Jump to content

CaptainBones

Members
  • Posts

    11
  • Joined

  • Last visited

Everything posted by CaptainBones

  1. # AdwCleaner v3.017 - Report created 13/01/2014 at 18:16:53 # Updated 12/01/2014 by Xplode # Operating System : Windows 7 Home Premium (64 bits) # Username : Austin - AUSTIN-PC # Running from : C:\Users\Austin\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** [!] Folder Deleted : C:\Program Files (x86)\BetterSurf [!] Folder Deleted : C:\Program Files (x86)\Better-Surf [!] Folder Deleted : C:\Program Files (x86)\Conduit [!] Folder Deleted : C:\Users\Austin\AppData\Local\Conduit [!] Folder Deleted : C:\Users\Austin\AppData\Local\DownloadTerms [!] Folder Deleted : C:\Users\Austin\AppData\Local\SwvUpdater [!] Folder Deleted : C:\Users\Austin\AppData\LocalLow\Conduit [!] Folder Deleted : C:\Users\Austin\AppData\LocalLow\Games_Bar_A File Deleted : C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\pkb0iqb5.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [12x3q@3244516.com] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3275393 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A55BB532-2438-4ECE-820E-3E2C86861893} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9976DD51-3673-4E9E-B028-88A44490BDC9} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55BB532-2438-4ECE-820E-3E2C86861893} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9976DD51-3673-4E9E-B028-88A44490BDC9} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D316D9CA-26C8-4676-BDFF-9EB94D29D03A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8EBF7838-65EF-4447-BA86-C8300AAE65FA} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A55BB532-2438-4ECE-820E-3E2C86861893}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A55BB532-2438-4ECE-820E-3E2C86861893}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\WEDLMNGR Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\Games_Bar_A Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Games_Bar_A ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.7600.16385 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] -\\ Mozilla Firefox v26.0 (en-US) [ File : C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\pkb0iqb5.default\prefs.js ] Line Deleted : user_pref("CT3275393_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1370214678695,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]"); Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Games Bar A Customized Web Search"); Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", ""); Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3275393"); Line Deleted : user_pref("browser.search.defaultthis.engineName", "Games Bar A Customized Web Search"); ************************* AdwCleaner[R0].txt - [6562 octets] - [13/01/2014 18:07:31] AdwCleaner[R1].txt - [6622 octets] - [13/01/2014 18:10:27] AdwCleaner[R2].txt - [6682 octets] - [13/01/2014 18:16:34] AdwCleaner[s0].txt - [6595 octets] - [13/01/2014 18:16:53] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6655 octets] ########## Will report back in a little bit to see if these random restarts are still occouring!
  2. AdwCleaner Log # AdwCleaner v3.017 - Report created 13/01/2014 at 18:10:27 # Updated 12/01/2014 by Xplode # Operating System : Windows 7 Home Premium (64 bits) # Username : Austin - AUSTIN-PC # Running from : C:\Users\Austin\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\pkb0iqb5.default\user.js Folder Found C:\Program Files (x86)\BetterSurf Folder Found C:\Program Files (x86)\Better-Surf Folder Found C:\Program Files (x86)\Conduit Folder Found C:\Users\Austin\AppData\Local\Conduit Folder Found C:\Users\Austin\AppData\Local\DownloadTerms Folder Found C:\Users\Austin\AppData\Local\SwvUpdater Folder Found C:\Users\Austin\AppData\LocalLow\Conduit Folder Found C:\Users\Austin\AppData\LocalLow\Games_Bar_A ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\Games_Bar_A Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKCU\Software\WEDLMNGR Key Found : [x64] HKCU\Software\Conduit Key Found : [x64] HKCU\Software\WEDLMNGR Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{9976DD51-3673-4E9E-B028-88A44490BDC9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A55BB532-2438-4ECE-820E-3E2C86861893} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3275393 Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\Games_Bar_A Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8EBF7838-65EF-4447-BA86-C8300AAE65FA} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D316D9CA-26C8-4676-BDFF-9EB94D29D03A} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55BB532-2438-4ECE-820E-3E2C86861893} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9976DD51-3673-4E9E-B028-88A44490BDC9} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A55BB532-2438-4ECE-820E-3E2C86861893}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A55BB532-2438-4ECE-820E-3E2C86861893}] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [12x3q@3244516.com] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com] ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.7600.16385 -\\ Mozilla Firefox v26.0 (en-US) [ File : C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\pkb0iqb5.default\prefs.js ] Line Found : user_pref("CT3275393_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1370214678695,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]"); Line Found : user_pref("Smartbar.ConduitSearchEngineList", "Games Bar A Customized Web Search"); Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", ""); Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3275393"); Line Found : user_pref("browser.search.defaultthis.engineName", "Games Bar A Customized Web Search"); ************************* AdwCleaner[R0].txt - [6562 octets] - [13/01/2014 18:07:31] AdwCleaner[R1].txt - [6458 octets] - [13/01/2014 18:10:27] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [6518 octets] ##########
  3. ComboFix 14-01-13.01 - Austin 01/13/2014 17:53:44.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8142.5674 [GMT -5:00] Running from: c:\users\Austin\Desktop\ComboFix.exe Command switches used :: c:\users\Austin\Desktop\CFScript.txt SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll --> c:\windows\system32\rpcss.dll . ((((((((((((((((((((((((( Files Created from 2013-12-13 to 2014-01-13 ))))))))))))))))))))))))))))))) . . 2014-01-13 22:59 . 2014-01-13 22:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-01-13 22:59 . 2014-01-13 22:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-01-09 02:54 . 2014-01-09 02:54 -------- d-----w- c:\users\Austin\AppData\Roaming\Unity 2014-01-09 02:36 . 2014-01-10 06:26 -------- d-----w- c:\users\Austin\AppData\Local\Unity 2014-01-08 05:34 . 2014-01-08 05:34 -------- d-----w- c:\program files\Microsoft Silverlight 2014-01-08 05:34 . 2014-01-08 05:34 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2014-01-03 21:03 . 2014-01-03 21:12 -------- d-----w- c:\program files (x86)\Razer 2013-12-30 03:31 . 2013-12-30 03:31 -------- d-----w- c:\programdata\RzMaelstromVAD_1.1.49.1641 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-12-19 03:05 . 2013-03-10 01:29 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-19 03:05 . 2013-03-10 01:29 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-11-21 09:59 . 2013-11-21 09:59 40696 ----a-w- c:\windows\system32\drivers\RzMaelstromVAD.sys 2013-11-21 09:56 . 2013-11-21 09:56 245760 ----a-w- c:\windows\system32\DriverInstallCACMD.exe 2013-11-21 09:56 . 2013-11-21 09:56 69632 ----a-w- c:\windows\system32\DriverInstallCA.dll 2013-11-15 06:37 . 2013-11-15 06:37 39080 ----a-w- c:\windows\system32\drivers\rzendpt.sys 2013-11-15 06:37 . 2013-11-15 06:37 149160 ----a-w- c:\windows\system32\drivers\rzudd.sys 2013-11-15 06:32 . 2013-11-15 06:32 57344 ----a-w- c:\windows\SysWow64\rzdevinfo.dll 2013-11-15 06:32 . 2013-11-15 06:32 154112 ----a-w- c:\windows\SysWow64\rztouchdll.dll 2013-11-15 06:31 . 2013-11-15 06:31 834560 ----a-w- c:\windows\SysWow64\rzdevicedll.dll 2013-11-15 06:31 . 2013-11-15 06:31 296448 ----a-w- c:\windows\SysWow64\rzaudiodll.dll 2013-11-15 06:31 . 2013-11-15 06:31 117248 ----a-w- c:\windows\SysWow64\rzdisplaydll.dll 2013-10-27 01:41 . 2013-10-27 01:41 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-10-23 10:30 . 2013-11-08 23:25 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll 2013-10-23 10:30 . 2013-11-08 23:25 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll 2013-10-23 10:30 . 2013-11-08 23:25 12572960 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-10-23 10:30 . 2013-11-08 23:25 9480328 ----a-w- c:\windows\SysWow64\nvopencl.dll 2013-10-23 10:30 . 2013-11-08 23:25 1241376 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2013-10-23 10:30 . 2013-11-08 23:25 11374520 ----a-w- c:\windows\system32\nvopencl.dll 2013-10-23 10:30 . 2013-11-08 23:25 696096 ----a-w- c:\windows\system32\NvFBC64.dll 2013-10-23 10:30 . 2013-11-08 23:25 655136 ----a-w- c:\windows\system32\NvIFR64.dll 2013-10-23 10:30 . 2013-11-08 23:25 599840 ----a-w- c:\windows\SysWow64\NvFBC.dll 2013-10-23 10:30 . 2013-11-08 23:25 560416 ----a-w- c:\windows\SysWow64\NvIFR.dll 2013-10-23 10:30 . 2013-11-08 23:25 479520 ----a-w- c:\windows\system32\nvEncodeAPI64.dll 2013-10-23 10:30 . 2013-11-08 23:25 405280 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll 2013-10-23 10:30 . 2013-11-08 23:25 317472 ----a-w- c:\windows\system32\nvoglshim64.dll 2013-10-23 10:30 . 2013-11-08 23:25 30344480 ----a-w- c:\windows\system32\nvoglv64.dll 2013-10-23 10:30 . 2013-11-08 23:25 266984 ----a-w- c:\windows\SysWow64\nvoglshim32.dll 2013-10-23 10:30 . 2013-11-08 23:25 22933792 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2013-10-23 10:30 . 2013-11-08 23:25 168616 ----a-w- c:\windows\system32\nvinitx.dll 2013-10-23 10:30 . 2013-11-08 23:25 141336 ----a-w- c:\windows\SysWow64\nvinit.dll 2013-10-23 10:30 . 2013-11-08 23:25 9524088 ----a-w- c:\windows\SysWow64\nvcuda.dll 2013-10-23 10:30 . 2013-11-08 23:25 3131680 ----a-w- c:\windows\system32\nvcuvid.dll 2013-10-23 10:30 . 2013-11-08 23:25 3124512 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-10-23 10:30 . 2013-11-08 23:25 2946848 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2013-10-23 10:30 . 2013-11-08 23:25 2747168 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2013-10-23 10:30 . 2013-11-08 23:25 25257248 ----a-w- c:\windows\system32\nvcompiler.dll 2013-10-23 10:30 . 2013-11-08 23:25 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2013-10-23 10:30 . 2013-11-08 23:25 11426568 ----a-w- c:\windows\system32\nvcuda.dll 2013-10-23 10:30 . 2013-03-09 16:49 61216 ----a-w- c:\windows\system32\OpenCL.dll 2013-10-23 10:30 . 2013-03-09 16:49 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll 2013-10-23 10:30 . 2013-03-09 16:48 3067560 ----a-w- c:\windows\system32\nvapi64.dll 2013-10-23 10:30 . 2013-03-09 16:48 2695200 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-10-23 10:30 . 2013-03-09 16:48 18286416 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-10-23 10:30 . 2013-03-09 16:48 18199872 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-10-23 10:30 . 2013-03-09 16:48 15855568 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2013-10-23 10:30 . 2013-03-09 16:48 15212336 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-10-23 10:30 . 2013-03-09 16:48 1435504 ----a-w- c:\windows\system32\nvumdshimx.dll 2013-10-23 08:20 . 2013-03-09 16:49 6669600 ----a-w- c:\windows\system32\nvcpl.dll 2013-10-23 08:20 . 2013-03-09 16:49 3489568 ----a-w- c:\windows\system32\nvsvc64.dll 2013-10-23 08:20 . 2013-03-09 16:49 922912 ----a-w- c:\windows\system32\nvvsvc.exe 2013-10-23 08:20 . 2013-03-09 16:49 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-10-23 08:20 . 2013-03-09 16:49 219424 ----a-w- c:\windows\system32\nvmctray.dll 2013-10-23 08:20 . 2013-03-09 16:49 3426956 ----a-w- c:\windows\system32\nvcoproc.bin 2013-10-23 08:02 . 2013-10-23 08:02 589600 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2013-10-18 03:01 . 2013-10-18 03:01 136704 ----a-w- c:\windows\SysWow64\RzVAD.dll 2013-10-18 01:36 . 2013-11-08 23:30 1063200 ----a-w- c:\windows\system32\nvspcap64.dll 2013-10-18 01:36 . 2013-11-08 23:30 955168 ----a-w- c:\windows\SysWow64\nvspcap.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}] c:\users\Austin\AppData\Local\DownloadTerms\temp.dat [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{a55bb532-2438-4ece-820e-3e2c86861893}] c:\program files (x86)\Games_Bar_A\prxtbGame.dll [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{a55bb532-2438-4ece-820e-3e2c86861893}"= "c:\program files (x86)\Games_Bar_A\prxtbGame.dll" [bU] . [HKEY_CLASSES_ROOT\clsid\{a55bb532-2438-4ece-820e-3e2c86861893}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}" [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}] 2012-04-09 20:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2014-01-07 1815464] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-15 20588704] "uTorrent"="c:\users\Austin\AppData\Roaming\uTorrent\uTorrent.exe" [2013-06-04 1045072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544] "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-11-18 442712] . c:\users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2013-3-11 0] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 RzMaelstromVADStreamingService;Razer Surround Audio Service;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x] S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\cbfs3.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x] S3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x] S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}" [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}] 2012-04-09 20:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Fences"="c:\program files (x86)\Stardock\Fences\Fences.exe" [2013-04-25 4013744] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-10-18 1063200] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2013-04-25 552112] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com FF - ProfilePath - c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\pkb0iqb5.default\ FF - ExtSQL: 2013-11-25 23:06; 12x3q@3244516.com; c:\program files (x86)\Better-Surf\ff . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-Cheat Engine 6.1_is1 - c:\program files (x86)\Cheat Engine 6.1\unins000.exe AddRemove-VLC media player - c:\program files (x86)\VideoLAN\VLC\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2659469964-842167116-2190252072-1000\Software\SecuROM\License information*] "datasecu"=hex:7f,57,c6,30,9b,24,89,4c,45,e0,99,2c,1c,62,47,fd,b6,83,91,41,8a, 9f,05,11,10,09,80,91,9e,b7,fd,e2,8f,f0,24,ab,be,6c,41,86,c8,1b,36,77,69,7d,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-01-13 18:00:28 ComboFix-quarantined-files.txt 2014-01-13 23:00 ComboFix2.txt 2014-01-13 21:54 . Pre-Run: 680,173,060,096 bytes free Post-Run: 680,140,955,648 bytes free . - - End Of File - - B5233C6B67AC058C6771BD51265C9BA3 A36C5E4F47E84449FF07ED3517B43A31
  4. ComboFix log ComboFix 14-01-13.01 - Austin 01/13/2014 16:48:00.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8142.4345 [GMT -5:00] Running from: c:\users\Austin\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\END C:\Install.exe c:\users\Austin\AppData\Local\DownloadTerms\teMP.dat c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((( Files Created from 2013-12-13 to 2014-01-13 ))))))))))))))))))))))))))))))) . . 2014-01-13 21:53 . 2014-01-13 21:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-01-13 21:53 . 2014-01-13 21:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-01-09 02:54 . 2014-01-09 02:54 -------- d-----w- c:\users\Austin\AppData\Roaming\Unity 2014-01-09 02:36 . 2014-01-10 06:26 -------- d-----w- c:\users\Austin\AppData\Local\Unity 2014-01-08 05:34 . 2014-01-08 05:34 -------- d-----w- c:\program files\Microsoft Silverlight 2014-01-08 05:34 . 2014-01-08 05:34 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2014-01-03 21:03 . 2014-01-03 21:12 -------- d-----w- c:\program files (x86)\Razer 2013-12-30 03:31 . 2013-12-30 03:31 -------- d-----w- c:\programdata\RzMaelstromVAD_1.1.49.1641 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-12-19 03:05 . 2013-03-10 01:29 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-19 03:05 . 2013-03-10 01:29 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-11-21 09:59 . 2013-11-21 09:59 40696 ----a-w- c:\windows\system32\drivers\RzMaelstromVAD.sys 2013-11-21 09:56 . 2013-11-21 09:56 245760 ----a-w- c:\windows\system32\DriverInstallCACMD.exe 2013-11-21 09:56 . 2013-11-21 09:56 69632 ----a-w- c:\windows\system32\DriverInstallCA.dll 2013-11-15 06:37 . 2013-11-15 06:37 39080 ----a-w- c:\windows\system32\drivers\rzendpt.sys 2013-11-15 06:37 . 2013-11-15 06:37 149160 ----a-w- c:\windows\system32\drivers\rzudd.sys 2013-11-15 06:32 . 2013-11-15 06:32 57344 ----a-w- c:\windows\SysWow64\rzdevinfo.dll 2013-11-15 06:32 . 2013-11-15 06:32 154112 ----a-w- c:\windows\SysWow64\rztouchdll.dll 2013-11-15 06:31 . 2013-11-15 06:31 834560 ----a-w- c:\windows\SysWow64\rzdevicedll.dll 2013-11-15 06:31 . 2013-11-15 06:31 296448 ----a-w- c:\windows\SysWow64\rzaudiodll.dll 2013-11-15 06:31 . 2013-11-15 06:31 117248 ----a-w- c:\windows\SysWow64\rzdisplaydll.dll 2013-10-27 01:41 . 2013-10-27 01:41 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-10-23 10:30 . 2013-11-08 23:25 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll 2013-10-23 10:30 . 2013-11-08 23:25 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll 2013-10-23 10:30 . 2013-11-08 23:25 12572960 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-10-23 10:30 . 2013-11-08 23:25 9480328 ----a-w- c:\windows\SysWow64\nvopencl.dll 2013-10-23 10:30 . 2013-11-08 23:25 1241376 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2013-10-23 10:30 . 2013-11-08 23:25 11374520 ----a-w- c:\windows\system32\nvopencl.dll 2013-10-23 10:30 . 2013-11-08 23:25 696096 ----a-w- c:\windows\system32\NvFBC64.dll 2013-10-23 10:30 . 2013-11-08 23:25 655136 ----a-w- c:\windows\system32\NvIFR64.dll 2013-10-23 10:30 . 2013-11-08 23:25 599840 ----a-w- c:\windows\SysWow64\NvFBC.dll 2013-10-23 10:30 . 2013-11-08 23:25 560416 ----a-w- c:\windows\SysWow64\NvIFR.dll 2013-10-23 10:30 . 2013-11-08 23:25 479520 ----a-w- c:\windows\system32\nvEncodeAPI64.dll 2013-10-23 10:30 . 2013-11-08 23:25 405280 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll 2013-10-23 10:30 . 2013-11-08 23:25 317472 ----a-w- c:\windows\system32\nvoglshim64.dll 2013-10-23 10:30 . 2013-11-08 23:25 30344480 ----a-w- c:\windows\system32\nvoglv64.dll 2013-10-23 10:30 . 2013-11-08 23:25 266984 ----a-w- c:\windows\SysWow64\nvoglshim32.dll 2013-10-23 10:30 . 2013-11-08 23:25 22933792 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2013-10-23 10:30 . 2013-11-08 23:25 168616 ----a-w- c:\windows\system32\nvinitx.dll 2013-10-23 10:30 . 2013-11-08 23:25 141336 ----a-w- c:\windows\SysWow64\nvinit.dll 2013-10-23 10:30 . 2013-11-08 23:25 9524088 ----a-w- c:\windows\SysWow64\nvcuda.dll 2013-10-23 10:30 . 2013-11-08 23:25 3131680 ----a-w- c:\windows\system32\nvcuvid.dll 2013-10-23 10:30 . 2013-11-08 23:25 3124512 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-10-23 10:30 . 2013-11-08 23:25 2946848 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2013-10-23 10:30 . 2013-11-08 23:25 2747168 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2013-10-23 10:30 . 2013-11-08 23:25 25257248 ----a-w- c:\windows\system32\nvcompiler.dll 2013-10-23 10:30 . 2013-11-08 23:25 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2013-10-23 10:30 . 2013-11-08 23:25 11426568 ----a-w- c:\windows\system32\nvcuda.dll 2013-10-23 10:30 . 2013-03-09 16:49 61216 ----a-w- c:\windows\system32\OpenCL.dll 2013-10-23 10:30 . 2013-03-09 16:49 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll 2013-10-23 10:30 . 2013-03-09 16:48 3067560 ----a-w- c:\windows\system32\nvapi64.dll 2013-10-23 10:30 . 2013-03-09 16:48 2695200 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-10-23 10:30 . 2013-03-09 16:48 18286416 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-10-23 10:30 . 2013-03-09 16:48 18199872 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-10-23 10:30 . 2013-03-09 16:48 15855568 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2013-10-23 10:30 . 2013-03-09 16:48 15212336 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-10-23 10:30 . 2013-03-09 16:48 1435504 ----a-w- c:\windows\system32\nvumdshimx.dll 2013-10-23 08:20 . 2013-03-09 16:49 6669600 ----a-w- c:\windows\system32\nvcpl.dll 2013-10-23 08:20 . 2013-03-09 16:49 3489568 ----a-w- c:\windows\system32\nvsvc64.dll 2013-10-23 08:20 . 2013-03-09 16:49 922912 ----a-w- c:\windows\system32\nvvsvc.exe 2013-10-23 08:20 . 2013-03-09 16:49 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-10-23 08:20 . 2013-03-09 16:49 219424 ----a-w- c:\windows\system32\nvmctray.dll 2013-10-23 08:20 . 2013-03-09 16:49 3426956 ----a-w- c:\windows\system32\nvcoproc.bin 2013-10-23 08:02 . 2013-10-23 08:02 589600 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2013-10-18 03:01 . 2013-10-18 03:01 136704 ----a-w- c:\windows\SysWow64\RzVAD.dll 2013-10-18 01:36 . 2013-11-08 23:30 1063200 ----a-w- c:\windows\system32\nvspcap64.dll 2013-10-18 01:36 . 2013-11-08 23:30 955168 ----a-w- c:\windows\SysWow64\nvspcap.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll [-] 2009-07-14 . A2AE62B8BD47385AE40D930447B93BF2 . 509952 . . [6.1.7600.16385] .. c:\windows\system32\rpcss.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}" [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}] 2012-04-09 20:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2014-01-07 1815464] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-15 20588704] "uTorrent"="c:\users\Austin\AppData\Roaming\uTorrent\uTorrent.exe" [2013-06-04 1045072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544] "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-11-18 442712] . c:\users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2013-3-11 0] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 RzMaelstromVADStreamingService;Razer Surround Audio Service;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x] S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\cbfs3.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x] S3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x] S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}" [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}] 2012-04-09 20:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Fences"="c:\program files (x86)\Stardock\Fences\Fences.exe" [2013-04-25 4013744] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-10-18 1063200] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2013-04-25 552112] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com FF - ProfilePath - c:\users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\pkb0iqb5.default\ FF - ExtSQL: 2013-11-13 17:56; xz123@ya456.com; c:\program files (x86)\BetterSurf\ff FF - ExtSQL: 2013-11-25 23:06; 12x3q@3244516.com; c:\program files (x86)\Better-Surf\ff . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{a55bb532-2438-4ece-820e-3e2c86861893} - c:\program files (x86)\Games_Bar_A\prxtbGame.dll BHO-{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\users\Austin\AppData\Local\DownloadTerms\temp.dat BHO-{a55bb532-2438-4ece-820e-3e2c86861893} - c:\program files (x86)\Games_Bar_A\prxtbGame.dll Toolbar-{a55bb532-2438-4ece-820e-3e2c86861893} - c:\program files (x86)\Games_Bar_A\prxtbGame.dll Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-Cheat Engine 6.1_is1 - c:\program files (x86)\Cheat Engine 6.1\unins000.exe AddRemove-VLC media player - c:\program files (x86)\VideoLAN\VLC\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2659469964-842167116-2190252072-1000\Software\SecuROM\License information*] "datasecu"=hex:7f,57,c6,30,9b,24,89,4c,45,e0,99,2c,1c,62,47,fd,b6,83,91,41,8a, 9f,05,11,10,09,80,91,9e,b7,fd,e2,8f,f0,24,ab,be,6c,41,86,c8,1b,36,77,69,7d,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-01-13 16:54:47 ComboFix-quarantined-files.txt 2014-01-13 21:54 . Pre-Run: 678,329,614,336 bytes free Post-Run: 679,925,350,400 bytes free . - - End Of File - - 1A3A1B8261DB51DB447EED772978CE0C A36C5E4F47E84449FF07ED3517B43A31
  5. Roguekiller Log RogueKiller V8.8.0 [Dec 27 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Austin [Admin rights] Mode : Scan -- Date : 01/12/2014 20:40:40 | ARK || FAK || MBR | ¤¤¤ Bad processes : 3 ¤¤¤ [sUSP PATH] RzMaelstromVADStreamingService.exe -- C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [-] -> KILLED [TermProc] [sUSP PATH] cltmng.exe -- C:\Users\Austin\AppData\Roaming\SearchProtect\bin\cltmng.exe [7] -> KILLED [TermProc] [sUSP PATH] CurseClient.exe -- C:\Users\Austin\AppData\Local\Apps\2.0\M7PTLLY1.N9B\ADLYR87M.MG2\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 3 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Austin\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST1000DM003-1CH162 ATA Device +++++ --- User --- [MBR] 7898cbe9fdb2fe2a3630d499c3b9fc75 [bSP] 2fd3cad7c9e31f42f4daad189966a8f6 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_01122014_204040.txt >> RKreport[0]_S_01122014_033652.txt
  6. Attatch.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 3/9/2013 11:41:35 AM System Uptime: 1/12/2014 7:27:25 PM (1 hours ago) . Motherboard: ASUSTeK COMPUTER INC. | | P8Z77-V LX Processor: Intel® Core i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 632.912 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: PCI Simple Communications Controller Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_84CA1043&REV_04\3&11583659&0&B0 Manufacturer: Name: PCI Simple Communications Controller PNP Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_84CA1043&REV_04\3&11583659&0&B0 Service: . Class GUID: Description: Ethernet Controller Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_85051043&REV_09\4&11EB9DBD&0&00E4 Manufacturer: Name: Ethernet Controller PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_85051043&REV_09\4&11EB9DBD&0&00E4 Service: . Class GUID: Description: SM Bus Controller Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_84CA1043&REV_04\3&11583659&0&FB Manufacturer: Name: SM Bus Controller PNP Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_84CA1043&REV_04\3&11583659&0&FB Service: . Class GUID: Description: Universal Serial Bus (USB) Controller Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_84CA1043&REV_04\3&11583659&0&A0 Manufacturer: Name: Universal Serial Bus (USB) Controller PNP Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_84CA1043&REV_04\3&11583659&0&A0 Service: . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . µTorrent Adobe Flash Player 11 Plugin Adobe Shockwave Player 12.0 APB Reloaded Apple Application Support Apple Mobile Device Support Apple Software Update Audacity 2.0.5 Battle.net Bioshock Demo Blockland Bonjour Borderlands 2 Cheat Engine 6.1 Cheat Engine 6.2 Chivalry: Medieval Warfare Counter-Strike: Source CPUID HWMonitor 1.23 Curse Client D3DX10 Diablo II Dota 2 DownloadTerms Dual-Core Optimizer Fallout 3 - Game of the Year Edition Garry's Mod GeForce Experience NvStream Client Components Grand Theft Auto Grand Theft Auto 2 Grand Theft Auto III Grand Theft Auto IV Grand Theft Auto: San Andreas Grand Theft Auto: Vice City Half-Life 2 iExplorer 3.2.2.4 iTunes Java 7 Update 17 (64-bit) Java 7 Update 45 Java Auto Updater Java 6 Update 2 Killing Floor Left 4 Dead 2 LogMeIn Hamachi Malwarebytes Anti-Malware version 1.75.0.1300 Media Player Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 Microsoft XNA Framework Redistributable 4.0 Refresh Monday Night Combat Moonbase Alpha Movie Maker Mozilla Firefox 26.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT110 MSVCRT110_amd64 Mumble 1.2.3 NVIDIA 3D Vision Controller Driver 331.65 NVIDIA 3D Vision Driver 331.65 NVIDIA Control Panel 331.65 NVIDIA GeForce Experience 1.7 NVIDIA Graphics Driver 331.65 NVIDIA HD Audio Driver 1.3.26.4 NVIDIA Install Application NVIDIA LED Visualizer 1.0 NVIDIA PhysX NVIDIA PhysX Particle Fluid Demo NVIDIA PhysX System Software 9.13.0725 NVIDIA ShadowPlay 9.3.16 NVIDIA Stereoscopic 3D Driver NVIDIA Update 9.3.16 NVIDIA Update Components NVIDIA Virtual Audio 1.2.9 PAYDAY 2 PAYDAY 2 Beta Photo Common Photo Gallery PunkBuster Services Quake III Arena Quake Live Mozilla Plugin QuickTime Razer Surround Razer Synapse 2.0 ROBLOX Player for Austin RPG Maker 2000 - Super Columbine Massacre RPG! RuneScape Launcher 1.2.3 Search Protect by conduit Serious Sam HD: The First Encounter SHIELD Streaming Shoot Many Robots Skype Click to Call Skype™ 6.11 Spiral Knights Spore Spore: Galactic Adventures SPORE™ Creature Creator Trial Edition Star Wars Republic Commando Starbound StarCraft II Stardock Fences 2 Steam Super Amazing Wagon Adventure Super Monday Night Combat swMSM System Requirements Lab CYRI Team Fortress 2 Terraria Tribal Trouble Turbo Dismount Unreal Anthology VLC media player 1.1.11 Wajam Warcraft III Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR 4.20 (32-bit) World of Warcraft Zandronum . ==== Event Viewer Messages From Past Week ======== . 1/8/2014 9:09:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 1/8/2014 9:09:46 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 1/8/2014 8:58:08 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 1/12/2014 7:27:45 PM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The WMI request could not be completed and should be retried. 1/12/2014 7:26:01 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled. 1/12/2014 7:26:01 PM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 1/12/2014 7:26:01 PM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 1/12/2014 6:32:19 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.2. The computer with the IP address 192.168.1.6 did not allow the name to be claimed by this computer. 1/12/2014 5:54:25 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled. 1/12/2014 3:57:41 AM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 1/12/2014 3:27:40 AM, Error: Service Control Manager [7034] - The Razer Surround Audio Service service terminated unexpectedly. It has done this 1 time(s). 1/12/2014 12:10:43 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0. 1/12/2014 1:17:44 AM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress. 1/11/2014 8:58:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled. . ==== End Of File ===========================
  7. DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.45.2 Run by Austin at 20:22:27 on 2014-01-12 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8142.4728 [GMT -5:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Users\Austin\AppData\Roaming\SearchProtect\bin\cltmng.exe C:\Users\Austin\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\Austin\AppData\Local\Apps\2.0\M7PTLLY1.N9B\ADLYR87M.MG2\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: Games Bar A Toolbar: {a55bb532-2438-4ece-820e-3e2c86861893} - mURLSearchHooks: Games Bar A Toolbar: {a55bb532-2438-4ece-820e-3e2c86861893} - mWinlogon: Userinit = userinit.exe, BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Austin\AppData\Local\DownloadTerms\temp.dat BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Games Bar A Toolbar: {a55bb532-2438-4ece-820e-3e2c86861893} - BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Games Bar A Toolbar: {a55bb532-2438-4ece-820e-3e2c86861893} - uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [searchProtect] C:\Users\Austin\AppData\Roaming\SearchProtect\bin\cltmng.exe uRun: [uTorrent] "C:\Users\Austin\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" StartupFolder: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: Interfaces\{2A7BB936-4A85-4AAD-96B2-74B911C1B268} : DHCPNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\pkb0iqb5.default\ FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll FF - plugin: C:\Users\Austin\AppData\Local\Roblox\Versions\version-16ab4a22d1b64a68\NPRobloxProxy.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll FF - ExtSQL: 2013-11-13 17:56; xz123@ya456.com; C:\Program Files (x86)\BetterSurf\ff FF - ExtSQL: 2013-11-25 23:06; 12x3q@3244516.com; C:\Program Files (x86)\Better-Surf\ff . ============= SERVICES / DRIVERS =============== . R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-5-8 97056] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 2210640] R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104] R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-8 15122208] R2 RzMaelstromVADStreamingService;Razer Surround Audio Service;C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [2013-11-21 4263936] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496] R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2013-5-2 109064] R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2013-3-9 1256192] R3 cbfs3;EldoS Callback File System driver v3;C:\Windows\System32\drivers\cbfs3.sys [2013-4-19 352144] R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-11-8 39200] R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-11-15 39080] R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;C:\Windows\System32\drivers\RzMaelstromVAD.sys [2013-11-21 40696] R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-11-15 149160] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] . =============== Created Last 30 ================ . 2014-01-09 02:54:20 -------- d-----w- C:\Users\Austin\AppData\Roaming\Unity 2014-01-09 02:36:04 -------- d-----w- C:\Users\Austin\AppData\Local\Unity 2013-12-30 10:11:30 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{46CAA1FA-ED29-4D60-87B1-BF4EEFE14F04}\offreg.dll 2013-12-30 03:31:08 -------- d-----w- C:\ProgramData\RzMaelstromVAD_1.1.49.1641 2013-12-14 21:16:16 -------- d-----w- C:\Program Files (x86)\Audacity 2013-12-14 06:56:15 -------- d-----w- C:\Users\Austin\AppData\Local\Demiurge Studios . ==================== Find3M ==================== . 2013-12-19 03:05:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-19 03:05:14 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-11-21 09:59:28 40696 ----a-w- C:\Windows\System32\drivers\RzMaelstromVAD.sys 2013-11-21 09:56:06 245760 ----a-w- C:\Windows\System32\DriverInstallCACMD.exe 2013-11-21 09:56:04 69632 ----a-w- C:\Windows\System32\DriverInstallCA.dll 2013-11-15 06:37:16 39080 ----a-w- C:\Windows\System32\drivers\rzendpt.sys 2013-11-15 06:37:14 149160 ----a-w- C:\Windows\System32\drivers\rzudd.sys 2013-11-15 06:32:00 57344 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll 2013-11-15 06:32:00 154112 ----a-w- C:\Windows\SysWow64\rztouchdll.dll 2013-11-15 06:31:58 834560 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll 2013-11-15 06:31:56 296448 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll 2013-11-15 06:31:56 117248 ----a-w- C:\Windows\SysWow64\rzdisplaydll.dll 2013-10-27 01:41:05 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-10-23 08:20:08 6669600 ----a-w- C:\Windows\System32\nvcpl.dll 2013-10-23 08:20:07 3489568 ----a-w- C:\Windows\System32\nvsvc64.dll 2013-10-23 08:20:05 922912 ----a-w- C:\Windows\System32\nvvsvc.exe 2013-10-23 08:20:05 63776 ----a-w- C:\Windows\System32\nvshext.dll 2013-10-23 08:20:05 219424 ----a-w- C:\Windows\System32\nvmctray.dll 2013-10-23 08:20:03 3426956 ----a-w- C:\Windows\System32\nvcoproc.bin 2013-10-23 08:02:36 589600 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2013-10-18 03:01:08 136704 ----a-w- C:\Windows\SysWow64\RzVAD.dll 2013-10-18 01:36:05 1063200 ----a-w- C:\Windows\System32\nvspcap64.dll 2013-10-18 01:36:04 955168 ----a-w- C:\Windows\SysWow64\nvspcap.dll . ============= FINISH: 20:22:52.20 ===============
  8. Hello, Malwarebytes! I have been having trouble in the recent days shortly after downloading Unity Web Player.(Which has been thoroughly removed from my computer) Every now and then i will get errors that Windows has to restart due to Plug and Play, The DCOM server, or the power service being terminated unexpectedly, But sometimes, i will get a shutdown error saying: "Windows will shutdown in 1 minute." With the title of "You are about to be logged off". I did the normal things, like stopping the shutdown with shutdown -a, but at this point my computer seems to act as if i had a fake antivirus. I can't open anything up besides Firefox, but when i do try to open them up it seems that the file location doesn't exist, or just that the shortcut is corrupted. Opening explorer.exe (the file thing right next to the start button) doesn't allow me to. What do i do? This is getting kind of annoying, as it's hard to do anything time-consuming. Please HELP!!
  9. RogueKiller V8.8.0 [Dec 27 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Austin [Admin rights] Mode : Scan -- Date : 01/12/2014 03:36:52 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Austin\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST1000DM003-1CH162 ATA Device +++++ --- User --- [MBR] 7898cbe9fdb2fe2a3630d499c3b9fc75 [bSP] 2fd3cad7c9e31f42f4daad189966a8f6 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_01122014_033652.txt >> P.S. Just trying to post this i suffered another reset due to the Power Service.
  10. Hey guys! I'm a bit new here and this will hopefully not be my only post, but i believe i have a nasty rootkit of some sort which is causing my computer to restart for some reasons. Just recently, i got minimized during a game of PAYDAY 2 from a message from windows that looked a bit like this Now, the first thing i did was Windows Key + R and typed shutdown -a to prevent the shutdown from happening, but at this point strange things were happening. I couldn't open progams up, such as Event Viewer and various things. The error i would get would seem that the shortcut to that program was corrupt or the file location no longer existed, which at this moment i knew something was going on. So, i exited PAYDAY 2, restarted my computer and googled around a bit. Apparently, i found this tool called "RogueKiller" in which i used and have a log of what it detected.(I will post this log on my next post) Also, this isn't the only time Windows will shutdown. Sometimes i will get errors about Plug and Play unexpectedly terminating and the same with the DCOM server. Please try not to consider reformatting, as i have lost the essentials to reformat my hard drive and this is a custom built computer! Only suggest when everything else has failed!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.