Infected with Coinminer virus

cclouds · June 10, 2013

Hi, I've tried running malwarebytes a couple times but the virus keeps coming back. Im not sure if its related but i cant use system restore either, it says rstrui.exe is not found. Please help! Thanks so much in advance for your time.

The following is attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 2/1/2010 12:29:51 PM

System Uptime: 10/6/2013 6:11:00 PM (0 hours ago)

.

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | P55-GD65 (MS-7583)

Processor: Intel® Core™ i5 CPU 750 @ 2.67GHz | CPU 1 | 2668/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 89.428 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is CDROM ()

G: is FIXED (NTFS) - 1863 GiB total, 256.441 GiB free.

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP663: 8/6/2013 1:49:43 PM - Scheduled Checkpoint

RP664: 8/6/2013 8:11:57 PM - Installed Windows Live ID Sign-in Assistant

RP665: 8/6/2013 9:51:52 PM - Windows Backup

RP666: 9/6/2013 8:56:47 PM - Windows Backup

RP667: 10/6/2013 6:22:45 PM - Windows Update

.

==== Image File Execution Options =============

.

IFEO: hijackthis.exe - zhudzl_.exe

IFEO: housecalllauncher.exe - cmznff_.exe

IFEO: rstrui.exe - qpqpdn_.exe

IFEO: spybotsd.exe - cdoazt_.exe

x64-IFEO: hijackthis.exe - zhudzl_.exe

x64-IFEO: housecalllauncher.exe - cmznff_.exe

x64-IFEO: rstrui.exe - qpqpdn_.exe

x64-IFEO: spybotsd.exe - cdoazt_.exe

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

7-Zip 4.65 (x64 edition)

Adobe After Effects CS5.5

Adobe AIR

Adobe Anchor Service CS4

Adobe Anchor Service x64 CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe CMaps x64 CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles CS CS4

Adobe CSI CS4

Adobe CSI CS4 x64

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Download Assistant

Adobe Dreamweaver CS4

Adobe Drive CS4

Adobe Drive CS4 x64

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Fonts All x64

Adobe Help Manager

Adobe Linguistics CS4

Adobe Linguistics CS4 x64

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe PDF Library Files x64 CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 (64 Bit)

Adobe Photoshop CS4 Support

Adobe Premiere Pro CS6

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Story

Adobe Type Support CS4

Adobe Type Support x64 CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe WinSoft Linguistics Plugin x64

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Apple Mobile Device Support

Apple Software Update

ASUS Xonar DX Audio Driver

Audacity 1.3.13 (Unicode)

Awesomenauts

Battlefield 3™

Battlelog Web Plugins

Beat Hazard

Belvedere 0.7.1

BF3 Settings Editor

bl

BlackBerry App World Browser Plugin

BlackBerry Desktop Software 7.1

BlackBerry Device Software Updater

BlackBerry Device Software v6.0.0 for the BlackBerry 9780 smartphone

BlueStacks

Bonjour

Borderlands 2

Breakaway for Windows

calibre

Call of Duty® - World at War™ 1.2 Patch

Call of Duty® - World at War™ 1.4 Patch

Call of Duty® 4 - Modern Warfare™ 1.6 Patch

Call of Duty® 4 - Modern Warfare™ 1.7 Patch

CamStudio OSS Desktop Recorder

Canon IJ Network Scanner Selector EX

Canon IJ Network Tool

Canon MG3100 series MP Drivers

CCleaner

CD Art Display 2.0.1

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Combined Community Codec Pack 2011-11-11

Connect

Corel Painter 12

Corel Painter 12 - IPM

Creative System Information

Creative ZEN V Series

D3DX10

DebugBar v5.3 for Internet Explorer (remove only)

Defraggler

Delete Duplicate Files 3.9

Delete Duplicate Music

Diablo III

DiskAnalyzer Pro 3.4

Dota 2

Dropbox

EnGenius 11n Wireless USB Adapter

eReg

ESN Sonar

Extensions for Windows

F.lux

Febooti fileTweak Hash and CRC

FileZilla Client 3.4.0

Fraps (remove only)

FreeArc 0.666

GameSpy Comrade

Garena

Garena Plus

GenieSoft Overture v4.0.2

Google Chrome

Google Talk Plugin

Grand Theft Auto IV

Graphmatica

Grooveshark

Guild Wars 2

IconHandler 64 bit

iEnvato

IETester v0.4.2 (remove only)

internet download manager 5.19

IrfanView (remove only)

Java 7 Update 17

Java Auto Updater

Java™ 6 Update 16

Killing Floor

kuler

LAME v3.99.3 (for Windows)

Left 4 Dead 2

Left 4 Dead 2 Add-on Support

LogMeIn Hamachi

Magic Bullet Suite 64-bit

Magic MP3 Tagger 2.2.6

Malwarebytes Anti-Malware version 1.75.0.1300

Mass Effect™ 3

Metro 2033

MFC RunTime files x64

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft AppLocale

Microsoft Chart Controls for Microsoft .NET Framework 3.5

Microsoft Expression Web 3 SuperPreview for Internet Explorer

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Windows Application Compatibility Database

Microsoft XNA Framework Redistributable 3.1

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox 19.0.2 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird (7.0.1)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Note ID 3.1

NVIDIA 3D Vision Controller Driver

NVIDIA 3D Vision Controller Driver 314.22

NVIDIA 3D Vision Driver 314.22

NVIDIA Control Panel 314.22

NVIDIA Display Control Panel

NVIDIA Graphics Driver 314.22

NVIDIA HD Audio Driver 1.3.23.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.12.12

NVIDIA Update Components

NZB Completion Checker

OpenAL

Opera 10.10

Orcs Must Die! 2

Origin

Painter 12 - Content

Painter 12 - Core

Painter 12 - Corex64

Painter 12 - EN

Painter 12 - Setup Files

Path of Exile

PDF-XChange Viewer

PDF Settings CS4

PdfMasher

PeerBlock 1.1 (r518)

ph

Photoshop Camera Raw

Photoshop Camera Raw_x64

PitchPerfect Musical Instrument Tuner

Portal 2

PowerISO

PrimoPDF -- by Nitro PDF Software

PunkBuster Services

PutLockerDownloader

QuickPar 0.9

QuickTime

RaidCall

Revo Uninstaller 1.94

Rockstar Games Social Club

SABnzbd 0.7.11

Safari

Saints Row: The Third

Seagate Manager Installer

SeaTools for Windows

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office Groove 2007 (KB2552997)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Sid Meier's Civilization V

Sigil 0.5.2

SimCity™

Skype Click to Call

Skype™ 6.3

Songbird 2.1.0 (Build 2419)

Source SDK

Speccy

Steam

Suite Shared Configuration CS4

Super Meat Boy

SyncBack

System Requirements Lab

Team Fortress 2

TeraCopy 2.27

Ticket to Ride

TL-WN821N Wireless Utility

TotalAudioConverter

Ubisoft Game Launcher

Unity Web Player

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition

Vtune 7.20

Wacom Tablet

WD SmartWare

WebTablet IE Plugin

WebTablet Netscape Plugin

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

XAMPP 1.8.0

Zwei-Stein Video Compositor 3.01 (Beta 2).

.

==== Event Viewer Messages From Past Week ========

.

9/6/2013 6:52:47 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.101. The computer with the IP address 192.168.0.106 did not allow the name to be claimed by this computer.

9/6/2013 6:39:50 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

9/6/2013 6:29:46 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

9/6/2013 6:29:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

9/6/2013 6:29:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

9/6/2013 6:29:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

9/6/2013 6:29:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

9/6/2013 6:29:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter SCDEmu spldr Wanarpv6

9/6/2013 6:06:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

9/6/2013 6:06:05 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/6/2013 6:06:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

9/6/2013 6:06:00 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

9/6/2013 6:06:00 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

9/6/2013 12:52:39 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{f3fe450d-e059-11de-904f-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{0EDC30E6-AD52-4CCE-80A3-4514152B945E}' was corrupted and it has been recovered. Some data might have been lost.

9/6/2013 11:36:41 AM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.

9/6/2013 11:36:41 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.

8/6/2013 9:21:53 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

8/6/2013 9:21:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

8/6/2013 9:21:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

8/6/2013 9:21:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx VWiFiFlt Wanarpv6 WfpLwf ws2ifsl

8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The Apache2.4 service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The Apache2.2 service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/6/2013 9:11:45 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

8/6/2013 9:11:45 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

8/6/2013 9:11:45 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.

8/6/2013 9:11:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

8/6/2013 9:05:06 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.

8/6/2013 9:05:05 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.

8/6/2013 9:04:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom

8/6/2013 1:50:41 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{f3fe450d-e059-11de-904f-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D4D69ECE-7B39-4D82-A9E3-1164812477E6}' was corrupted and it has been recovered. Some data might have been lost.

8/6/2013 1:15:42 AM, Error: Service Control Manager [7034] - The WD File Management Engine service terminated unexpectedly. It has done this 1 time(s).

8/6/2013 1:01:33 AM, Error: Service Control Manager [7034] - The FileZilla Server FTP server service terminated unexpectedly. It has done this 1 time(s).

7/6/2013 4:37:48 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

7/6/2013 3:38:04 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{f3fe450d-e059-11de-904f-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{068DDCE9-85B1-44F3-88D7-D4311103239F}' was corrupted and it has been recovered. Some data might have been lost.

10/6/2013 6:14:57 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

10/6/2013 6:14:57 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

10/6/2013 6:12:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WD File Management Shadow Engine service to connect.

10/6/2013 6:12:44 PM, Error: Service Control Manager [7000] - The WD File Management Shadow Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/6/2013 6:11:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Delete Duplicate Files Scan on Schedule Service service to connect.

10/6/2013 6:11:30 PM, Error: Service Control Manager [7000] - The Delete Duplicate Files Scan on Schedule Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/6/2013 6:11:28 PM, Error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error Incorrect function..

.

==== End Of File ===========================

The following is DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.17.2

Run by user at 18:29:22 on 2013-06-10

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.8008 [GMT 8:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

c:\xampp\apache\bin\httpd.exe

C:\Users\user\Desktop\Brandedbagweb\material\xampp-win32-1.7.7-VC9\xampp\filezillaftp\filezillaserver.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Users\user\Local Settings\Apps\F.lux\flux.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

c:\xampp\mysql\bin\mysqld.exe

C:\Windows\SysWOW64\PnkBstrA.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\xampp\apache\bin\httpd.exe

C:\Program Files (x86)\EnGenius\Common\RaRegistry.exe

C:\Program Files (x86)\EnGenius\Common\RaRegistry64.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Wacom_Tablet.exe

C:\Program Files (x86)\SABnzbd\SABnzbd.exe

C:\Program Files\Sick-Beard\SickBeard.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe

C:\Windows\system32\WTablet\Wacom_TabletUser.exe

C:\Windows\system32\Wacom_Tablet.exe

C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Steam\steam.exe

C:\Program Files (x86)\2BrightSparks\SyncBack\SyncBack.exe

C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\wscript.exe

C:\Users\user\AppData\Roaming\WindowsLogon\shell.exe

C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\System32\perfmon.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uProxyServer = 127.0.0.1:8118

uProxyOverride = localhost;127.0.0.1;<local>

BHO: DebugBar BHO: {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files (x86)\Core Services\DebugBar\DebugInfoBar.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: smartdownloader Class: {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll

TB: DebugBar: {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files (x86)\Core Services\DebugBar\DebugToolBar.dll

EB: DebugBar: {947E34E9-1D85-43CB-9CBF-5C492118FDD5} - C:\Program Files (x86)\Core Services\DebugBar\DebugInfoBar.dll

uRun: [AdobeBridge] <no file>

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

mRun: [Adobe Flash Updater] "C:\ProgramData\svsupdates0\xsytzecrn.exe"

StartupFolder: C:\Users\HOFAI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\HOFAI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SABnzbd.lnk - C:\Program Files (x86)\SABnzbd\SABnzbd.exe

StartupFolder: C:\Users\HOFAI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SICKBE~1.LNK - C:\Program Files\Sick-Beard\SickBeard.exe

StartupFolder: C:\Users\HOFAI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Skype.lnk - C:\Users\user\AppData\Roaming\WindowsLogon\usft_ext.exe.vbs

StartupFolder: C:\Users\HOFAI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SyncBack.lnk - C:\Program Files (x86)\2BrightSparks\SyncBack\SyncBack.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:28

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: Interfaces\{0D56A870-AB1E-4DCD-9121-62764544AE9B} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{20CC54E2-B31B-41C2-A555-C519488903AE} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{20CC54E2-B31B-41C2-A555-C519488903AE}\2375942554132313 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{20CC54E2-B31B-41C2-A555-C519488903AE}\2375942554839393 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{20CC54E2-B31B-41C2-A555-C519488903AE}\2377962756132313 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{20CC54E2-B31B-41C2-A555-C519488903AE}\46C696E6B6 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{4F2E8FFE-D2CA-4668-ADD4-C86BB12FA968} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{76C990F6-DA12-434C-B61C-5817226E4BFE} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{C903B681-F112-4A6A-8A1B-F6356BDB3614} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{F392D40B-FEFA-436C-86F9-5B611EE9AD85} : DHCPNameServer = 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

IFEO: hijackthis.exe - zhudzl_.exe

IFEO: housecalllauncher.exe - cmznff_.exe

IFEO: rstrui.exe - qpqpdn_.exe

IFEO: spybotsd.exe - cdoazt_.exe

x64-BHO: Extensions Menu Handler: {3C29D918-10E4-47D8-B2CE-90B0B59481EC} - C:\Program Files\Extensions for Windows\Extensions\Explorer\ExplorerHandler\BandsHelper.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-IFEO: hijackthis.exe - zhudzl_.exe

x64-IFEO: housecalllauncher.exe - cmznff_.exe

x64-IFEO: rstrui.exe - qpqpdn_.exe

x64-IFEO: spybotsd.exe - cdoazt_.exe

.

Note: multiple IFEO entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1qnep19s.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP30DF&PC=UP30&q=

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

FF - component: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1qnep19s.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll

FF - component: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1qnep19s.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll

FF - component: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1qnep19s.default\extensions\StrataBuddy@ReduxTeam\components\dwmxpcom.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll

FF - plugin: C:\Users\user\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Users\user\AppData\Roaming\raidcall\plugins\nprcplugin.dll

FF - plugin: C:\Windows\System32\TVUAx\npTVUAx.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-3-20 203888]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-7-15 56208]

R2 Apache2.4;Apache2.4;C:\xampp\apache\bin\httpd.exe [2012-6-6 22016]

R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-8-16 74616]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-18 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-3-22 701512]

R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]

R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\EnGenius\Common\RaRegistry.exe [2013-3-9 185632]

R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\EnGenius\Common\RaRegistry64.exe [2013-3-9 212256]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]

R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\System32\Wacom_Tablet.exe [2010-1-8 5521192]

R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-9-8 288256]

R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [2010-9-8 1034752]

R3 arusb_lhx;TP-LINK TL-WN821N 11N Wireless device driver;C:\Windows\System32\drivers\arusb_lhx.sys [2009-12-3 539136]

R3 cmudaxp;ASUS Xonar DX Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2009-12-3 1257472]

R3 EuMusDesignVirtualAudioCableWdm_lcs;Breakaway Pipeline (WDM);C:\Windows\System32\drivers\vaclcskd.sys [2008-8-27 64104]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-3-22 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-11 187392]

R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-1-8 18216]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]

S2 Apache2.2;Apache2.2;C:\Users\user\Desktop\Brandedbagweb\material\xampp-win32-1.7.7-VC9\xampp\apache\bin\httpd.exe [2011-11-2 18432]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 Delete Duplicate Files Scan on Schedule Service;Delete Duplicate Files Scan on Schedule Service;C:\Program Files (x86)\Delete Duplicate Files\DDFS.exe [2009-12-21 212992]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [2010-9-8 485376]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-1-3 1038088]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]

S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-2-7 66328]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 98688]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\System32\drivers\netr6164.sys [2009-12-3 438784]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-25 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-2 1255736]

S4 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2012-8-16 397176]

S4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-8-16 384888]

S4 Extensions Updates Service;Extensions Updates Service;C:\Program Files\Extensions for Windows\Extensions\Updater\ExtensionsUpdatesService.exe [2008-10-29 99328]

S4 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-9-25 189736]

S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]

.

=============== File Associations ===============

.

FileExt: .js: JSFile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2013-06-10 10:23:46 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7715739E-A706-4E05-8312-B59153F81683}\mpengine.dll

2013-06-09 11:46:27 -------- d-----w- C:\Users\user\AppData\Local\FLT

2013-06-09 11:46:10 -------- d-----w- C:\Windows\SysWow64\Saves

2013-06-09 02:42:12 -------- d-sh--w- C:\$RECYCLE.BIN

2013-06-09 02:15:05 9460464 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-06-08 17:32:26 -------- d-----w- C:\Users\user\AppData\Local\Activision

2013-06-08 13:56:08 -------- d-----w- C:\Users\user\AppData\Local\{6CA97C4B-33D9-4FB5-82B0-28CF5D7F9A89}

2013-06-07 17:04:09 -------- d-s---w- C:\ComboFix

2013-06-07 16:52:54 -------- d-sh--w- C:\ProgramData\svsupdates0

2013-06-07 16:50:19 -------- d-----w- C:\Users\user\AppData\Roaming\WindowsLogon

2013-05-31 12:02:14 -------- d-----w- C:\ProgramData\Blizzard Entertainment

.

==================== Find3M ====================

.

2013-05-15 09:52:23 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-15 09:52:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-06 02:31:06 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-04-06 02:31:06 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-04-05 13:35:59 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2013-04-05 13:35:51 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-04-04 06:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-18 17:41:20 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-18 17:41:18 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-18 17:41:18 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll

2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll

2013-03-14 14:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2013-03-13 16:24:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin

.

============= FINISH: 18:30:03.74 ===============

Psychotic · June 10, 2013

Hi there,

my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Please post up the content of C:\combofix.txt and attach the (zipped) logfiles of Malwarebytes´ Antimalware.

cclouds · June 11, 2013

Thanks!

Combofix.txt:

ComboFix 13-06-08.02 - User 11/06/2013 22:36:38.1.4 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.10157 [GMT 8:00]

Running from: c:\users\User\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

c:\programdata\svsupdates0\mwvaztybt.exe

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk

c:\users\User\Documents\~WRL0005.tmp

c:\users\User\Documents\~WRL0979.tmp

c:\users\User\Documents\~WRL1208.tmp

c:\users\User\Documents\~WRL1374.tmp

c:\users\User\Documents\~WRL3045.tmp

c:\users\User\Documents\~WRL3995.tmp

c:\windows\apppatch\AppLoc.exe

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

c:\windows\SysWow64\frapsvid.dll

G:\install.exe

.

((((((((((((((((((((((((( Files Created from 2013-05-11 to 2013-06-11 )))))))))))))))))))))))))))))))

.

2013-06-11 14:45 . 2013-06-11 14:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-06-11 14:45 . 2013-06-11 14:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-10 10:23 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7715739E-A706-4E05-8312-B59153F81683}\mpengine.dll

2013-06-09 11:46 . 2013-06-09 11:46 -------- d-----w- c:\users\User\AppData\Local\FLT

2013-06-09 11:46 . 2013-06-09 11:46 -------- d-----w- c:\windows\SysWow64\Saves

2013-06-09 02:15 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-06-08 17:32 . 2013-06-08 17:32 -------- d-----w- c:\users\User\AppData\Local\Activision

2013-06-07 16:52 . 2013-06-11 14:45 -------- d-sh--w- c:\programdata\svsupdates0

2013-06-07 16:50 . 2013-06-11 14:42 -------- d-----w- c:\users\User\AppData\Roaming\WindowsLogon

2013-05-31 12:02 . 2013-05-31 12:02 -------- d-----w- c:\programdata\Blizzard Entertainment

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-15 09:52 . 2012-04-05 14:08 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-15 09:52 . 2011-08-19 10:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-08 04:35 . 2011-08-24 15:42 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-02 15:29 . 2009-12-03 13:17 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-06 02:31 . 2013-03-13 13:40 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-04-06 02:31 . 2013-03-13 13:35 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-04-05 13:35 . 2013-03-13 13:35 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2013-04-05 13:35 . 2013-03-13 13:35 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-04-04 06:50 . 2011-03-22 07:55 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-18 17:41 . 2013-03-18 17:41 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-18 17:41 . 2012-11-04 08:47 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-03-18 17:41 . 2012-11-04 08:47 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-15 05:53 . 2013-03-27 10:25 968408 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2013-03-15 05:53 . 2013-03-27 10:25 9414456 ----a-w- c:\windows\system32\nvcuda.dll

2013-03-15 05:53 . 2013-03-27 10:25 7959000 ----a-w- c:\windows\SysWow64\nvcuda.dll

2013-03-15 05:53 . 2013-03-27 10:25 7573816 ----a-w- c:\windows\system32\nvopencl.dll

2013-03-15 05:53 . 2013-03-27 10:25 6271872 ----a-w- c:\windows\SysWow64\nvopencl.dll

2013-03-15 05:53 . 2013-03-27 10:25 2913056 ----a-w- c:\windows\system32\nvcuvid.dll

2013-03-15 05:53 . 2013-03-27 10:25 2728736 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2013-03-15 05:53 . 2013-03-27 10:25 26956576 ----a-w- c:\windows\system32\nvoglv64.dll

2013-03-15 05:53 . 2013-03-27 10:25 25256736 ----a-w- c:\windows\system32\nvcompiler.dll

2013-03-15 05:53 . 2013-03-27 10:25 250504 ----a-w- c:\windows\system32\nvinitx.dll

2013-03-15 05:53 . 2013-03-27 10:25 2355488 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-03-15 05:53 . 2013-03-27 10:25 20542752 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2013-03-15 05:53 . 2013-03-27 10:25 205184 ----a-w- c:\windows\SysWow64\nvinit.dll

2013-03-15 05:53 . 2013-03-27 10:25 1995552 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2013-03-15 05:53 . 2013-03-27 10:25 1807136 ----a-w- c:\windows\system32\nvdispco6431422.dll

2013-03-15 05:53 . 2013-03-27 10:25 17990800 ----a-w- c:\windows\system32\nvd3dumx.dll

2013-03-15 05:53 . 2013-03-27 10:25 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2013-03-15 05:53 . 2013-03-27 10:25 1510176 ----a-w- c:\windows\system32\nvdispgenco6431422.dll

2013-03-15 05:53 . 2013-03-27 10:25 13088000 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2013-03-15 05:53 . 2013-03-27 10:25 11048736 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2013-03-15 05:53 . 2012-05-23 14:42 2539128 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-03-15 05:53 . 2012-02-22 10:42 1118776 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-03-15 05:53 . 2011-10-24 13:20 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-03-15 05:53 . 2009-12-03 06:27 15508512 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-03-15 05:53 . 2009-12-03 06:27 2864144 ----a-w- c:\windows\system32\nvapi64.dll

2013-03-15 04:16 . 2010-07-09 08:27 3477280 ----a-w- c:\windows\system32\nvsvc64.dll

2013-03-15 04:16 . 2010-07-09 08:27 6398240 ----a-w- c:\windows\system32\nvcpl.dll

2013-03-15 04:16 . 2010-07-09 08:27 877856 ----a-w- c:\windows\system32\nvvsvc.exe

2013-03-15 04:16 . 2010-07-09 08:27 237856 ----a-w- c:\windows\system32\nvmctray.dll

2013-03-15 04:16 . 2009-11-20 13:31 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-03-14 14:07 . 2013-03-14 14:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2013-03-13 16:24 . 2012-02-22 10:44 3065455 ----a-w- c:\windows\system32\nvcoproc.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}]

2012-11-06 16:19 244328 ----a-w- c:\program files (x86)\PutLockerDownloader\smarterdownloader.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-10 05:37 130736 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-10 05:37 130736 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-10 05:37 130736 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-10 05:37 130736 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]

"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496]

.

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-5-25 27776968]

SABnzbd.lnk - c:\program files (x86)\SABnzbd\SABnzbd.exe [2012-2-4 103424]

SickBeard.lnk - c:\program files\Sick-Beard\SickBeard.exe [2012-5-6 27136]

SyncBack.lnk - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2010-8-17 3016960]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 6163456]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

.

R2 Apache2.2;Apache2.2;c:\users\User\Desktop\Brandedbagweb\material\xampp-win32-1.7.7-VC9\xampp\apache\bin\httpd.exe;c:\users\User\Desktop\Brandedbagweb\material\xampp-win32-1.7.7-VC9\xampp\apache\bin\httpd.exe [x]

R2 Apache2.4;Apache2.4;c:\xampp\apache\bin\httpd.exe;c:\xampp\apache\bin\httpd.exe [x]

R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 Delete Duplicate Files Scan on Schedule Service;Delete Duplicate Files Scan on Schedule Service;c:\program files (x86)\Delete Duplicate Files\DDFS.exe;c:\program files (x86)\Delete Duplicate Files\DDFS.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]

R2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\EnGenius\Common\RaRegistry64.exe;c:\program files (x86)\EnGenius\Common\RaRegistry64.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe;c:\windows\SYSNATIVE\Wacom_Tablet.exe [x]

R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]

R2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [x]

R2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [x]

R3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]

R3 cpuz135;cpuz135;c:\users\User~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys;c:\users\User~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]

R3 EuMusDesignVirtualAudioCableWdm_lcs;Breakaway Pipeline (WDM);c:\windows\system32\DRIVERS\vaclcskd.sys;c:\windows\SYSNATIVE\DRIVERS\vaclcskd.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Messenger\Room\safedrv.sys;c:\program files (x86)\Garena Messenger\Room\safedrv.sys [x]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]

R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys;c:\windows\SYSNATIVE\DRIVERS\point64k.sys [x]

R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys;c:\windows\SYSNATIVE\DRIVERS\netr6164.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

R4 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]

R4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]

R4 Extensions Updates Service;Extensions Updates Service;c:\program files\Extensions for Windows\Extensions\Updater\ExtensionsUpdatesService.exe;c:\program files\Extensions for Windows\Extensions\Updater\ExtensionsUpdatesService.exe [x]

R4 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [x]

R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S3 arusb_lhx;TP-LINK TL-WN821N 11N Wireless device driver;c:\windows\system32\DRIVERS\arusb_lhx.sys;c:\windows\SYSNATIVE\DRIVERS\arusb_lhx.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys;c:\windows\SYSNATIVE\DRIVERS\wacmoumonitor.sys [x]

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 09:52]

.

2013-05-18 c:\windows\Tasks\Defraggler Volume C Task.job

- c:\program files\Defraggler\df64.exe [2012-12-08 14:20]

.

2013-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2133267585-404805544-2267332377-1000Core.job

- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 13:42]

.

2013-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2133267585-404805544-2267332377-1000UA.job

- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 13:42]

.

2010-08-17 c:\windows\Tasks\SyncBack docs.job

- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2010-08-17 10:45]

.

2011-10-09 c:\windows\Tasks\SyncBack Documents_1TB.job

- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2010-08-17 10:45]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-10 05:37 164016 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-10 05:37 164016 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-10 05:37 164016 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-10 05:37 164016 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>

uInternet Settings,ProxyServer = 127.0.0.1:8118

FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1qnep19s.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP30DF&PC=UP30&q=

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKCU-Run-Adobe Flash Updater - c:\programdata\svsupdates0\mwvaztybt.exe

Wow6432Node-HKLM-Run-Adobe Flash Updater - c:\programdata\svsupdates0\mwvaztybt.exe

Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)

Toolbar-Locked - (no file)

AddRemove-1ClickDownload - c:\program files (x86)\PutLockerDownloader.com\uninst.exe

AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe

AddRemove-Zwei-Stein_is1 - c:\users\User\Desktop\Zwei-Stein\unins000.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2133267585-404805544-2267332377-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:b0,60,93,32,ee,8d,05,62,6d,10,99,89,78,89,17,77,02,59,29,a2,6b,31,65,

db,9d,76,e5,2a,66,62,28,a5,a2,b5,76,89,66,96,f4,38,b6,f8,b3,18,c5,8b,5c,2b,\

"??"=hex:af,6a,ea,85,cf,4f,a8,43,f3,0f,26,ca,92,d0,44,91

.

[HKEY_USERS\S-1-5-21-2133267585-404805544-2267332377-1000\Software\SecuROM\License information*]

"datasecu"=hex:24,b5,44,68,a3,e2,9c,af,a3,a6,a4,a0,3f,3d,36,38,cf,02,9a,89,39,

87,f4,36,57,3f,a1,3e,91,09,ad,ab,30,ff,e0,cf,85,75,57,15,04,50,de,7d,07,3b,\

"rkeysecu"=hex:ef,7e,80,5d,4c,5b,4b,11,2c,06,a1,49,1d,aa,92,1e

.

[HKEY_USERS\S-1-5-21-2133267585-404805544-2267332377-1000_Classes\CLSID\{A6594A29-018C-5A48-8181-FBF4291F3745}]

@Denied: (A 4) (Everyone)

.

[HKEY_USERS\S-1-5-21-2133267585-404805544-2267332377-1000_Classes\Wow6432Node\CLSID\{4adc3df5-fb92-4fe5-9687-2e4fa86dedeb}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000141

"Therad"=dword:00000027

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,85,b1,12,f9,90,dd,23,a1,da,07,08,2b,c2,12,2f,88,1b,26,46,63,ad,2d,\

.

[HKEY_USERS\S-1-5-21-2133267585-404805544-2267332377-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):90,3e,87,05,45,96,26,e0,2d,ce,4a,81,1d,9e,de,7f,8e,d1,20,52,2a,

91,ec,a4,b4,d0,9a,7a,ae,35,b3,14,b4,c5,f4,d4,83,91,e4,d5,00,00,00,00,00,00,\

.

[HKEY_LOCAL_MACHINE\software\BlueStacks]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-06-11 22:48:03

ComboFix-quarantined-files.txt 2013-06-11 14:48

.

Pre-Run: 81,138,241,536 bytes free

Post-Run: 80,749,477,888 bytes free

.

- - End Of File - - 9B76F1D4D8644220CB4B63F540C3A86E

A36C5E4F47E84449FF07ED3517B43A31

Malware Logs.zip

Psychotic · June 11, 2013

Delete your copy of combofix.

Combofix

Combofix should only be run when adviced by a team member!

Link

Important - Save the file to your desktop!

Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
Run Combofix.exe

When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

cclouds · June 11, 2013

Hi, Thanks

Its as follows:

ComboFix 13-06-08.02 - User 12/06/2013 1:05.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.8827 [GMT 8:00]

Running from: c:\users\User\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2013-05-11 to 2013-06-11 )))))))))))))))))))))))))))))))

.

2013-06-11 17:15 . 2013-06-11 17:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-06-11 17:15 . 2013-06-11 17:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-11 15:06 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5520E03-F210-4905-83FC-507269399E18}\mpengine.dll

2013-06-10 10:23 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-06-09 11:46 . 2013-06-09 11:46 -------- d-----w- c:\users\User\AppData\Local\FLT

2013-06-09 11:46 . 2013-06-09 11:46 -------- d-----w- c:\windows\SysWow64\Saves

2013-06-08 17:32 . 2013-06-08 17:32 -------- d-----w- c:\users\User\AppData\Local\Activision

2013-06-07 16:52 . 2013-06-11 14:45 -------- d-sh--w- c:\programdata\svsupdates0

2013-06-07 16:50 . 2013-06-11 14:51 -------- d-----w- c:\users\User\AppData\Roaming\WindowsLogon