Jump to content

nunevega

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. ComboFix 13-09-10.03 - DMJ 09/13/2013 7:41.2.8 - x64 NETWORK Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.3099 [GMT -7:00] Running from: c:\users\DMJ\Desktop\ComboFix.exe Command switches used :: c:\users\DMJ\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . FILE :: "c:\users\DMJ\AppData\Local\CRE\OWGaGlYi.exe" "c:\users\DMJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QYnusxFo.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Ask.com c:\program files (x86)\Ask.com\btn_search.png c:\program files (x86)\Ask.com\cobrand.ico c:\program files (x86)\Ask.com\config.xml c:\program files (x86)\Ask.com\favicon.ico c:\program files (x86)\Ask.com\fv_b911.ico c:\program files (x86)\Ask.com\GenericAskToolbar.dll c:\program files (x86)\Ask.com\limewire_logo.png c:\program files (x86)\Ask.com\mupcfg.xml c:\program files (x86)\Ask.com\SaUpdate.exe c:\program files (x86)\Ask.com\UpdateTask.exe c:\programdata\Babylon c:\users\DMJ\AppData\Local\bpVEiVZe c:\users\DMJ\AppData\Local\CRE\OWGaGlYi.exe c:\users\DMJ\AppData\Local\jwSKQAUj c:\users\DMJ\AppData\Local\jwSKQAUj\css\all.css c:\users\DMJ\AppData\Local\jwSKQAUj\css\style-custom.css c:\users\DMJ\AppData\Local\jwSKQAUj\images\arrow.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-box-bottom.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-box.jpg c:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-btn-sprite.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-header-repeat.gif c:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-html.jpg c:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-li.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-track.gif c:\users\DMJ\AppData\Local\jwSKQAUj\images\content\img1.jpg c:\users\DMJ\AppData\Local\jwSKQAUj\images\content\img2.jpg c:\users\DMJ\AppData\Local\jwSKQAUj\images\content\img3.jpg c:\users\DMJ\AppData\Local\jwSKQAUj\images\content\img4.jpg c:\users\DMJ\AppData\Local\jwSKQAUj\images\dominicks.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\dotted-copy.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\dotted-small.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\dotted.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\epay.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\genuardis.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\logo-ie.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\logo.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\moneypack.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\nowprepay.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\oder.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\paysafe.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\pioneer.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\precash.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\price.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\safeway.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\sagamie.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\shoprite.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\total.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\usa.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\webcam.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\x.jpg c:\users\DMJ\AppData\Local\jwSKQAUj\index.html c:\users\DMJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QYnusxFo.exe . . ((((((((((((((((((((((((( Files Created from 2013-08-13 to 2013-09-13 ))))))))))))))))))))))))))))))) . . 2013-09-13 14:50 . 2013-09-13 14:50 -------- d-----w- c:\users\hedev\AppData\Local\temp 2013-09-13 14:50 . 2013-09-13 14:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-12 20:21 . 2013-09-12 20:21 -------- d-----w- c:\users\DMJ\AppData\Local\ElevatedDiagnostics 2013-09-12 20:17 . 2013-09-12 20:17 -------- d-----w- c:\program files\wrapper_inst 2013-09-12 20:17 . 2013-09-12 20:17 -------- d-----w- c:\program files (x86)\wrapper_inst 2013-09-12 11:16 . 2013-09-12 11:16 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56EDB97B-32F6-4CDF-A5AC-3BD5B0BBA3E5}\offreg.dll 2013-09-12 10:45 . 2013-08-10 05:22 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-09-12 10:45 . 2013-08-10 05:21 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-09-12 10:45 . 2013-08-10 03:59 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-09-12 10:45 . 2013-08-10 03:59 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-09-12 10:45 . 2013-08-10 03:58 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll 2013-09-12 10:45 . 2013-08-10 05:22 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-09-12 10:45 . 2013-08-10 05:20 15404544 ----a-w- c:\windows\system32\ieframe.dll 2013-09-12 10:45 . 2013-08-10 05:21 19246592 ----a-w- c:\windows\system32\mshtml.dll 2013-09-12 03:50 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56EDB97B-32F6-4CDF-A5AC-3BD5B0BBA3E5}\mpengine.dll 2013-09-11 03:23 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-09-07 08:37 . 2013-09-07 08:35 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2ED2A715-E4EA-4259-9812-E6E301CC2FD9}\gapaengine.dll 2013-09-07 07:59 . 2013-09-07 08:22 -------- d-----w- c:\program files (x86)\RivaTuner Statistics Server 2013-09-07 07:59 . 2013-09-07 08:22 -------- d-----w- c:\program files (x86)\EVGA Precision X 2013-09-05 07:15 . 2013-09-05 07:19 -------- d-----w- c:\users\DMJ\AppData\Local\VisualBeeExe 2013-09-05 07:14 . 2013-09-05 07:23 -------- d-----w- c:\users\DMJ\AppData\Roaming\Systweak 2013-09-05 07:14 . 2013-09-05 07:14 -------- d-----w- c:\users\DMJ\AppData\Roaming\DSite 2013-09-04 21:59 . 2013-09-12 04:20 -------- d-----w- c:\program files\Core Temp 2013-09-04 21:59 . 2013-09-07 08:22 -------- d-----w- c:\program files (x86)\Yahoo Browser Settings 2013-09-04 00:34 . 2013-09-04 00:34 -------- d-----w- c:\users\DMJ\AppData\Local\NVIDIA 2013-09-04 00:31 . 2013-09-04 00:31 -------- dc----w- C:\NvidiaLogging 2013-09-04 00:30 . 2013-09-04 00:30 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2013-09-04 00:28 . 2013-09-12 03:34 -------- d-----w- c:\users\UpdatusUser 2013-09-04 00:24 . 2013-07-18 17:15 39712 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2013-09-04 00:24 . 2013-07-18 17:15 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll 2013-09-04 00:24 . 2013-07-18 17:15 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2013-08-24 19:49 . 2013-08-24 19:49 -------- d-----w- c:\windows\SysWow64\searchplugins 2013-08-24 19:49 . 2013-08-24 19:49 -------- d-----w- c:\windows\SysWow64\Extensions 2013-08-18 21:58 . 2013-08-18 21:58 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2013-08-17 21:06 . 2013-08-17 21:06 -------- d-----w- c:\users\DMJ\AppData\Local\avgchrome 2013-08-17 19:55 . 2013-08-17 19:55 -------- d-----w- c:\program files (x86)\FLVPlayer 2013-08-15 10:01 . 2013-09-12 10:45 -------- d-----w- c:\windows\system32\MRT 2013-08-14 14:53 . 2013-08-14 14:53 18634944 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-12 10:44 . 2010-09-17 14:59 79143768 ----a-w- c:\windows\system32\MRT.exe 2013-09-10 19:05 . 2012-04-12 15:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-09-10 19:05 . 2011-07-23 04:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-22 17:29 . 2012-06-13 00:10 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-08-18 19:34 . 2010-07-09 23:17 6599968 ----a-w- c:\windows\system32\nvcpl.dll 2013-08-18 19:34 . 2010-07-09 23:17 3452192 ----a-w- c:\windows\system32\nvsvc64.dll 2013-08-18 19:34 . 2010-07-09 23:27 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-08-18 19:34 . 2010-07-09 23:17 920864 ----a-w- c:\windows\system32\nvvsvc.exe 2013-08-18 19:34 . 2010-07-09 23:17 219424 ----a-w- c:\windows\system32\nvmctray.dll 2013-08-17 05:30 . 2012-03-03 05:31 3319709 ----a-w- c:\windows\system32\nvcoproc.bin 2013-08-02 01:48 . 2013-09-11 17:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-07-25 09:25 . 2013-08-14 12:05 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-25 08:57 . 2013-08-14 12:05 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2013-07-21 16:35 . 2013-07-21 16:35 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-07-21 16:35 . 2013-07-21 16:35 312232 ----a-w- c:\windows\system32\javaws.exe 2013-07-21 16:35 . 2013-07-21 16:35 189352 ----a-w- c:\windows\system32\javaw.exe 2013-07-21 16:35 . 2013-07-21 16:35 188840 ----a-w- c:\windows\system32\java.exe 2013-07-21 16:34 . 2013-07-21 16:35 972712 ----a-w- c:\windows\system32\deployJava1.dll 2013-07-21 16:34 . 2013-07-21 16:35 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-19 01:58 . 2013-08-14 12:05 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-19 01:41 . 2013-08-14 12:05 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-07-09 05:52 . 2013-08-14 12:05 224256 ----a-w- c:\windows\system32\wintrust.dll 2013-07-09 05:51 . 2013-08-14 12:05 1217024 ----a-w- c:\windows\system32\rpcrt4.dll 2013-07-09 05:46 . 2013-08-14 12:05 1472512 ----a-w- c:\windows\system32\crypt32.dll 2013-07-09 05:46 . 2013-08-14 12:05 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-07-09 05:46 . 2013-08-14 12:05 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-07-09 04:52 . 2013-08-14 12:05 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2013-07-09 04:52 . 2013-08-14 12:05 175104 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-07-09 04:46 . 2013-08-14 12:05 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-07-09 04:46 . 2013-08-14 12:05 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-07-09 04:46 . 2013-08-14 12:05 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-07-06 06:03 . 2013-08-14 12:05 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-05-06 9921664] "QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2010-03-25 611968] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] . c:\users\DMJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Play Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz134_x64.sys [x] R2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x] R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x] R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe;c:\windows\SYSNATIVE\libusbd-nt.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x] R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] R2 pcregservice;pcregservice Service;c:\program files (x86)\wrapper_inst\file_to_run.exe;c:\program files (x86)\wrapper_inst\file_to_run.exe [x] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe [x] R3 ALSysIO;ALSysIO;c:\users\DMJ\AppData\Local\Temp\ALSysIO64.sys;c:\users\DMJ\AppData\Local\Temp\ALSysIO64.sys [x] R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x] R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x] R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x] R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x] R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x] R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x] R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x] R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x] R3 MRV6X64P;Vista 64-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13C.sys;c:\windows\SYSNATIVE\DRIVERS\MRVW13C.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] R3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys;c:\program files (x86)\EVGA Precision\RTCore64.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-09-04 15:51 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 19:05] . 2013-09-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2839669530-1956647516-2849348352-1001Core.job - c:\users\DMJ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-05 04:55] . 2013-09-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2839669530-1956647516-2849348352-1001UA.job - c:\users\DMJ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-05 04:55] . 2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 06:28] . 2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 06:28] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0F12903-DE76-4DF7-BCDC-0A0689151189}] c:\program files (x86)\SaveValet\ie\SaveValetIE_64.dll [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896] "pcreg"="c:\program files\wrapper_inst\service.exe" [2013-09-12 346720] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;192.168.*.* IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115 FF - ProfilePath - c:\users\DMJ\AppData\Roaming\Mozilla\Firefox\Profiles\9ivpxosr.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - ExtSQL: !HIDDEN! 2010-09-23 16:55; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - user.js: security.csp.enable - false FF - user.js: extensions.autoDisableScopes - 0 FF - user.js: extensions.shownSelectionUI - true . - - - - ORPHANS REMOVED - - - - . BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-09-13 07:52:34 ComboFix-quarantined-files.txt 2013-09-13 14:52 ComboFix2.txt 2013-09-12 13:50 . Pre-Run: 584,076,460,032 bytes free Post-Run: 584,019,738,624 bytes free . - - End Of File - - C5082B883F7348303B8C21BD9475566A A36C5E4F47E84449FF07ED3517B43A31 ComboFix 13-09-10.03 - DMJ 09/13/2013 7:41.2.8 - x64 NETWORK Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.3099 [GMT -7:00] Running from: c:\users\DMJ\Desktop\ComboFix.exe Command switches used :: c:\users\DMJ\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . FILE :: "c:\users\DMJ\AppData\Local\CRE\OWGaGlYi.exe" "c:\users\DMJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QYnusxFo.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Ask.com c:\program files (x86)\Ask.com\btn_search.png c:\program files (x86)\Ask.com\cobrand.ico c:\program files (x86)\Ask.com\config.xml c:\program files (x86)\Ask.com\favicon.ico c:\program files (x86)\Ask.com\fv_b911.ico c:\program files (x86)\Ask.com\GenericAskToolbar.dll c:\program files (x86)\Ask.com\limewire_logo.png c:\program files (x86)\Ask.com\mupcfg.xml c:\program files (x86)\Ask.com\SaUpdate.exe c:\program files (x86)\Ask.com\UpdateTask.exe c:\programdata\Babylon c:\users\DMJ\AppData\Local\bpVEiVZe c:\users\DMJ\AppData\Local\CRE\OWGaGlYi.exe c:\users\DMJ\AppData\Local\jwSKQAUj c:\users\DMJ\AppData\Local\jwSKQAUj\css\all.css c:\users\DMJ\AppData\Local\jwSKQAUj\css\style-custom.css c:\users\DMJ\AppData\Local\jwSKQAUj\images\arrow.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-box-bottom.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-box.jpg c:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-btn-sprite.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-header-repeat.gif c:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-html.jpg c:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-li.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-track.gif c:\users\DMJ\AppData\Local\jwSKQAUj\images\content\img1.jpg c:\users\DMJ\AppData\Local\jwSKQAUj\images\content\img2.jpg c:\users\DMJ\AppData\Local\jwSKQAUj\images\content\img3.jpg c:\users\DMJ\AppData\Local\jwSKQAUj\images\content\img4.jpg c:\users\DMJ\AppData\Local\jwSKQAUj\images\dominicks.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\dotted-copy.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\dotted-small.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\dotted.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\epay.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\genuardis.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\logo-ie.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\logo.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\moneypack.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\nowprepay.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\oder.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\paysafe.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\pioneer.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\precash.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\price.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\safeway.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\sagamie.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\shoprite.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\total.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\usa.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\webcam.png c:\users\DMJ\AppData\Local\jwSKQAUj\images\x.jpg c:\users\DMJ\AppData\Local\jwSKQAUj\index.html c:\users\DMJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QYnusxFo.exe . . ((((((((((((((((((((((((( Files Created from 2013-08-13 to 2013-09-13 ))))))))))))))))))))))))))))))) . . 2013-09-13 14:50 . 2013-09-13 14:50 -------- d-----w- c:\users\hedev\AppData\Local\temp 2013-09-13 14:50 . 2013-09-13 14:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-12 20:21 . 2013-09-12 20:21 -------- d-----w- c:\users\DMJ\AppData\Local\ElevatedDiagnostics 2013-09-12 20:17 . 2013-09-12 20:17 -------- d-----w- c:\program files\wrapper_inst 2013-09-12 20:17 . 2013-09-12 20:17 -------- d-----w- c:\program files (x86)\wrapper_inst 2013-09-12 11:16 . 2013-09-12 11:16 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56EDB97B-32F6-4CDF-A5AC-3BD5B0BBA3E5}\offreg.dll 2013-09-12 10:45 . 2013-08-10 05:22 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-09-12 10:45 . 2013-08-10 05:21 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-09-12 10:45 . 2013-08-10 03:59 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-09-12 10:45 . 2013-08-10 03:59 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-09-12 10:45 . 2013-08-10 03:58 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll 2013-09-12 10:45 . 2013-08-10 05:22 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-09-12 10:45 . 2013-08-10 05:20 15404544 ----a-w- c:\windows\system32\ieframe.dll 2013-09-12 10:45 . 2013-08-10 05:21 19246592 ----a-w- c:\windows\system32\mshtml.dll 2013-09-12 03:50 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56EDB97B-32F6-4CDF-A5AC-3BD5B0BBA3E5}\mpengine.dll 2013-09-11 03:23 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-09-07 08:37 . 2013-09-07 08:35 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2ED2A715-E4EA-4259-9812-E6E301CC2FD9}\gapaengine.dll 2013-09-07 07:59 . 2013-09-07 08:22 -------- d-----w- c:\program files (x86)\RivaTuner Statistics Server 2013-09-07 07:59 . 2013-09-07 08:22 -------- d-----w- c:\program files (x86)\EVGA Precision X 2013-09-05 07:15 . 2013-09-05 07:19 -------- d-----w- c:\users\DMJ\AppData\Local\VisualBeeExe 2013-09-05 07:14 . 2013-09-05 07:23 -------- d-----w- c:\users\DMJ\AppData\Roaming\Systweak 2013-09-05 07:14 . 2013-09-05 07:14 -------- d-----w- c:\users\DMJ\AppData\Roaming\DSite 2013-09-04 21:59 . 2013-09-12 04:20 -------- d-----w- c:\program files\Core Temp 2013-09-04 21:59 . 2013-09-07 08:22 -------- d-----w- c:\program files (x86)\Yahoo Browser Settings 2013-09-04 00:34 . 2013-09-04 00:34 -------- d-----w- c:\users\DMJ\AppData\Local\NVIDIA 2013-09-04 00:31 . 2013-09-04 00:31 -------- dc----w- C:\NvidiaLogging 2013-09-04 00:30 . 2013-09-04 00:30 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2013-09-04 00:28 . 2013-09-12 03:34 -------- d-----w- c:\users\UpdatusUser 2013-09-04 00:24 . 2013-07-18 17:15 39712 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2013-09-04 00:24 . 2013-07-18 17:15 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll 2013-09-04 00:24 . 2013-07-18 17:15 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2013-08-24 19:49 . 2013-08-24 19:49 -------- d-----w- c:\windows\SysWow64\searchplugins 2013-08-24 19:49 . 2013-08-24 19:49 -------- d-----w- c:\windows\SysWow64\Extensions 2013-08-18 21:58 . 2013-08-18 21:58 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2013-08-17 21:06 . 2013-08-17 21:06 -------- d-----w- c:\users\DMJ\AppData\Local\avgchrome 2013-08-17 19:55 . 2013-08-17 19:55 -------- d-----w- c:\program files (x86)\FLVPlayer 2013-08-15 10:01 . 2013-09-12 10:45 -------- d-----w- c:\windows\system32\MRT 2013-08-14 14:53 . 2013-08-14 14:53 18634944 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-12 10:44 . 2010-09-17 14:59 79143768 ----a-w- c:\windows\system32\MRT.exe 2013-09-10 19:05 . 2012-04-12 15:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-09-10 19:05 . 2011-07-23 04:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-22 17:29 . 2012-06-13 00:10 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-08-18 19:34 . 2010-07-09 23:17 6599968 ----a-w- c:\windows\system32\nvcpl.dll 2013-08-18 19:34 . 2010-07-09 23:17 3452192 ----a-w- c:\windows\system32\nvsvc64.dll 2013-08-18 19:34 . 2010-07-09 23:27 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-08-18 19:34 . 2010-07-09 23:17 920864 ----a-w- c:\windows\system32\nvvsvc.exe 2013-08-18 19:34 . 2010-07-09 23:17 219424 ----a-w- c:\windows\system32\nvmctray.dll 2013-08-17 05:30 . 2012-03-03 05:31 3319709 ----a-w- c:\windows\system32\nvcoproc.bin 2013-08-02 01:48 . 2013-09-11 17:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-07-25 09:25 . 2013-08-14 12:05 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-25 08:57 . 2013-08-14 12:05 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2013-07-21 16:35 . 2013-07-21 16:35 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-07-21 16:35 . 2013-07-21 16:35 312232 ----a-w- c:\windows\system32\javaws.exe 2013-07-21 16:35 . 2013-07-21 16:35 189352 ----a-w- c:\windows\system32\javaw.exe 2013-07-21 16:35 . 2013-07-21 16:35 188840 ----a-w- c:\windows\system32\java.exe 2013-07-21 16:34 . 2013-07-21 16:35 972712 ----a-w- c:\windows\system32\deployJava1.dll 2013-07-21 16:34 . 2013-07-21 16:35 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-19 01:58 . 2013-08-14 12:05 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-19 01:41 . 2013-08-14 12:05 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-07-09 05:52 . 2013-08-14 12:05 224256 ----a-w- c:\windows\system32\wintrust.dll 2013-07-09 05:51 . 2013-08-14 12:05 1217024 ----a-w- c:\windows\system32\rpcrt4.dll 2013-07-09 05:46 . 2013-08-14 12:05 1472512 ----a-w- c:\windows\system32\crypt32.dll 2013-07-09 05:46 . 2013-08-14 12:05 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-07-09 05:46 . 2013-08-14 12:05 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-07-09 04:52 . 2013-08-14 12:05 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2013-07-09 04:52 . 2013-08-14 12:05 175104 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-07-09 04:46 . 2013-08-14 12:05 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-07-09 04:46 . 2013-08-14 12:05 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-07-09 04:46 . 2013-08-14 12:05 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-07-06 06:03 . 2013-08-14 12:05 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-05-06 9921664] "QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2010-03-25 611968] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] . c:\users\DMJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Play Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz134_x64.sys [x] R2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x] R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x] R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe;c:\windows\SYSNATIVE\libusbd-nt.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x] R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] R2 pcregservice;pcregservice Service;c:\program files (x86)\wrapper_inst\file_to_run.exe;c:\program files (x86)\wrapper_inst\file_to_run.exe [x] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe [x] R3 ALSysIO;ALSysIO;c:\users\DMJ\AppData\Local\Temp\ALSysIO64.sys;c:\users\DMJ\AppData\Local\Temp\ALSysIO64.sys [x] R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x] R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x] R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x] R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x] R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x] R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x] R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x] R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x] R3 MRV6X64P;Vista 64-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13C.sys;c:\windows\SYSNATIVE\DRIVERS\MRVW13C.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] R3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys;c:\program files (x86)\EVGA Precision\RTCore64.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-09-04 15:51 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 19:05] . 2013-09-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2839669530-1956647516-2849348352-1001Core.job - c:\users\DMJ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-05 04:55] . 2013-09-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2839669530-1956647516-2849348352-1001UA.job - c:\users\DMJ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-05 04:55] . 2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 06:28] . 2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 06:28] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0F12903-DE76-4DF7-BCDC-0A0689151189}] c:\program files (x86)\SaveValet\ie\SaveValetIE_64.dll [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896] "pcreg"="c:\program files\wrapper_inst\service.exe" [2013-09-12 346720] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;192.168.*.* IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115 FF - ProfilePath - c:\users\DMJ\AppData\Roaming\Mozilla\Firefox\Profiles\9ivpxosr.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - ExtSQL: !HIDDEN! 2010-09-23 16:55; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - user.js: security.csp.enable - false FF - user.js: extensions.autoDisableScopes - 0 FF - user.js: extensions.shownSelectionUI - true . - - - - ORPHANS REMOVED - - - - . BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-09-13 07:52:34 ComboFix-quarantined-files.txt 2013-09-13 14:52 ComboFix2.txt 2013-09-12 13:50 . Pre-Run: 584,076,460,032 bytes free Post-Run: 584,019,738,624 bytes free . - - End Of File - - C5082B883F7348303B8C21BD9475566A A36C5E4F47E84449FF07ED3517B43A31
  2. Things seem to have gotten worse. Now it keeps me on the fbi ransom page and does not drop me to the desk top. I am getting on wwith safemode w/networking.
  3. ComboFix 13-09-10.03 - DMJ 09/12/2013 6:41.1.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2218 [GMT -7:00] Running from: c:\users\DMJ\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\END c:\users\DMJ\AppData\Roaming\Mozilla\Firefox\Profiles\9ivpxosr.default\searchplugins\bing-zugo.xml c:\users\DMJ\Documents\~WRL0214.tmp c:\users\DMJ\Documents\~WRL1844.tmp c:\users\DMJ\Documents\ShopToWin c:\users\Public\sdelevURL.tmp c:\windows\security\Database\tmp.edb c:\windows\SysWow64\local.txt c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\wpcap.dll c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2013-08-12 to 2013-09-12 ))))))))))))))))))))))))))))))) . . 2013-09-12 13:48 . 2013-09-12 13:48 -------- d-----w- c:\users\hedev\AppData\Local\temp 2013-09-12 13:48 . 2013-09-12 13:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-12 11:16 . 2013-09-12 11:16 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56EDB97B-32F6-4CDF-A5AC-3BD5B0BBA3E5}\offreg.dll 2013-09-12 10:45 . 2013-08-10 05:22 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-09-12 10:45 . 2013-08-10 05:21 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-09-12 10:45 . 2013-08-10 03:59 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-09-12 10:45 . 2013-08-10 03:59 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-09-12 10:45 . 2013-08-10 03:58 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll 2013-09-12 10:45 . 2013-08-10 05:22 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-09-12 10:45 . 2013-08-10 05:20 15404544 ----a-w- c:\windows\system32\ieframe.dll 2013-09-12 10:45 . 2013-08-10 05:21 19246592 ----a-w- c:\windows\system32\mshtml.dll 2013-09-12 03:50 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56EDB97B-32F6-4CDF-A5AC-3BD5B0BBA3E5}\mpengine.dll 2013-09-11 20:32 . 2013-09-11 20:32 -------- d-----w- c:\users\DMJ\AppData\Local\jwSKQAUj 2013-09-11 20:32 . 2013-09-11 20:32 -------- d-----w- c:\users\DMJ\AppData\Local\bpVEiVZe 2013-09-11 20:32 . 2013-09-11 20:31 149504 --s---w- c:\users\DMJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QYnusxFo.exe 2013-09-11 03:23 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-09-07 08:37 . 2013-09-07 08:35 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2ED2A715-E4EA-4259-9812-E6E301CC2FD9}\gapaengine.dll 2013-09-07 07:59 . 2013-09-07 08:22 -------- d-----w- c:\program files (x86)\RivaTuner Statistics Server 2013-09-07 07:59 . 2013-09-07 08:22 -------- d-----w- c:\program files (x86)\EVGA Precision X 2013-09-05 07:15 . 2013-09-05 07:19 -------- d-----w- c:\users\DMJ\AppData\Local\VisualBeeExe 2013-09-05 07:14 . 2013-09-05 07:23 -------- d-----w- c:\users\DMJ\AppData\Roaming\Systweak 2013-09-05 07:14 . 2013-09-05 07:14 -------- d-----w- c:\users\DMJ\AppData\Roaming\DSite 2013-09-04 21:59 . 2013-09-12 04:20 -------- d-----w- c:\program files\Core Temp 2013-09-04 21:59 . 2013-09-07 08:22 -------- d-----w- c:\program files (x86)\Yahoo Browser Settings 2013-09-04 00:34 . 2013-09-04 00:34 -------- d-----w- c:\users\DMJ\AppData\Local\NVIDIA 2013-09-04 00:31 . 2013-09-04 00:31 -------- dc----w- C:\NvidiaLogging 2013-09-04 00:30 . 2013-09-04 00:30 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2013-09-04 00:28 . 2013-09-12 03:34 -------- d-----w- c:\users\UpdatusUser 2013-09-04 00:24 . 2013-07-18 17:15 39712 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2013-09-04 00:24 . 2013-07-18 17:15 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll 2013-09-04 00:24 . 2013-07-18 17:15 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2013-08-24 19:49 . 2013-08-24 19:49 -------- d-----w- c:\windows\SysWow64\searchplugins 2013-08-24 19:49 . 2013-08-24 19:49 -------- d-----w- c:\windows\SysWow64\Extensions 2013-08-18 21:58 . 2013-08-18 21:58 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2013-08-17 21:06 . 2013-08-17 21:06 -------- d-----w- c:\users\DMJ\AppData\Local\avgchrome 2013-08-17 19:55 . 2013-08-17 19:55 -------- d-----w- c:\programdata\Babylon 2013-08-17 19:55 . 2013-08-17 19:55 -------- d-----w- c:\program files (x86)\FLVPlayer 2013-08-15 10:01 . 2013-09-12 10:45 -------- d-----w- c:\windows\system32\MRT 2013-08-14 14:53 . 2013-08-14 14:53 18634944 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-12 10:44 . 2010-09-17 14:59 79143768 ----a-w- c:\windows\system32\MRT.exe 2013-09-10 19:05 . 2012-04-12 15:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-09-10 19:05 . 2011-07-23 04:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-22 17:29 . 2012-06-13 00:10 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-08-18 19:34 . 2010-07-09 23:17 6599968 ----a-w- c:\windows\system32\nvcpl.dll 2013-08-18 19:34 . 2010-07-09 23:17 3452192 ----a-w- c:\windows\system32\nvsvc64.dll 2013-08-18 19:34 . 2010-07-09 23:27 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-08-18 19:34 . 2010-07-09 23:17 920864 ----a-w- c:\windows\system32\nvvsvc.exe 2013-08-18 19:34 . 2010-07-09 23:17 219424 ----a-w- c:\windows\system32\nvmctray.dll 2013-08-17 05:30 . 2012-03-03 05:31 3319709 ----a-w- c:\windows\system32\nvcoproc.bin 2013-08-02 01:48 . 2013-09-11 17:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-07-21 16:35 . 2013-07-21 16:35 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-07-21 16:35 . 2013-07-21 16:35 312232 ----a-w- c:\windows\system32\javaws.exe 2013-07-21 16:35 . 2013-07-21 16:35 189352 ----a-w- c:\windows\system32\javaw.exe 2013-07-21 16:35 . 2013-07-21 16:35 188840 ----a-w- c:\windows\system32\java.exe 2013-07-21 16:34 . 2013-07-21 16:35 972712 ----a-w- c:\windows\system32\deployJava1.dll 2013-07-21 16:34 . 2013-07-21 16:35 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-09-29 06:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "YfkAacAt"="c:\users\DMJ\AppData\Local\CRE\OWGaGlYi.exe" [2013-09-11 149504] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-05-06 9921664] "QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2010-03-25 611968] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] . c:\users\DMJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552] QYnusxFo.exe [2013-9-11 149504] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Play Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe;c:\windows\SYSNATIVE\libusbd-nt.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe [x] R3 ALSysIO;ALSysIO;c:\users\DMJ\AppData\Local\Temp\ALSysIO64.sys;c:\users\DMJ\AppData\Local\Temp\ALSysIO64.sys [x] R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x] R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x] R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x] R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x] R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x] R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x] R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x] R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x] R3 MRV6X64P;Vista 64-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13C.sys;c:\windows\SYSNATIVE\DRIVERS\MRVW13C.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [x] S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz134_x64.sys [x] S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x] S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys;c:\program files (x86)\EVGA Precision\RTCore64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-09-04 15:51 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 19:05] . 2013-09-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2839669530-1956647516-2849348352-1001Core.job - c:\users\DMJ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-05 04:55] . 2013-09-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2839669530-1956647516-2849348352-1001UA.job - c:\users\DMJ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-05 04:55] . 2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 06:28] . 2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 06:28] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;192.168.*.* IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115 FF - ProfilePath - c:\users\DMJ\AppData\Roaming\Mozilla\Firefox\Profiles\9ivpxosr.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - ExtSQL: !HIDDEN! 2010-09-23 16:55; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - user.js: security.csp.enable - false FF - user.js: extensions.autoDisableScopes - 0 FF - user.js: extensions.shownSelectionUI - true FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 3cf6bde100000000000008863b512d71 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15934 FF - user.js: extensions.delta.vrsn - 1.8.24.5 FF - user.js: extensions.delta.vrsni - 1.8.24.5 FF - user.js: extensions.delta.vrsnTs - 1.8.24.512:56 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta_i.babTrack - affID=119351&tsp=4977 FF - user.js: extensions.delta_i.babExt - FF - user.js: extensions.delta_i.srcExt - ss FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start BHO-{F0F12903-DE76-4DF7-BCDC-0A0689151189} - c:\program files (x86)\SaveValet\ie\SaveValetIE_64.dll AddRemove-3088945428.www.schoolsiteonline.com - c:\program files (x86)\Microsoft Silverlight\4.1.10111.0\Silverlight.Configuration.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-09-12 06:50:16 ComboFix-quarantined-files.txt 2013-09-12 13:50 . Pre-Run: 555,827,666,944 bytes free Post-Run: 555,768,336,384 bytes free . - - End Of File - - 502FE0DC51892643A3011C046097A6BF A36C5E4F47E84449FF07ED3517B43A31
  4. Thank you for the quick reply Marius. Here is the atk.txt result, GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-11 22:58:21 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1002FAEX-00Z3A0 rev.05.01D05 931.51GB Running: uncdxmck.exe; Driver: C:\Users\DMJ\AppData\Local\Temp\uwldapow.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 10836 ---- EOF - GMER 2.1 ----
  5. Each time I restart the ransom screen pops up for a few seconds after windows loads and then it drops me back to the desktop and asks if I want to send a notice to Microsoft. here are the reports, DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 1.6.0_37 Run by DMJ at 21:51:48 on 2013-09-11 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2180 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll uURLSearchHooks: <No Name>: - LocalServer32 - <no file> mWinlogon: Userinit = userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: MAGIX Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: MAGIX Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: MAGIX Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [YfkAacAt] C:\Users\DMJ\AppData\Local\CRE\OWGaGlYi.exe mRun: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime StartupFolder: C:\Users\DMJ\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\Users\DMJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QYnusxFo.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PLAYWI~1.LNK - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: NameServer = 24.205.224.36 24.205.192.61 68.116.46.115 TCP: Interfaces\{189CA46C-9323-4B68-A630-052571418A4A} : DHCPNameServer = 24.205.224.36 24.205.192.61 68.116.46.115 TCP: Interfaces\{1EF7A2EE-6CC9-492B-AD5A-51CB2D25BEEC} : DHCPNameServer = 192.168.42.129 TCP: Interfaces\{41BE79E2-E5E0-4F83-9CB8-ECFC271F6C48} : DHCPNameServer = 24.205.224.36 24.205.192.61 68.116.46.115 TCP: Interfaces\{9054707B-AFC8-49D1-88F5-39E167AE85C3} : DHCPNameServer = 24.205.224.36 24.205.192.61 68.116.46.115 TCP: Interfaces\{9054707B-AFC8-49D1-88F5-39E167AE85C3}\C696E6B6379737 : DHCPNameServer = 68.116.46.115 68.116.46.70 68.185.34.67 TCP: Interfaces\{9054707B-AFC8-49D1-88F5-39E167AE85C3}\D416A65637479636 : DHCPNameServer = 24.205.224.36 24.205.192.61 68.116.46.115 TCP: Interfaces\{B3BC16F9-ED54-4A48-9E3C-8C66F9722BA4} : DHCPNameServer = 24.205.224.36 24.205.192.61 68.116.46.115 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-BHO: Save Valet: {F0F12903-DE76-4DF7-BCDC-0A0689151189} - x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\DMJ\AppData\Roaming\Mozilla\Firefox\Profiles\9ivpxosr.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npitifffree.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\DMJ\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Users\DMJ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - plugin: C:\Windows\SysWOW64\npptools.dll FF - ExtSQL: !HIDDEN! 2010-09-23 16:55; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . ---- FIREFOX POLICIES ---- FF - user.js: security.csp.enable - false FF - user.js: extensions.autoDisableScopes - 0 FF - user.js: extensions.shownSelectionUI - true FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 3cf6bde100000000000008863b512d71 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15934 FF - user.js: extensions.delta.vrsn - 1.8.24.5 FF - user.js: extensions.delta.vrsni - 1.8.24.5 FF - user.js: extensions.delta.vrsnTs - 1.8.24.512:56:16 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta_i.babTrack - affID=119351&tsp=4977 FF - user.js: extensions.delta_i.babExt - FF - user.js: extensions.delta_i.srcExt - ss FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120] R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [2010-9-2 96896] R2 cpuz134;cpuz134;C:\Windows\System32\drivers\cpuz134_x64.sys [2010-9-2 21480] R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2011-6-16 87368] R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-1 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-1 701512] R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-4-26 223088] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008] R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-9-7 14984480] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-8-18 414496] R2 WLANBelkinService;Belkin WLAN service;C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-9-2 25928] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224] R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-9-3 39712] R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision\RTCore64.sys [2010-8-10 14440] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-21 452200] R3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;C:\Windows\System32\drivers\rtl8192cu.sys [2012-8-8 848384] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-9-2 1250816] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?] S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2011-8-12 19456] S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2011-8-12 27648] S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2011-8-12 27136] S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2011-8-12 33792] S3 BCMH43XX;N+ Wireless USB Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2009-11-6 838136] S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-6-28 49152] S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800] S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2011-4-4 21504] S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-3-27 97040] S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2010-4-1 26624] S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2010-1-25 10240] S3 MRV6X64P;Vista 64-bits Native WiFi Driver;C:\Windows\System32\drivers\MRVW13C.sys [2007-5-3 244736] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-22 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-4 1255736] . =============== Created Last 30 ================ . 2013-09-12 04:51:25 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56EDB97B-32F6-4CDF-A5AC-3BD5B0BBA3E5}\offreg.dll 2013-09-12 03:50:13 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56EDB97B-32F6-4CDF-A5AC-3BD5B0BBA3E5}\mpengine.dll 2013-09-11 20:32:08 -------- d-----w- C:\Users\DMJ\AppData\Local\jwSKQAUj 2013-09-11 20:32:04 -------- d-----w- C:\Users\DMJ\AppData\Local\bpVEiVZe 2013-09-11 20:32:01 149504 --s---w- C:\Users\DMJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QYnusxFo.exe 2013-09-11 03:23:13 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-09-07 08:37:15 965008 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2ED2A715-E4EA-4259-9812-E6E301CC2FD9}\gapaengine.dll 2013-09-07 07:59:52 -------- d-----w- C:\Program Files (x86)\RivaTuner Statistics Server 2013-09-07 07:59:23 -------- d-----w- C:\Program Files (x86)\EVGA Precision X 2013-09-05 07:15:34 -------- d-----w- C:\Users\DMJ\AppData\Local\VisualBeeExe 2013-09-05 07:14:42 -------- d-----w- C:\Users\DMJ\AppData\Roaming\Systweak 2013-09-05 07:14:29 -------- d-----w- C:\Users\DMJ\AppData\Roaming\DSite 2013-09-04 21:59:44 -------- d-----w- C:\Program Files\Core Temp 2013-09-04 21:59:36 -------- d-----w- C:\Program Files (x86)\Yahoo Browser Settings 2013-09-04 00:34:19 -------- d-----w- C:\Users\DMJ\AppData\Local\NVIDIA 2013-09-04 00:31:52 -------- dc----w- C:\NvidiaLogging 2013-09-04 00:24:38 39712 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys 2013-09-04 00:24:38 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll 2013-09-04 00:24:38 28448 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll 2013-08-24 19:49:26 -------- d-----w- C:\Windows\SysWow64\searchplugins 2013-08-24 19:49:26 -------- d-----w- C:\Windows\SysWow64\Extensions 2013-08-18 21:58:20 571168 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2013-08-17 21:06:00 -------- d-----w- C:\Users\DMJ\AppData\Local\avgchrome 2013-08-17 19:55:49 -------- d-----w- C:\ProgramData\Babylon 2013-08-17 19:55:48 -------- d-----w- C:\Program Files (x86)\FLVPlayer 2013-08-15 17:19:02 -------- d-----w- C:\Users\DMJ\AppData\Local\{33CB860D-936D-4A6A-88EE-C9F5D19FDFEE} 2013-08-15 10:01:32 -------- d-----w- C:\Windows\System32\MRT . ==================== Find3M ==================== . 2013-09-10 19:05:23 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-10 19:05:23 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-08-18 19:34:11 6599968 ----a-w- C:\Windows\System32\nvcpl.dll 2013-08-18 19:34:10 3452192 ----a-w- C:\Windows\System32\nvsvc64.dll 2013-08-18 19:34:08 920864 ----a-w- C:\Windows\System32\nvvsvc.exe 2013-08-18 19:34:08 63776 ----a-w- C:\Windows\System32\nvshext.dll 2013-08-18 19:34:07 219424 ----a-w- C:\Windows\System32\nvmctray.dll 2013-08-17 05:30:06 3319709 ----a-w- C:\Windows\System32\nvcoproc.bin 2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-07-21 16:35:03 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-07-21 16:34:59 972712 ----a-w- C:\Windows\System32\deployJava1.dll 2013-07-21 16:34:59 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll 2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll 2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll 2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll 2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll 2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-06-16 12:38:18 31520 ----a-w- C:\Windows\System32\nvhdap64.dll 2013-06-16 12:38:15 196384 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys 2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys . ============= FINISH: 21:53:55.78 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 9/2/2010 3:17:14 PM System Uptime: 9/11/2013 9:50:08 PM (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | P7P55D-E PRO Processor: Intel® Core i7 CPU 860 @ 2.80GHz | LGA1156 | 1176/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 515.659 GiB free. D: is CDROM (UDF) E: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP448: 9/7/2013 9:55:44 AM - Device Driver Package Install: NVIDIA Universal Serial Bus controllers RP449: 9/10/2013 8:22:44 PM - Windows Update RP450: 9/11/2013 6:13:30 PM - Device Driver Package Install: Microsoft Network adapters RP451: 9/11/2013 8:05:53 PM - Restore Operation . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer 7-zip v9.20 Adobe AIR Adobe Digital Editions Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.03) AI Suite AIO_CDA_ProductContext AIO_CDA_Software AIO_Scan Apple Application Support Apple Mobile Device Support Apple Software Update Ask Toolbar BattlEye for OA Uninstall Belkin N300 Micro USB Wireless Adapter Blender Bonjour BufferChm C4100 c4100_Help CCleaner Copy Core Temp 1.0 RC5 CPUID CPU-Z 1.55 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations DeviceDiscovery DocProc Document Express DjVu Plug-in DVD Shrink 3.2 EPSON Artisan 810 Series Printer Uninstall EPSON Scan EVGA Precision 1.9.6 Facebook Video Calling 1.2.0.287 Fax Firebird SQL Server - MAGIX Edition Folk Tale GeForce Experience NvStream Client Components Google Calendar Sync Google Chrome Google SketchUp Pro 8 Google Update Helper GPBaseService2 HP Customer Participation Program 13.0 HP Imaging Device Functions 13.0 HP Photosmart All-In-One Driver Software 13.0 Rel. A HP Photosmart Essential 3.5 HP Smart Web Printing 4.51 HP Solution Center 13.0 HP Update HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply iCloud Impulse interneTIFF 2012 FREE Version 10 (Firefox Browser) iTunes IZArc 4.1.6 Java 7 Update 25 (64-bit) Java Auto Updater Java 6 Update 37 LeapFrog Connect LeapFrog My Pals Plugin LG SP USB Driver LG United Mobile Driver LibUSB-Win32-0.1.10.1 MAGIX Goya burnR (MSI) MAGIX Music Maker MX MAGIX Screenshare Malwarebytes Anti-Malware version 1.75.0.1300 MarketResearch Master of Orion II Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Mouse and Keyboard Center Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Business 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft XNA Framework Redistributable 3.1 Microsoft XNA Framework Redistributable 4.0 Refresh MotioninJoy ds3 driver version 0.6.0003 MotoHelper 2.0.51 Driver 5.1.0 MotoHelper MergeModules MOTOROLA MEDIA LINK Motorola Mobile Drivers Installation 5.1.0 Mozilla Firefox 17.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) NEC Electronics USB 3.0 Host Controller Driver Network64 NVIDIA 3D Vision Controller Driver NVIDIA 3D Vision Controller Driver 326.80 NVIDIA 3D Vision Driver 326.80 NVIDIA Control Panel 326.80 NVIDIA Display Control Panel NVIDIA GeForce Experience 1.6.1 NVIDIA Graphics Driver 326.80 NVIDIA HD Audio Driver 1.3.26.4 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.13.0725 NVIDIA Stereoscopic 3D Driver NVIDIA Update 8.3.14 NVIDIA Update Components NVIDIA Virtual Audio 1.2.2 OCR Software by I.R.I.S. 13.0 PCSX2 - Playstation 2 Emulator PhotoScape PlanetSide 2 Platform Play Wireless USB Adapter Playalot Games PVSonyDll QuickTime Revo Uninstaller 1.93 RoboForm 7-9-0-0 (All Users) SAMSUNG USB Driver for Mobile Phones Scan SchoolSite Locator Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition SHIELD Streaming Shop for HP Supplies SmartWebPrinting SolutionCenter Source SDK Base 2007 Status Steam SUPERAntiSpyware System Requirements Lab Text-To-Speech-Runtime Toolbox TrayApp TurboV EVO Ubisoft Game Launcher Unity Web Player UnloadSupport Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) VIA Platform Device Manager Warhammer® 40,000®: Dawn of War® II – Retribution™ WebReg Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack XCOM: Enemy Unknown Yahoo Browser Settings Yahoo! Software Update . ==== Event Viewer Messages From Past Week ======== . 9/9/2013 6:46:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 9/9/2013 6:46:12 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/9/2013 6:33:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8003d394e0, 0xfffff880049b06f0, 0xffffffffc00000b5, 0x000000000000000a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090913-20654-01. 9/9/2013 10:47:26 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8004199010, 0xfffff880049776f0, 0xffffffffc00000b5, 0x000000000000000a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090913-21278-01. 9/7/2013 9:20:02 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000101 (0x0000000000000019, 0x0000000000000000, 0xfffff88003167180, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090713-21949-01. 9/7/2013 5:06:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8007ae1010, 0xfffff880049d56f0, 0xffffffffc00000b5, 0x000000000000000a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090713-20997-01. 9/7/2013 12:48:18 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000101 (0x0000000000000019, 0x0000000000000000, 0xfffff88003167180, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090713-34741-01. 9/7/2013 11:18:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000101 (0x0000000000000019, 0x0000000000000000, 0xfffff880030f7180, 0x0000000000000006). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090713-21481-01. 9/7/2013 1:37:19 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. 9/7/2013 1:25:38 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x80004005 Error description: Unspecified error Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer. 9/7/2013 1:13:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 9/7/2013 1:11:58 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start. 9/7/2013 1:11:51 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000101 (0x0000000000000019, 0x0000000000000000, 0xfffff88003167180, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090713-40513-01. 9/7/2013 1:11:46 AM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning. 9/5/2013 7:32:39 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847 9/5/2013 12:18:52 AM, Error: Service Control Manager [7031] - The Update WebConnect service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 9/4/2013 2:48:16 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000101 (0x0000000000000019, 0x0000000000000000, 0xfffff88003167180, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090413-23821-01. 9/4/2013 2:42:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000101 (0x0000000000000019, 0x0000000000000000, 0xfffff880030f7180, 0x0000000000000006). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090413-30076-01. 9/4/2013 12:15:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 9/4/2013 12:08:39 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service. 9/4/2013 10:13:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8003f134e0, 0xfffff880049ee6f0, 0xffffffffc00000b5, 0x000000000000000a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090413-20638-01. 9/11/2013 9:50:47 PM, Error: Service Control Manager [7000] - The LibUsb-Win32 - Daemon, Version 0.1.10.1 service failed to start due to the following error: The system cannot find the file specified. 9/11/2013 9:50:25 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 9/11/2013 9:47:38 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 9/11/2013 9:47:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C} 9/11/2013 9:46:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 9/11/2013 9:46:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 9/11/2013 9:31:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 9/11/2013 9:31:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 9/11/2013 9:31:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 9/11/2013 9:31:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 9/11/2013 9:31:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO discache MpFilter SASDIFSV SASKUTIL spldr Wanarpv6 9/11/2013 7:54:15 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 9/11/2013 7:54:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 9/11/2013 7:54:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 9/11/2013 7:53:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf 9/11/2013 7:53:55 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/11/2013 7:53:55 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 9/11/2013 7:53:55 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 9/11/2013 7:53:55 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 9/11/2013 7:53:55 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 9/11/2013 7:53:55 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 9/11/2013 7:53:55 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/11/2013 7:53:55 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/11/2013 7:53:55 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 9/11/2013 7:53:55 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 9/11/2013 7:28:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800863f4e0, 0xfffff8800499a6f0, 0xffffffffc00000b5, 0x000000000000000a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091113-20295-01. 9/11/2013 6:52:02 PM, Error: nvlddmkm [14] - 9/10/2013 8:10:20 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control. 9/10/2013 10:06:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect. 9/10/2013 10:06:17 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.