02-12 22:59:36 98816 ----a-w- c:\windows\sed.exe
2014-02-12 22:59:36 256000 ----a-w- c:\windows\PEV.exe
2014-02-12 22:59:36 208896 ----a-w- c:\windows\MBR.exe
2014-02-12 18:55:32 -------- d-----w- c:\users\tricia\appdata\local\ATI
2014-02-12 18:48:40 -------- d-----w- c:\program files\common files\ATI Technologies
2014-02-12 17:52:58 -------- d-----w- c:\program files\AMD APP
2014-02-12 17:52:39 -------- d-----w- c:\program files\ATI
2014-02-12 17:51:20 -------- d-----w- c:\program files\ATI Technologies
2014-02-12 17:49:18 -------- d-----w- C:\AMD
2014-02-08 15:38:04 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-02-03 14:05:54 -------- d-----w- C:\Intel18.8
2014-01-26 13:16:30 -------- d-----w- C:\TaxACT
.
==================== Find3M ====================
.
2014-02-13 19:05:54 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-13 19:05:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-12 18:01:03 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-12 18:01:03 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-12 18:01:03 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-02-12 18:01:01 43152 ----a-w- c:\windows\avastSS.scr
2014-01-12 17:15:33 69632 ----a-w- c:\windows\system32\smss.exe
2014-01-12 17:15:33 640512 ----a-w- c:\windows\system32\advapi32.dll
2014-01-12 17:15:33 619520 ----a-w- c:\windows\system32\tdh.dll
2014-01-12 17:15:33 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-01-12 17:15:33 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-01-12 17:15:33 38912 ----a-w- c:\windows\system32\csrsrv.dll
2014-01-12 17:15:33 1289096 ----a-w- c:\windows\system32\ntdll.dll
2014-01-12 17:14:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-01-12 17:14:18 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-12 17:14:18 231424 ----a-w- c:\windows\system32\mswsock.dll
2014-01-12 17:14:18 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-01-12 17:14:18 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-01-12 17:13:04 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-01-12 17:06:36 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-12 17:02:48 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-01-11 11:25:35 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-11 11:25:34 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-01-11 11:25:34 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-20 23:42:22 94208 ----a-w- c:\windows\system32\Mpeg2Parser.ax
2013-12-20 23:42:22 139264 ----a-w- c:\windows\system32\Mpeg2Decoder.ax
.
============= FINISH: 9:51:13.90 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/15/2013 4:24:14 PM
System Uptime: 2/14/2014 8:23:31 AM (1 hours ago)
.
Motherboard: Intel Corporation | | S875WP1
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | J2E1 | 2793/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 32.443 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Input Device
Device ID: PCI\VEN_1102&DEV_7002&SUBSYS_00201102&REV_07\4&2E98101C&0&11F0
Manufacturer:
Name: PCI Input Device
PNP Device ID: PCI\VEN_1102&DEV_7002&SUBSYS_00201102&REV_07\4&2E98101C&0&11F0
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-zip v9.20
AC3Filter 2.6.0b
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
AMD APP SDK Runtime
AMD Catalyst Install Manager
ATI AVIVO Codecs
avast! Free Antivirus
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help English
CCC Help French
CCC Help German
CCC Help Spanish
Chrome Remote Desktop Host
Corel WinDVD
Corel WinDVD Pro 11
CPUID CPU-Z 1.62.0
CyberLink PowerDVD 12
DiskCheckup v3.1
EaseUS Partition Recovery 5.6.1
Eassos PartitionGuru Professional 3.7.0
Eassos Recovery Free 3.4.0
Google Chrome
Google Drive
Google Update Helper
HydraVision
ICA
IPM
Java 7 Update 51
Java Auto Updater
K-Lite Mega Codec Pack 9.7.0
Macrium Reflect Free Edition
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Corporation
Microsoft LifeCam
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 27.0 (x86 en-US)
Mozilla Maintenance Service
Setup
Skype™ 6.11
SMPlayer 0.8.3
SpeedFan (remove only)
System Requirements Lab for Intel
TaxACT 2012 - 1040 Edition
TaxACT 2012 Virginia
TaxACT 2013 - 1040 Edition
TaxACT 2013 Virginia
Ubuntu One
UMPlayer 0.98 [P3]
VLC media player 2.1.3
Windows 7 Codec Pack 4.0.8
.
==== Event Viewer Messages From Past Week ========
.
2/14/2014 8:58:08 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Tricia-PC\Tricia SID (S-1-5-21-3456394791-1825238727-3856076948-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/14/2014 8:58:08 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Tricia-PC\Tricia SID (S-1-5-21-3456394791-1825238727-3856076948-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/14/2014 7:10:34 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
.
==== End Of File ===========================

 

[ShamrockRig]

after extensive scans, i would say that your pretty clean from adware, malware etc.
If all is running fine etc, I'd suggest just trying it for a few days, if any problems appear, let us know and we will find a solution, thanks for all your time, you done great!

 

[sdowney717]

came back clean, no clean up needed. I think for now it is gone.
So what was it, that trojan malwarebytes found?

mbar log

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
Malwarebytes : Free Anti-Malware

Database version: v2014.02.14.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
Tricia :: TRICIA-PC [administrator]

2/14/2014 9:59:34 AM
mbar-log-2014-02-14 (09-59-34).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 210350
Time elapsed: 10 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

system log

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 11.0.9600.16428

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 3186343936, free: 1461190656

Downloaded database version: v2014.02.14.06
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
02/14/2014 09:59:25
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\drmkvqpo.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\speedfan.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\pssnap.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\giveio.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\agp440.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\??\C:\Windows\system32\drivers\aswSnx.sys
\??\C:\Windows\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\??\C:\Windows\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\SMBios.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\E1G60I32.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\kx.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\e100b325.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\VX6000Xp.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\VX6KCamd.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\??\C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Windows\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\??\C:\Windows\system32\drivers\aswStm.sys
\??\C:\Windows\system32\drivers\mbam.sys
\??\C:\Windows\system32\TrueSight.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Users\Tricia\AppData\Local\Temp\mbr.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\sechost.dll
\Windows\System32\ole32.dll
\Windows\System32\normaliz.dll
\Windows\System32\iertutil.dll
\Windows\System32\urlmon.dll
\Windows\System32\psapi.dll
\Windows\System32\wininet.dll
\Windows\System32\kernel32.dll
\Windows\System32\usp10.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\advapi32.dll
\Windows\System32\shell32.dll
\Windows\System32\setupapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\lpk.dll
\Windows\System32\msvcrt.dll
\Windows\System32\gdi32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\imm32.dll
\Windows\System32\msctf.dll
\Windows\System32\nsi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\difxapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\user32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86430030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff8568d908
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86430030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8642f148, DeviceName: Unknown, DriverName: \Driver\pssnap\
DevicePointer: 0xffffffff86430d18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86430030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85f53938, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8568d908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 67FEEC

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 156092416

Partition 2 type is Extended with CSH (0x5)
Partition is NOT ACTIVE.
Partition starts at LBA: 156301310 Numsec = 234418178

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 200048565760 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-390699855-390719855)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

 

[sdowney717]

I do thank you for all the help.
It seems other people could gain similar help following your instructions you had me perform.
So far it is zipping along fine.