hi. thanks for the response. i havent run hitman pro and i feel a bit uncomfortable using teamviewer. but for the last hour ive been running scans in safe mode. to update you on what ive done i used the remove option on my AVG scan to "remove" the rootkits. i had 2. it no longer detects them when i scan but it does still detect tracing cookies witch it was doing before. i ran a AVG scan and a Gmer scan in safe mode but because im an idiot the Gmer scan results i copied into a text file didnt make it through the restart because i forgot to save it... anyway this is the safe mode AVG scan. ive seen a lot of threads looking for Gmer results so thats why im posting them. i gotta go for a bit so ill check to see if you responded.
AVG AntiVirus command line scanner
Copyright (c) 1992 - 2016 AVG Technologies
Program version 2016.0.7442, engine 2016.0.4522
Virus Database: Version 4522/11613 2016-02-12
C:\Documents and Settings\ Locked file. Not scanned. is OK.
C:\hiberfil.sys Locked file. Not scanned. is OK.
C:\pagefile.sys Locked file. Not scanned. is OK.
C:\ProgramData\Desktop\ Locked file. Not scanned. is OK.
C:\ProgramData\Documents\ Locked file. Not scanned. is OK.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\62ff6d7c3bd1b209970ce4f09ba8e995_e5bd8955-c590-4fa8-918b-3f120bbc9aa7 Locked file. Not scanned. is OK.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d49f8cd45d748509ca7e8bbc99f7f0ed_e5bd8955-c590-4fa8-918b-3f120bbc9aa7 Locked file. Not scanned. is OK.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f91eb4741d6ade428438d4a47d8f5106_e5bd8955-c590-4fa8-918b-3f120bbc9aa7 Locked file. Not scanned. is OK.
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json Locked file. Not scanned. is OK.
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json Locked file. Not scanned. is OK.
C:\ProgramData\Microsoft\Diagnosis\events00.rbs Locked file. Not scanned. is OK.
C:\ProgramData\Microsoft\Diagnosis\events01.rbs Locked file. Not scanned. is OK.
C:\ProgramData\Microsoft\Diagnosis\events10.rbs Locked file. Not scanned. is OK.
C:\ProgramData\Microsoft\Diagnosis\events11.rbs Locked file. Not scanned. is OK.
C:\ProgramData\Microsoft\Diagnosis\users.dat Locked file. Not scanned. is OK.
C:\ProgramData\Microsoft\Windows\LocationProvider\ Locked file. Not scanned. is OK.
C:\ProgramData\Microsoft\Windows\SystemData\ Locked file. Not scanned. is OK.
C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin Locked file. Not scanned. is OK.
C:\ProgramData\Templates\ Locked file. Not scanned. is OK.
C:\swapfile.sys Locked file. Not scanned. is OK.
C:\System Volume Information\ Locked file. Not scanned. is OK.
C:\Users\Default\AppData\Local\History\ Locked file. Not scanned. is OK.
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\ Locked file. Not scanned. is OK.
C:\Users\Default\AppData\Local\Temporary Internet Files\ Locked file. Not scanned. is OK.
C:\Users\Default\Cookies\ Locked file. Not scanned. is OK.
C:\Users\Default\Documents\My Music\ Locked file. Not scanned. is OK.
C:\Users\Default\Documents\My Pictures\ Locked file. Not scanned. is OK.
C:\Users\Default\Documents\My Videos\ Locked file. Not scanned. is OK.
C:\Users\Default\NetHood\ Locked file. Not scanned. is OK.
C:\Users\Default\PrintHood\ Locked file. Not scanned. is OK.
C:\Users\Default\Recent\ Locked file. Not scanned. is OK.
C:\Users\Default\Templates\ Locked file. Not scanned. is OK.
C:\Users\Public\Documents\My Music\ Locked file. Not scanned. is OK.
C:\Users\Public\Documents\My Pictures\ Locked file. Not scanned. is OK.
C:\Users\Public\Documents\My Videos\ Locked file. Not scanned. is OK.
C:\Users\nameless\AppData\Local\Avg\av16\temp\avg-08364842-554e-4f4b-b343-515d52097f1f.tmp Locked file. Not scanned. is OK.
C:\Users\nameless\AppData\Local\History\ Locked file. Not scanned. is OK.
C:\Users\nameless\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\ Locked file. Not scanned. is OK.
C:\Users\nameless\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5\ Locked file. Not scanned. is OK.
C:\Users\nameless\AppData\Local\Microsoft\Windows\Notifications\WPNPRMRY.tmp Locked file. Not scanned. is OK.
C:\Users\nameless\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not scanned. is OK.
C:\Users\nameless\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not scanned. is OK.
C:\Users\nameless\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not scanned. is OK.
C:\Users\nameless\AppData\Local\Microsoft\Windows\WebCache\V01.log Locked file. Not scanned. is OK.
C:\Users\nameless\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat Locked file. Not scanned. is OK.
C:\Users\nameless\AppData\Local\Microsoft\Windows\WebCacheLock.dat Locked file. Not scanned. is OK.
C:\Users\nameless\Documents\My Music\ Locked file. Not scanned. is OK.
C:\Users\nameless\Documents\My Pictures\ Locked file. Not scanned. is OK.
C:\Users\nameless\Documents\My Videos\ Locked file. Not scanned. is OK.
C:\Users\nameless\NetHood\ Locked file. Not scanned. is OK.
C:\Users\nameless\NTUSER.DAT Locked file. Not scanned. is OK.
this is the new Gmer scan results. i did a rootkit/malware scan and a autostart scan.
GMER 2.1.19357 -
GMER - Rootkit Detector and Remover
Rootkit scan 2016-02-12 21:43:18
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003b HGST_HTS721010A9E630 rev.JB0OA3J0 931.51GB
Running: gmer.exe; Driver: C:\Users\nameless\AppData\Local\Temp\uwrdypob.sys
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [1460:3808] fffff960008842d0
---- Processes - GMER 2.1 ----
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [8416] 000000000fe90000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [8416] 0000000050380000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [8416] 0000000054fa0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [8112] 000000000fe90000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [8112] 0000000077cd0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [8112] 0000000077bb0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [8112] 0000000050380000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [8112] 0000000054fa0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACECORE.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [8112] 00000000500f0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\1033\ACEWSTR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [8112] 0000000055110000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACEES.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [8112] 0000000050050000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\VBAJET32.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [8112] 0000000054f50000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\expsrv.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [8112] 0000000054ef0000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
GMER 2.1.19357 -
GMER - Rootkit Detector and Remover
Autostart scan 2016-02-12 21:44:59
Windows 6.2.9200
Apple Mobile Device Service@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
avgfws@ = "C:\Program Files (x86)\AVG\Av\avgfws.exe"
AVGIDSAgent@ = "C:\Program Files (x86)\AVG\Av\avgidsagent.exe"
avgsvc@ = "C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe"
avgwd@ = "C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe"
Bluetooth Device Monitor@ = "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
Bluetooth OBEX Service@ = "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
ETDService@ = C:\Program Files\Elantech\ETDService.exe
EvtEng@ = "C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
GfExperienceService@ = "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
gupdate@ = "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
HiPatchService@ = C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
IAStorDataMgrSvc@ = "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
iBtSiva@ = C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
igfxCUIService1.0.0.0@ = %SystemRoot%\system32\igfxCUIService.exe
Intel(R) Capability Licensing Service Interface@ = "C:\Program Files\Intel\iCLS Client\HeciServer.exe"
Intel(R) ME Service@ = "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
jhi_service@ = "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
LMS@ = "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
MBAMScheduler@ = "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
MBAMService@ = "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
Micro Star SCM@ = C:\Program Files (x86)\SCM\MSIService.exe
MSI_SuperCharger@ = C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
NvNetworkService@ = "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
NvStreamSvc@ = "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
nvsvc@ = "C:\Windows\system32\nvvsvc.exe"
Qualcomm Atheros Killer Service V2@ = "C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe"
RegSrvc@ = "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
ZeroConfigService@ = "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@RTHDVCPL"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s = "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
@NvBackend"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" = "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
@IAStorIcon"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 = "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
@ETDCtrl%ProgramFiles%\Elantech\ETDCtrl.exe /*file not found*/ = %ProgramFiles%\Elantech\ETDCtrl.exe /*file not found*/
@SCMC:\Program Files (x86)\SCM\SCM.exe = C:\Program Files (x86)\SCM\SCM.exe
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Steam"C:\Program Files (x86)\Steam\steam.exe" -silent = "C:\Program Files (x86)\Steam\steam.exe" -silent
@Skype"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WebCheck =
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe@DisableExceptionChainValidation = 3 /*file not found*/
HKLM\Software\Classes\.hta@ = C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} /*Contacts folder*/(null) =
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/(null) =
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\Program Files\NVIDIA Corporation\Display\nvui.dll = C:\Program Files\NVIDIA Corporation\Display\nvui.dll
@{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} /*NVIDIA Play On My TV Context Menu Extension*/%SystemRoot%\system32\nvshext.dll = %SystemRoot%\system32\nvshext.dll
@{A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} /*NvAppShExt extension*/C:\Windows\system32\nv3dappshext.dll = C:\Windows\system32\nv3dappshext.dll
@{E97DEC16-A50D-49bb-AE24-CF682282E08D} /*OpenGLShExt extension*/C:\Windows\system32\nv3dappshext.dll = C:\Windows\system32\nv3dappshext.dll
@{0066D4B3-8DE0-4D08-AA83-EDD50E2431F0} /*ELAN Control Panel*/%ProgramFiles%\Elantech\ETDMcpl.dll /*file not found*/ = %ProgramFiles%\Elantech\ETDMcpl.dll /*file not found*/
@{9D843851-50AA-46EE-829A-784DEBA4716C} /*Bluetooth Property Page Extension*/C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll = C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll
@{B8DA2B41-7468-4E82-B62C-CB4A0C9158FE} /*Bluetooth Context Menu Extension*/C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll = C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll
@{0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} /*Bluetooth Send To Wizard*/C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll = C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/c:\Program Files\WinZip\wzshls64.dll = c:\Program Files\WinZip\wzshls64.dll
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/c:\Program Files\WinZip\wzshls64.dll = c:\Program Files\WinZip\wzshls64.dll
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/c:\Program Files\WinZip\wzshls64.dll = c:\Program Files\WinZip\wzshls64.dll
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/c:\Program Files\WinZip\wzshls64.dll = c:\Program Files\WinZip\wzshls64.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/(null) =
@{B41DB860-64E4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG Shell Extension*/C:\Program Files (x86)\AVG\Av\avgsea.dll = C:\Program Files (x86)\AVG\Av\avgsea.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG Find Extension*/(null) =
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files (x86)\AVG\Av\avgsea.dll
WinRAR@{B41DB860-64E4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinRAR32@{B41DB860-8EE4-11D2-9906-E49FADC173CA} =
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = c:\Program Files\WinZip\wzshls64.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip@{E0D79304-84BE-11CE-9641-444553540000} = c:\Program Files\WinZip\wzshls64.dll
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ >>>
igfxcui@{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =
igfxDTCM@{9B5F5829-A529-4B12-814A-E81BCB8D93FC} = C:\Windows\system32\igfxDTCM.dll
igfxOSP@{FA507C3F-30C6-4DCA-9EE5-2656072EEC14} = C:\Windows\system32\igfxOSP.dll
NvCplDesktopContext@{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = %SystemRoot%\system32\nvshext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files (x86)\AVG\Av\avgsea.dll
WinRAR@{B41DB860-64E4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinRAR32@{B41DB860-8EE4-11D2-9906-E49FADC173CA} =
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = c:\Program Files\WinZip\wzshls64.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{AA58ED58-01DD-4d91-8333-CF10577473F7} = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.FPS1 = frapsv64.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/p/?LinkId=255141 =
MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
@Start Pagehttp://go.microsoft.com/fwlink/p/?LinkId=255141 =
MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
@Local PageC:\Windows\System32\blank.htm = C:\Windows\System32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://msi13.msn.com =
MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
@Start Pagehttp://msi13.msn.com =
MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
@Local PageC:\Windows\system32\blank.htm = C:\Windows\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
osf@CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1} /*file not found*/
wlpg@CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} /*file not found*/
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008@LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll
---- EOF - GMER 2.1 ----