Jump to content

Malwarebytes keeps popping up saying it is blocking access to malicious sites


Recommended Posts

Hello I have recently read through a post that seems similiar in nature to the problem I am having, is there anyway you can help me stop whatever it is that is going on? Ive tried many things but still seem to get pop ups with MBAM saying its blocking sites.... I have ran ESET and found 42 threats and also combo fix along with Microsoft Security Essentials and MBAM, and ive removed some things but others are still there. PLEASE PLEASE help!

 

Thank you so much!

 

And if it helps this is the ESET scan from earlier.

 

 

 

C:\Documents and Settings\All Users\Application Data\Ask\APN-Stub\MYC-ST\APNIC.dll    a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\All Users\Ask\APN-Stub\MYC-ST\APNIC.dll    a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\Sains\AppData\Local\Application Data\Google\Chrome\User Data\Default\Users\bngcpflcheokbfopapkeegepacajlkbm\background.js    Win32/TrojanDownloader.Tracur.AH trojan
C:\Documents and Settings\Sains\AppData\Local\Application Data\Google\Chrome\User Data\Default\Users\bngcpflcheokbfopapkeegepacajlkbm\cs.js    Win32/TrojanDownloader.Tracur.AH trojan
C:\Documents and Settings\Sains\AppData\Local\Application Data\Trion\xloodjfg.dll    Win32/Boaxxe.G trojan
C:\Documents and Settings\Sains\AppData\Local\Google\Chrome\User Data\Default\Users\bngcpflcheokbfopapkeegepacajlkbm\background.js    Win32/TrojanDownloader.Tracur.AH trojan
C:\Documents and Settings\Sains\AppData\Local\Google\Chrome\User Data\Default\Users\bngcpflcheokbfopapkeegepacajlkbm\cs.js    Win32/TrojanDownloader.Tracur.AH trojan
C:\Documents and Settings\Sains\AppData\Local\Trion\xloodjfg.dll    Win32/Boaxxe.G trojan
C:\Documents and Settings\Sains\AppData\Roaming\wabEventSupport16\{035f7035-7f43-5a8b-7c1c-2abe82a2cac0}.exe    a variant of Win32/Kryptik.BECF trojan
C:\Documents and Settings\Sains\Application Data\wabEventSupport16\{035f7035-7f43-5a8b-7c1c-2abe82a2cac0}.exe    a variant of Win32/Kryptik.BECF trojan
C:\Documents and Settings\Sains\Desktop\mozilla downloads\setup.exe    a variant of Win32/AirAdInstaller.A application
C:\Documents and Settings\Sains\Desktop\mozilla downloads\old but needed\CheatEngine61.exe    a variant of Win32/Somoto.A application
C:\Documents and Settings\Sains\Desktop\mozilla downloads\old but needed\ManyCam.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\Sains\Local Settings\Google\Chrome\User Data\Default\Users\bngcpflcheokbfopapkeegepacajlkbm\background.js    Win32/TrojanDownloader.Tracur.AH trojan
C:\Documents and Settings\Sains\Local Settings\Google\Chrome\User Data\Default\Users\bngcpflcheokbfopapkeegepacajlkbm\cs.js    Win32/TrojanDownloader.Tracur.AH trojan
C:\Documents and Settings\Sains\Local Settings\Trion\xloodjfg.dll    Win32/Boaxxe.G trojan
C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe    a variant of Win32/HackTool.CheatEngine.AB application
C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat    a variant of Win32/HackTool.CheatEngine.AF application
C:\ProgramData\Ask\APN-Stub\MYC-ST\APNIC.dll    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\All Users\Application Data\Ask\APN-Stub\MYC-ST\APNIC.dll    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\All Users\Ask\APN-Stub\MYC-ST\APNIC.dll    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Sains\AppData\Local\Google\Chrome\User Data\Default\Users\bngcpflcheokbfopapkeegepacajlkbm\background.js    Win32/TrojanDownloader.Tracur.AH trojan
C:\Users\Sains\AppData\Local\Google\Chrome\User Data\Default\Users\bngcpflcheokbfopapkeegepacajlkbm\cs.js    Win32/TrojanDownloader.Tracur.AH trojan
C:\Users\Sains\AppData\Local\Trion\xloodjfg.dll    Win32/Boaxxe.G trojan
C:\Users\Sains\AppData\Roaming\wabEventSupport16\{035f7035-7f43-5a8b-7c1c-2abe82a2cac0}.exe    a variant of Win32/Kryptik.BECF trojan
C:\Users\Sains\Application Data\wabEventSupport16\{035f7035-7f43-5a8b-7c1c-2abe82a2cac0}.exe    a variant of Win32/Kryptik.BECF trojan
C:\Users\Sains\Desktop\mozilla downloads\setup.exe    a variant of Win32/AirAdInstaller.A application
C:\Users\Sains\Desktop\mozilla downloads\old but needed\CheatEngine61.exe    a variant of Win32/Somoto.A application
C:\Users\Sains\Desktop\mozilla downloads\old but needed\ManyCam.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Sains\Local Settings\Google\Chrome\User Data\Default\Users\bngcpflcheokbfopapkeegepacajlkbm\background.js    Win32/TrojanDownloader.Tracur.AH trojan
C:\Users\Sains\Local Settings\Google\Chrome\User Data\Default\Users\bngcpflcheokbfopapkeegepacajlkbm\cs.js    Win32/TrojanDownloader.Tracur.AH trojan
C:\Users\Sains\Local Settings\Trion\xloodjfg.dll    Win32/Boaxxe.G trojan
H:\ALL GAMES\ASM\The Amazing Spider-Man\Game.exe    Win32/Agent.NAN virus
Operating memory    Win32/Boaxxe.G trojan
 

Link to post
Share on other sites

Hello and welcome to the MalwareBytes forum.

My name is Maurice Naggar.

I will be helping you.

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Download DDS and save it to your desktop from http://download.bleepingcomputer.com/sUBs/dds.com here

or http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.infospyware.net/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Double click dds to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

Follow and answer the prompts as appropriate.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.
Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

Use NOTEPAD to Copy all contents of each log, then Paste directly into main-body of reply box.

Do -not- use the attach option unless a single log is way-too-large & won't fit.

  • Please download CKScanner from >>Here<<
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe & select Run as administrator to start.
  • then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Copy/paste the contents of CKFiles.txt in your next reply.
Link to post
Share on other sites

Ok thank you so much!!! here is the DDS and Attach as well as ck Scanner

 

DDS

--------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.25.2
Run by Sains at 17:48:37 on 2013-06-28
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16361.12343 [GMT -5:00]
.
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Users\Sains\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMHID4.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
H:\clone drive\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMTray4.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\iPod\bin\iPodService.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Qwiklinx: {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Sains\AppData\Roaming\Qwiklinx\Qwiklinx.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Microsoft office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Microsoft office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [MusicManager] "C:\Users\Sains\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_Plugin.exe -update plugin
mRun: [steelSeries World of Warcraft® MMO Gaming Mouse Legendary Edition] "C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMHID4.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun: [VirtualCloneDrive] "H:\clone drive\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DNS7reminder] "H:\dragons RAWR\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Sains\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMEST~1.LNK - H:\Gamestop\GameStop App\Now\GameStopNow.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Download All using 4shared Desktop - F:\random game stuff\4shared Desktop\Desktop.32/D_ALL_LINK
IE: &Download using 4shared Desktop - F:\random game stuff\4shared Desktop\Desktop.32/D_ONE_LINK
IE: E&xport to Microsoft Excel - F:\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - F:\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - F:\Microsoft office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - F:\Microsoft office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com




TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6A3EC32A-5E76-4B89-92FA-95C2A58BF2E6} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6A3EC32A-5E76-4B89-92FA-95C2A58BF2E6}\3616C696 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{D6C9D5BF-978C-483F-9BA7-7C1AFF30E50C} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Microsoft office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sains\AppData\Roaming\Mozilla\Firefox\Profiles\9n9zi97t.default\
FF - prefs.js: browser.search.selectedEngine - Google

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Sains\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\Sains\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Sains\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Sains\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: F:\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: F:\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: F:\Mozilla Plugins\npitunes.dll
FF - ExtSQL: 2013-06-15 11:56; {79D6101A-ED22-BC03-A3FB-0EDAA033A329}; C:\Users\Sains\AppData\Roaming\Mozilla\Firefox\Profiles\9n9zi97t.default\extensions\{79D6101A-ED22-BC03-A3FB-0EDAA033A329}
FF - ExtSQL: 2013-06-23 12:52; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Sains\AppData\Roaming\Mozilla\Firefox\Profiles\9n9zi97t.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-2-20 58416]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-11-22 303408]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-3-27 283200]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-2-20 213416]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-1-10 59440]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-3-21 1341664]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-8-3 352248]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-2-28 133800]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-22 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-22 701512]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-10-12 5739008]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2012-9-6 206120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2012-9-6 185640]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2012-7-26 66728]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2011-12-20 34304]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-22 25928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-2-28 28160]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 SSMO4Filter;MMO-4 Mouse;C:\Windows\System32\drivers\MO4Driver.sys [2011-7-27 21504]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-1-3 35104]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-19 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Sains\Desktop\real temp\WinRing0x64.sys [2008-7-26 14544]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WINWORD.EXE="F:\Microsoft office\Office14\WINWORD.EXE" /n "%1" [userChoice] [default=edit - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2013-06-28 06:44:45    --------    d-----w-    C:\Users\Sains\AppData\Roaming\ESET
2013-06-28 06:44:45    --------    d-----w-    C:\Users\Sains\AppData\Local\ESET
2013-06-28 06:44:02    --------    d-----w-    C:\Program Files\ESET
2013-06-27 21:51:20    --------    d-----w-    C:\Program Files (x86)\ESET
2013-06-27 21:37:50    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-06-27 16:36:30    9552976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5430027B-EF36-47B4-AB6A-2A13A7A9F727}\mpengine.dll
2013-06-27 08:50:21    98816    ----a-w-    C:\Windows\sed.exe
2013-06-27 08:50:21    256000    ----a-w-    C:\Windows\PEV.exe
2013-06-27 08:50:21    208896    ----a-w-    C:\Windows\MBR.exe
2013-06-26 04:10:45    9552976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-23 03:26:06    --------    d-----w-    C:\Users\Sains\AppData\Roaming\Malwarebytes
2013-06-23 03:25:57    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-06-23 03:25:56    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-06-23 03:25:56    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-23 03:21:02    --------    d-----w-    C:\Program Files\CCleaner
2013-06-21 13:51:15    964552    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8C0E5C5E-F816-4193-942C-7C5BD9108090}\gapaengine.dll
2013-06-15 16:56:58    --------    d-----w-    C:\Users\Sains\AppData\Roaming\wabEventSupport16
2013-06-14 16:55:58    --------    d-----w-    C:\Users\Sains\AppData\Local\Trion
2013-06-14 01:52:04    --------    d-----w-    C:\Users\Sains\AppData\Roaming\Curse Advertising
2013-06-14 01:51:36    --------    d-----w-    C:\Users\Sains\AppData\Local\Deployment
2013-06-14 01:51:36    --------    d-----w-    C:\Users\Sains\AppData\Local\Apps
2013-06-12 03:54:59    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-06-03 01:05:59    --------    d-----w-    C:\Windows\AsDmiHtm
2013-06-03 01:05:45    --------    d-----w-    C:\Program Files (x86)\Marvell
.
==================== Find3M  ====================
.
2013-06-18 16:47:12    291088    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2013-06-18 16:47:12    291088    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-06-18 16:46:48    280904    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2013-06-13 02:48:23    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-06-13 02:48:17    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-06-13 02:47:57    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-08 12:28:46    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-28 01:01:06    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-28 01:01:06    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-17 01:25:57    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:58:10    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-03-31 22:52:16    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2009-05-15 02:02:10    3392872    ----a-w-    C:\Program Files (x86)\Common Files\adlmint_libFNP.dll
2009-05-15 02:02:10    3298152    ----a-w-    C:\Program Files (x86)\Common Files\adlmint.dll
.
============= FINISH: 17:48:48.20 ===============
 

 

Attach

___

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 1/17/2012 10:23:18 PM
System Uptime: 6/28/2013 11:17:47 AM (6 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | SABERTOOTH P67
Processor: Intel® Core i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 26.244 GiB free.
D: is CDROM ()
E: is CDROM (UDF)
F: is FIXED (NTFS) - 465 GiB total, 38.099 GiB free.
G: is CDROM ()
H: is FIXED (NTFS) - 932 GiB total, 499.473 GiB free.
I: is CDROM ()
Z: is FIXED (NTFS) - 60 GiB total, 35.215 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_844D1043&REV_05\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_844D1043&REV_05\3&11583659&0&FB
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: D-Link DWA-552 XtremeN Desktop Adapter
Device ID: PCI\VEN_168C&DEV_0029&SUBSYS_3A7D1186&REV_01\5&D93DF5B&0&0000E6
Manufacturer: D-Link Corporation
Name: D-Link DWA-552 XtremeN Desktop Adapter
PNP Device ID: PCI\VEN_168C&DEV_0029&SUBSYS_3A7D1186&REV_01\5&D93DF5B&0&0000E6
Service: athr
.
==== System Restore Points ===================
.
RP271: 6/24/2013 11:11:05 PM - Windows Update
RP272: 6/27/2013 3:46:13 AM - Windows Modules Installer
.
==== Installed Programs ======================
.
µTorrent
4shared Desktop
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 ActiveX 64-bit
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Age of Empires II: HD Edition
America's Army 3
Anti-phishing Domain Advisor
APB Reloaded
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.2
Battlefield 3™
Blacklight: Retribution
Bonjour
CCleaner
Cheat Engine 6.2
Company of Heroes
Curse Client
DAEMON Tools Pro
DC Universe Online
DC Universe Online Live
DEFIANCE
DefianceRuntimes
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diablo III
Dragon NaturallySpeaking 11
ESET Online Scanner v3
ESET Smart Security
ESN Sonar
EVGA Precision 2.0.4
EVGA Precision X 3.0.2
Fable III
Far Cry 3
foobar2000 v1.1.12a
Fraps (remove only)
GameStop App
Google Chrome
Google Drive
Google Talk Plugin
Google Update Helper
Gotham City Impostors: Free To Play
GTA San Andreas
iCloud
IHA_MessageCenter
Intel® Network Connections 15.6.25.0
iTunes
Java 7 Update 25
Java Auto Updater
Java 6 Update 30
Just Cause 2
Malwarebytes Anti-Malware version 1.75.0.1300
ManyCam 3.0.53 (remove only)
marvell 91xx driver
Mass Effect™ 3
Maya 2010
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Games for Windows - LIVE
Microsoft Help Viewer 1.0
Microsoft IntelliPoint 8.2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Management Objects (x64)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x64)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x64)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio Macro Tools
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Music Manager
Native Instruments Controller Editor
Native Instruments Service Center
Native Instruments Traktor 2
Need for Speed™ Most Wanted
NVIDIA 3D Vision Controller Driver 301.42
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA HD Audio Driver 1.3.16.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
Origin
Pando Media Booster
Psi Ops
PunkBuster Services
QuickTime
Qwiklinx
RaiderZ
Redist
Renesas Electronics USB 3.0 Host Controller Driver
Respondus LockDown Browser
RF Uninstall
Secure Download Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
Skype™ 6.1
Sniper Elite V2 Demo
Sql Server Customer Experience Improvement Program
Steam
Stronghold Kingdoms
Team Fortress 2
TeamSpeak 3 Client
TERA
The Amazing Spider-Man
The Elder Scrolls V: Skyrim
The Elder Scrolls V: Skyrim Dawnguard™
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Ventrilo Client for Windows x64
Verizon Download Manager
Verizon Media Manager
Virtual Audio Cable 4.10
VirtualCloneDrive
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
Visual Studio 2010 Prerequisites - English
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Vz In Home Agent
Web Deployment Tool
WIDCOMM Bluetooth Software
Winamp
Winamp Detector Plug-in
WinRAR 4.11 (64-bit)
World of Warcraft
World of Warcraft® MMO Gaming Mouse: Legendary Edition
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
6/28/2013 11:20:12 AM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/28/2013 11:20:12 AM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
6/28/2013 1:44:05 AM, Error: Service Control Manager [7030]  - The ESET Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
6/27/2013 4:33:21 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
6/27/2013 4:31:12 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
6/27/2013 4:30:26 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/27/2013 4:30:26 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/27/2013 4:30:25 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/27/2013 4:30:19 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/27/2013 4:30:15 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache ElbyCDIO MpFilter spldr Wanarpv6
6/27/2013 3:52:36 AM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================
 

Ck Scanner

-----

CKScanner 2.3 - Additional Security Risks - These are not necessarily bad

scanner sequence 3.RP.11.HWNAWP

 ----- EOF -----

Link to post
Share on other sites

Please explain why & how you have two (2) installed antivirus app?

AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

Uninstall 1 of them and then logoff and Restart Windows fresh.

IF you do not have a current license for ESET (if it is a trial or if it has lapsed) then remove ESET.

Otherwise, uninstall MS Security Essentials.

Logoff and restart Windows fresh.

Installing an antivirus once a system is already infested, is problematic.

Having two (more than 1) antivirus apps provides less protection, not more ....and leads to conflicts & deadlocks.

NEXT:

Download and Save the attached W7SERV.zip

Un-zip (extract) all contents of the zip file to your Desktop.

Do a Right-click W7SERV.bat and select Run as Administrator and allow to run.

There will be more to do later.

Tell me which A-V you removed; which one you kept.

P.S. Part 2 -- in addition to what I posted just prior:

Your logs showed some peer-to-peer filesharing apps: µTorrent

Please Uninstall it + any other such app.

I do not recommend the use of P-2-P programs since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-programs:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

http://forums.malwarebytes.org/index.php?showtopic=97700

NEXT:

Disable CD-ROM Emulation Software:

Please download the following tool DeFogger to your desktop.

◦Double click DeFogger to run the tool.

◦The application window will appear

◦Click the Disable button to disable your CD Emulation drivers.

◦Click Yes to continue

◦A 'Finished!' message will appear

◦Click OK

◦DeFogger will now ask to reboot the machine - click OK

◦IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

◦Do not re-enable these drivers until otherwise instructed.

NEXT:

Java 6 Update 30 is out of date. Please uninstall it.

http://java.com/en/download/faq/remove_olderversions.xml

NOTE:

I also need for you to provide a copy of C:\Combofix.txt the combofix log from your run.

Do not run any tools on your own, without first checking with me.

W7SERV.zip

Edited by Maurice Naggar
Link to post
Share on other sites

1. I deleted ESET because it was a trial verson

2. I kept Microsoft Security Essentials

3.I ran the zip file you gave me and it shut down my computer

4. I deleted all my utorrent items and the application, it was on my external hard drive so i did a search after the unistall for anything with utorrent in the name and im pretty sure i deleted all of it.

5. this is what i recieved from defogger

 

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:48 on 29/06/2013 (Sains)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

 

6. I tried to unistall java and it would not let me so i did it the manual way the site listed and it doesnt show 30 just 25, I wanted to ask you first what i should do.

 

7. This is the combo fix information

 

ComboFix 13-06-27.01 - Sains 06/27/2013  16:31:35.2.8 - x64 NETWORK

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16361.15136 [GMT -5:00]

Running from: c:\users\Sains\Desktop\mozilla downloads\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((   Files Created from 2013-05-27 to 2013-06-27  )))))))))))))))))))))))))))))))

.

.

2013-06-27 21:33 . 2013-06-27 21:33 --------    d-----w-      c:\users\UpdatusUser\AppData\Local\temp

2013-06-27 21:33 . 2013-06-27 21:33 --------    d-----w-      c:\users\Default\AppData\Local\temp

2013-06-27 16:36 . 2013-06-12 03:08 9552976     ----a-w-      c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5430027B-EF36-47B4-AB6A-2A13A7A9F727}\mpengine.dll

2013-06-26 04:10 . 2013-06-12 03:08 9552976     ----a-w-      c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-06-23 03:26 . 2013-06-23 03:26 --------    d-----w-      c:\users\Sains\AppData\Roaming\Malwarebytes

2013-06-23 03:25 . 2013-06-23 03:25 --------    d-----w-    c:\programdata\Malwarebytes

2013-06-23 03:25 . 2013-06-23 03:26 --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware

2013-06-23 03:25 . 2013-04-04 19:50 25928 ----a-w-    c:\windows\system32\drivers\mbam.sys

2013-06-23 03:21 . 2013-06-23 03:21 --------    d-----w-    c:\program files\CCleaner

2013-06-21 13:51 . 2013-06-21 13:51 964552      ------w-      c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C0E5C5E-F816-4193-942C-7C5BD9108090}\gapaengine.dll

2013-06-15 17:13 . 2013-06-15 17:13 --------    d-----w-    c:\program files (x86)\Common Files\Java

2013-06-15 16:56 . 2013-06-23 03:59 --------    d-----w-      c:\users\Sains\AppData\Roaming\wabEventSupport16

2013-06-14 16:55 . 2013-06-15 15:41 --------    d-----w-      c:\users\Sains\AppData\Local\Trion

2013-06-14 01:52 . 2013-06-14 01:53 --------    d-----w-      c:\users\Sains\AppData\Roaming\Curse Advertising

2013-06-14 01:51 . 2013-06-27 20:35 --------    d-----w-      c:\users\Sains\AppData\Local\Deployment

2013-06-14 01:51 . 2013-06-14 01:51 --------    d-----w-    c:\users\Sains\AppData\Local\Apps

2013-06-12 03:54 . 2013-05-17 00:59 2241024     ----a-w-    c:\windows\system32\wininet.dll

2013-06-03 01:05 . 2013-06-03 01:06 --------    d-----w-    c:\windows\AsDmiHtm

2013-06-03 01:05 . 2013-06-03 01:05 --------    d-----w-    c:\program files (x86)\Marvell

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-18 16:47 . 2012-02-29 03:15 291088      ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr

2013-06-18 16:47 . 2012-02-29 03:08 291088      ----a-w-    c:\windows\SysWow64\PnkBstrB.exe

2013-06-18 16:46 . 2012-02-29 03:08 280904      ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0

2013-06-13 02:48 . 2013-03-26 16:06 867240      ----a-w-      c:\windows\SysWow64\npDeployJava1.dll

2013-06-13 02:48 . 2012-01-18 05:18 789416      ----a-w-      c:\windows\SysWow64\deployJava1.dll

2013-06-13 02:47 . 2013-03-26 16:06 96168 ----a-w-      c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-12 03:55 . 2012-01-20 05:16 75825640    ----a-w-    c:\windows\system32\MRT.exe

2013-05-28 01:01 . 2012-11-05 01:26 692104      ----a-w-      c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-28 01:01 . 2012-01-18 05:20 71048 ----a-w-      c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-21 14:39 . 2012-02-10 18:09 964552      ------w-      c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-05-02 15:29 . 2010-11-21 03:27 278800      ------w-    c:\windows\system32\MpSigStub.exe

2013-04-30 22:40 . 2013-04-30 22:40 719360      ----a-w-      c:\windows\SysWow64\mshtmlmedia.dll

2013-04-30 22:40 . 2013-04-30 22:40 523264      ----a-w-    c:\windows\SysWow64\vbscript.dll

2013-04-30 22:40 . 2013-04-30 22:40 38400 ----a-w-    c:\windows\SysWow64\imgutil.dll

2013-04-30 22:40 . 2013-04-30 22:40 226304      ----a-w-    c:\windows\system32\elshyph.dll

2013-04-30 22:40 . 2013-04-30 22:40 185344      ----a-w-    c:\windows\SysWow64\elshyph.dll

2013-04-30 22:40 . 2013-04-30 22:40 158720      ----a-w-    c:\windows\SysWow64\msls31.dll

2013-04-30 22:40 . 2013-04-30 22:40 150528      ----a-w-    c:\windows\SysWow64\iexpress.exe

2013-04-30 22:40 . 2013-04-30 22:40 138752      ----a-w-    c:\windows\SysWow64\wextract.exe

2013-04-30 22:40 . 2013-04-30 22:40 137216      ----a-w-    c:\windows\SysWow64\ieUnatt.exe

2013-04-30 22:40 . 2013-04-30 22:40 12800 ----a-w-    c:\windows\SysWow64\mshta.exe

2013-04-30 22:40 . 2013-04-30 22:40 1054720     ----a-w-      c:\windows\system32\MsSpellCheckingFacility.exe

2013-04-30 22:40 . 2013-04-30 22:40 97280 ----a-w-    c:\windows\system32\mshtmled.dll

2013-04-30 22:40 . 2013-04-30 22:40 905728      ----a-w-      c:\windows\system32\mshtmlmedia.dll

2013-04-30 22:40 . 2013-04-30 22:40 81408 ----a-w-    c:\windows\system32\icardie.dll

2013-04-30 22:40 . 2013-04-30 22:40 762368      ----a-w-    c:\windows\system32\ieapfltr.dll

2013-04-30 22:40 . 2013-04-30 22:40 73728 ----a-w-      c:\windows\SysWow64\SetIEInstalledDate.exe

2013-04-30 22:40 . 2013-04-30 22:40 61952 ----a-w-    c:\windows\SysWow64\tdc.ocx

2013-04-30 22:40 . 2013-04-30 22:40 48640 ----a-w-    c:\windows\SysWow64\mshtmler.dll

2013-04-30 22:40 . 2013-04-30 22:40 452096      ----a-w-    c:\windows\system32\dxtmsft.dll

2013-04-30 22:40 . 2013-04-30 22:40 441856      ----a-w-    c:\windows\system32\html.iec

2013-04-30 22:40 . 2013-04-30 22:40 361984      ----a-w-    c:\windows\SysWow64\html.iec

2013-04-30 22:40 . 2013-04-30 22:40 281600      ----a-w-    c:\windows\system32\dxtrans.dll

2013-04-30 22:40 . 2013-04-30 22:40 27648 ----a-w-    c:\windows\system32\licmgr10.dll

2013-04-30 22:40 . 2013-04-30 22:40 270848      ----a-w-    c:\windows\system32\iedkcs32.dll

2013-04-30 22:40 . 2013-04-30 22:40 247296      ----a-w-    c:\windows\system32\webcheck.dll

2013-04-30 22:40 . 2013-04-30 22:40 235008      ----a-w-    c:\windows\system32\url.dll

2013-04-30 22:40 . 2013-04-30 22:40 23040 ----a-w-    c:\windows\SysWow64\licmgr10.dll

2013-04-30 22:40 . 2013-04-30 22:40 216064      ----a-w-    c:\windows\system32\msls31.dll

2013-04-30 22:40 . 2013-04-30 22:40 197120      ----a-w-    c:\windows\system32\msrating.dll

2013-04-30 22:40 . 2013-04-30 22:40 167424      ----a-w-    c:\windows\system32\iexpress.exe

2013-04-30 22:40 . 2013-04-30 22:40 1509376     ----a-w-    c:\windows\system32\inetcpl.cpl

2013-04-30 22:40 . 2013-04-30 22:40 144896      ----a-w-    c:\windows\system32\wextract.exe

2013-04-30 22:40 . 2013-04-30 22:40 1441280     ----a-w-    c:\windows\SysWow64\inetcpl.cpl

2013-04-30 22:40 . 2013-04-30 22:40 1400416     ----a-w-    c:\windows\system32\ieapfltr.dat

2013-04-30 22:40 . 2013-04-30 22:40 110592      ----a-w-    c:\windows\SysWow64\IEAdvpack.dll

2013-04-30 22:40 . 2013-04-30 22:40 102912      ----a-w-    c:\windows\system32\inseng.dll

2013-04-30 22:40 . 2013-04-30 22:40 92160 ----a-w-      c:\windows\system32\SetIEInstalledDate.exe

2013-04-30 22:40 . 2013-04-30 22:40 77312 ----a-w-    c:\windows\system32\tdc.ocx

2013-04-30 22:40 . 2013-04-30 22:40 62976 ----a-w-    c:\windows\system32\pngfilt.dll

2013-04-30 22:40 . 2013-04-30 22:40 599552      ----a-w-    c:\windows\system32\vbscript.dll

2013-04-30 22:40 . 2013-04-30 22:40 52224 ----a-w-    c:\windows\system32\msfeedsbs.dll

2013-04-30 22:40 . 2013-04-30 22:40 51200 ----a-w-    c:\windows\system32\imgutil.dll

2013-04-30 22:40 . 2013-04-30 22:40 48640 ----a-w-    c:\windows\system32\mshtmler.dll

2013-04-30 22:40 . 2013-04-30 22:40 173568      ----a-w-    c:\windows\system32\ieUnatt.exe

2013-04-30 22:40 . 2013-04-30 22:40 149504      ----a-w-    c:\windows\system32\occache.dll

2013-04-30 22:40 . 2013-04-30 22:40 13824 ----a-w-    c:\windows\system32\mshta.exe

2013-04-30 22:40 . 2013-04-30 22:40 136192      ----a-w-    c:\windows\system32\iepeers.dll

2013-04-30 22:40 . 2013-04-30 22:40 135680      ----a-w-    c:\windows\system32\IEAdvpack.dll

2013-04-30 22:40 . 2013-04-30 22:40 12800 ----a-w-    c:\windows\system32\msfeedssync.exe

2013-04-13 05:49 . 2013-05-16 13:39 135168      ----a-w-      c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-16 13:39 350208      ----a-w-      c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-16 13:39 308736      ----a-w-      c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-16 13:39 111104      ----a-w-      c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-16 13:39 474624      ----a-w-    c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-16 13:39 2176512     ----a-w-    c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-23 19:28 1656680     ----a-w-      c:\windows\system32\drivers\ntfs.sys

2013-04-10 06:01 . 2013-05-16 13:39 265064      ----a-w-      c:\windows\system32\drivers\dxgmms1.sys

2013-04-10 06:01 . 2013-05-16 13:39 983400      ----a-w-      c:\windows\system32\drivers\dxgkrnl.sys

2013-04-10 03:30 . 2013-05-16 13:39 3153920     ----a-w-    c:\windows\system32\win32k.sys

2009-05-15 02:02 . 2009-05-15 02:02 3392872     ----a-w-    c:\program files (x86)\Common Files\adlmint_libFNP.dll

2009-05-15 02:02 . 2009-05-15 02:02 3298152     ----a-w-    c:\program files (x86)\Common Files\adlmint.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3E7C8B5A-96AB-438F-BF9B-782400655440}]

2012-05-07 19:52  1960520     ----a-w-      c:\users\Sains\AppData\Roaming\Qwiklinx\Qwiklinx.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-13 3093624]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2012-11-15 222496]

"MusicManager"="c:\users\Sains\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-04-23 7331840]

"Trion"="c:\users\Sains\AppData\Local\Trion\xloodjfg.dll" [2013-06-14 519680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SteelSeries World of Warcraft® MMO Gaming Mouse Legendary Edition"="c:\program files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMHID4.exe" [2011-10-04 1945600]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2012-09-06 206120]

"VirtualCloneDrive"="h:\clone drive\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"DNS7reminder"="h:\dragons rawr\Ereg\Ereg.exe" [2007-04-16 259624]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\users\Sains\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

GameStop Now.lnk - h:\gamestop\GameStop App\Now\GameStopNow.exe [2013-1-18 1963872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-4 1079584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]

R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]

R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe;c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [x]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe;c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]

R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Sains\Desktop\real temp\WinRing0x64.sys;c:\users\Sains\Desktop\real temp\WinRing0x64.sys [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]

S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 SSMO4Filter;MMO-4 Mouse;c:\windows\system32\drivers\MO4Driver.sys;c:\windows\SYSNATIVE\drivers\MO4Driver.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-01 18:10]

.

2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-01 18:10]

.

2013-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3125898561-2427038791-1072086541-1000Core.job

- c:\users\Sains\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-21 19:14]

.

2013-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3125898561-2427038791-1072086541-1000UA.job

- c:\users\Sains\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-21 19:14]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-06-07 04:57  778192      ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-07 04:57  778192      ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-07 04:57  778192      ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-06-07 04:57  778192      ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-06-07 04:57  778192      ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-06-07 04:57  778192      ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &Download All using 4shared Desktop - f:\random game stuff\4shared Desktop\Desktop.32/D_ALL_LINK

IE: &Download using 4shared Desktop - f:\random game stuff\4shared Desktop\Desktop.32/D_ONE_LINK

IE: E&xport to Microsoft Excel - f:\micros~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - f:\micros~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Sains\AppData\Roaming\Mozilla\Firefox\Profiles\9n9zi97t.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - ExtSQL: 2013-06-15 11:56; {79D6101A-ED22-BC03-A3FB-0EDAA033A329}; c:\users\Sains\AppData\Roaming\Mozilla\Firefox\Profiles\9n9zi97t.default\extensions\{79D6101A-ED22-BC03-A3FB-0EDAA033A329}

FF - ExtSQL: 2013-06-23 12:52; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Sains\AppData\Roaming\Mozilla\Firefox\Profiles\9n9zi97t.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF - user.js: extensions.autoDisableScopes - 14

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

Wow6432Node-HKCU-Run-uTorrent - f:\winrar\uTorrent.exe

Wow6432Node-HKLM-Run-BCSSync - f:\microsoft office\Office14\BCSSync.exe

Wow6432Node-HKLM-Run-iTunesHelper - F:\iTunesHelper.exe

c:\users\Sains\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk - f:\microsoft office\Office14\ONENOTEM.EXE /tsr

AddRemove-4shared Desktop - f:\random game stuff\4shared Desktop\uninstall.exe

AddRemove-Age of Empires 2.0 - f:\all game files\Games\UNINSTAL.EXE

AddRemove-Age of Empires II: The Conquerors Expansion 1.0 - f:\all game files\Games\UNINSTALX.EXE

AddRemove-DAEMON Tools Pro - f:\d tools\DAEMON Tools Pro\uninst.exe

AddRemove-foobar2000 - f:\lame_foobar\foobar2000\uninstall.exe

AddRemove-ManyCam - f:\manyvam\uninstall.exe

AddRemove-RFOnline - f:\rfonline\uninst.exe

AddRemove-uTorrent - f:\winrar\uTorrent.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-06-27  16:34:20

ComboFix-quarantined-files.txt  2013-06-27 21:34

ComboFix2.txt  2013-06-27 08:53

.

Pre-Run: 29,079,744,512 bytes free

Post-Run: 28,910,333,952 bytes free

.

- - End Of File - - 27739B6214007114BBFE7E16C934CA46

A36C5E4F47E84449FF07ED3517B43A31

Link to post
Share on other sites

That is the combo fix i ran a couple nights ago, i didnt see you telling me to run it again so i just put the only text i had on there, so if i need to change anything or run it again please let me know. I didnt know if i would need to redo it after i deleted utorrent and the eset

Link to post
Share on other sites

Please know that Combofix is not intended to be used by the general public unless under the guidance of a trained expert.

Thus, do not ever run it on your own.

I just wanted to review the log, so I could see what it had found.

2) One does not "install" a second A-V to cure something. Rather, instead, one could have run a online scan or a specialized tool.

This is to say, don't do as you did by installing ESET whilst MSE was installed.

3) For Java:

You need to remove older versions of Java runtime. Do this:

Download & Save to your Desktop or a new folder Javara.zip

Extract the contents of the zip file. Then double click Javara.exe to run it.

JavaRa is a simple tool that does a simple job: it removes old and redundant versions of the Java Runtime Environment (JRE).

4)

IF you have a prior copy of mbar.exe (our anti-rootkit), then please delete it at this point.

1. Download & Save Malwarebytes Anti-Rootkit from http://www.malwarebytes.org/products/mbar/

2. Unzip the contents to a folder in a convenient location. I suggest a unique folder of your own making.

3. Open the folder where the contents were unzipped and run mbar.exe

IF your Windows is Windows 8 or 7 or Vista, do a RIGHT-Click on mbar.exe and select Run As Administrator and allow to run.

If your Windows is XP, double-click to start.

4. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5. Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6. Wait while the system shuts down and the cleanup process is performed.

7. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

5)

The Malwarebytes Anti-Malware Website Blocking feature will advise users when an known malicious IP is attempted to be reached (outgoing) or is trying access your PC(incoming).

Incoming threats can be ignored, our software is blocking the attack and there is nothing more that can be done.

No action is required unless you're also experiencing malware symptoms or there are multiple IPs(ex;123.23.34 and 4.44.56). A browser is not required to be running, just an active Internet connection with processes running, such as IM clients, SKYPE or P2P software to trigger these alerts. These are also triggered by banner ads running on websites which is the most common form of alert

Windows Vista and Windows 7 & 8 will show the process, but Windows XP does not have the structure in place for this to be displayed by our software

IF you Close all your internet browsers and your instant messenger programs, and wait a couple of minutes, then .....

do you still see "Outgoing IP blocks" ?

Please see/review this reference on MBAM's IP blocks

http://helpdesk.malwarebytes.org/entries/23482998-What-does-it-mean-when-I-get-an-IP-alert-about-blocking-a-malicious-site-

Please see the link below which contains our FAQ's(including reporting false\positives and adding IPs to ignore) on this feature for more information:

http://www.malwarebytes.org/forums/index.php?showtopic=21076&st=0#entry107310

Link to post
Share on other sites

OK. We -do- need to do more checks.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

look down the screen to Action for potentially unwanted modifications

and select "Do not show in results list" from the drop down (arrow) selections.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a QUICK Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, ATTACH the MBAM scan log into a new reply.

Task 2

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

  • Turn OFF your antivirus program.

    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  • If this system is Windows 8/7 or VISTA, then Right-click on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe and select Run as Administrator.
  • Otherwise, on Windows XP, doubleclick on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe file to start the tool.
  • You will see a screen similar to this:

    Drweb-cureit-1_zps34a2f747.gif

    Click the checkbox to participate, and then click on Continue button.

  • Next

    Drweb-cureit-2_zpsee7bdcb6.gif

    Click on Select onjects for scanning

  • Next

    Drweb-cureit-3_zps137b4332.gif

    Put a checkmark by clicking on the boxes as shown.

    Do not select Temporary files or System Restore points.

    Then click on Start scanning button

  • The scan in progress will be shown like this

    Drweb-cureit-4_zps211037d0.gif

  • IF something is detected, you will see a screen similar to this

    Drweb-cureit-5_zpsd7be6acf.gif

    For each item "detected", click on the Action column down arrow, like this

    Drweb-cureit-8_zpsb099f9d5.gif

    Your options will be Cure or Ignore

    IF you see an item that you are very sure is ok, then un-check the checkbox for that item.

    Typically, you will keep the Cure default.

    Then click on the Neutralize button.

  • When the actions are completed, you will see this

    Drweb-cureit-7_zpsd290a127.gif

  • Click on the green Open Report line. It will pop-up the report in NOTEPAD.

    Save the report to your desktop. The report will be called Cureit.log

  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, attach the log Cureit.log you saved previously in your next reply.
Re-Enable your antivirus program when all done.

Task 3

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or 8 or Vista, Right-Click on fss.exe and select Run As Administrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other services
Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

Task 4

Download Security Check by screen317 from >>here<<.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Link to post
Share on other sites

First off I want to apologize for the reply taking as long as it did, had a busy weekend and was out of the house a lot.

 

Ok I made sure all the items were done as you said to do them. Here is the log for the MBAM Scan

________

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.06.30.02

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16618

Sains :: SAINS-PC [administrator]

 

Protection: Enabled

 

6/30/2013 6:57:17 PM

mbam-log-2013-06-30 (18-57-17).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: PUP | PUM | P2P

Objects scanned: 248339

Time elapsed: 1 minute(s), 18 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

And as for the Dr. Cureit! It said 1000 pages on my note pad so I didn’t know how long you wanted me to exactly put on here? I had to do a /search for this one and search for cure it.

 

=============================================================================

Dr.Web Scanner SE for Windows v8.2.0.05230

© Doctor Web, Ltd., 1992-2013

Scan session started 2013/06/30 19:02:57

Module location : C:\Users\Sains\AppData\Local\Temp\A0EFF863-1B98A55E-7FD39D1B-88E7C5C6\

=============================================================================

OPTION [Automatic Apply Actions] NO

OPTION [Turn Off Computer After Scan] NO

OPTION [use Sound Alerts] NO

OPTION [block Network] NO

OPTION [Protect Process] NO

OPTION [Protect Raw Disk] NO

Using language: "English"

=============================================================================

Dr.Web Scanner SE for Windows v8.2.0.05230

© Doctor Web, Ltd., 1992-2013

Scan session started 2013/06/30 19:04:22

Module location : C:\Users\Sains\AppData\Local\Temp\B4CC8A00-8794C3EC-1F2BEF04-4BFE3D50\

=============================================================================

OPTION [Automatic Apply Actions] NO

OPTION [Turn Off Computer After Scan] NO

OPTION [use Sound Alerts] NO

OPTION [block Network] NO

OPTION [Protect Process] NO

OPTION [Protect Raw Disk] NO

Using language: "English"

Available instances: 12

Instances used: 12

Platform: Windows 7 Professional x64/WOW (Build 7601), Service Pack 1

API Version: 2.2

Scanning Engine version: 8.1.0.6170

Virus Finding Engine version: 7.0.4.9250

Total 120 virus bases are loaded from

 

 

(COULDN’T GET full 1000 pages on forum post so just posted these 2 things)(and full report is attached)

 

 

Total 7623749486 bytes in 31418 files scanned (33034 objects)

Total 31387 files (32994 objects) are clean

Total 2 files are suspicious

Total 34 files are raised error condition

Scan time is 00:02:23.784

 

-----------------------------------------------------------------------------

Start curing

-----------------------------------------------------------------------------

c:\program files (x86)\verizondm\bin\sprtsync.dll - deleted, reboot required

c:\program files (x86)\verizondm\bin\sprtupdate.dll - deleted, reboot required

 

Total 7623749486 bytes in 31418 files scanned (33034 objects)

Total 31387 files (32994 objects) are clean

Total 2 files are suspicious

Total 2 files are neutralized

Total 34 files are raised error condition

Scan time is 00:02:23.784

 

 

Farbars SSU is right here

 

 

Farbar Service Scanner Version: 27-06-2013

Ran by Sains (administrator) on 30-06-2013 at 19:20:25

Running from "C:\Users\Sains\Desktop\mozilla downloads"

Microsoft Windows 7 Professional  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy:

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

 

 

Security Check is here

 

 

Results of screen317's Security Check version 0.99.68 

 Windows 7 Service Pack 1 x64 (UAC is enabled) 

 Internet Explorer 10 

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 

Microsoft Security Essentials  

 Antivirus up to date! 

`````````Anti-malware/Other Utilities Check:`````````

 Malwarebytes Anti-Malware version 1.75.0.1300 

 Java 7 Update 25 

 Adobe Flash Player 11.7.700.202 

 Adobe Reader 10.1.2 Adobe Reader out of Date! 

 Mozilla Firefox (22.0)

 Google Chrome 27.0.1453.110 

 Google Chrome 27.0.1453.116 

````````Process Check: objlist.exe by Laurent```````` 

 Microsoft Security Essentials MSMpEng.exe

 Microsoft Security Essentials msseces.exe

 Malwarebytes Anti-Malware mbamservice.exe 

 Malwarebytes Anti-Malware mbamgui.exe 

 Malwarebytes' Anti-Malware mbamscheduler.exe  

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Please tell me what Java issue you refer to?

The Javara tool is supposed to remove outdated Java, but it should also have got you the latest version.

IF you do not need Java at all, use Control Panel >> Programs and Features & uninstall Java.

Please advise me if there is another outstanding issue.

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Add-or-Remove Programs, Un-install Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

Link to post
Share on other sites

Any time i try to use the tool you have linked, ever since we first started this forum post it says error and cant be removed, and then i go to do it manually like the instructions you listed showed me to do, and it deletes it, but it then we run the scanners again and it shows its still there.

Link to post
Share on other sites

The system seems to be running very well at the moment, i have only had a few pop ups blocking malware come up from MBAM and it seems to be working. But my computer is slower then usual so i do not know if this has anything to do with the previous malware issues.

Link to post
Share on other sites

The Malwarebytes Anti-Malware Website Blocking feature will advise users when an known malicious IP is attempted to be reached(outgoing) or is trying access your PC(incoming).

Incoming threats can be ignored, our software is blocking the attack and there is nothing more that can be done.

No action is required unless you're also experiencing malware symptoms or there are multiple IPs(ex;123.23.34 and 4.44.56). A browser is not required to be running, just an active Internet connection with processes running, such as IM clients, SKYPE or P2P software to trigger these alerts. These are also triggered by banner ads running on websites which is the most common form of alert

Windows Vista and Windows 7 & 8 will show the process, but Windows XP does not have the structure in place for this to be displayed by our software

Please see/review this reference on MBAM's IP blocks

http://helpdesk.malwarebytes.org/entries/23482998-What-does-it-mean-when-I-get-an-IP-alert-about-blocking-a-malicious-site-

Please see the link below which contains our FAQ's(including reporting false\positives and adding IPs to ignore) on this feature for more information:

http://www.malwarebytes.org/forums/index.php?showtopic=21076&st=0#entry107310

Link to post
Share on other sites

Were all your browsers + all instant messengers off ?

Were those OUTGOING IP blocks?

Download and save our grabfiles tool to your Desktop

http://downloads.malwarebytes.org/file/mbam_grabfiles

Then next, RUN the mbam-grabfiles exe

It will run in a black Command prompt window. Please have lots of patience.

After it finishes, you will find a ZIP file ready named

Filesgrabbed.zip

Please attach that with your next reply.

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Sainsc21 only. If you are a casual viewer, do NOT try this on your system!

If you are not Sainsc21 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

2

  • Download & SAVE to your Desktop Tigzy's RogueKiller >> from here << or

    >> from here <<

  • Quit all programs that you may have started.
  • Please disconnect any USB or external storage drives from the computer before you run this scan! i_arrow-l.gif
  • For Vista or Windows 7 / 8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    For Windows XP, double-click to start.

  • When prompted to accept the EULA, please do so.
  • Wait until Prescan has finished ... i_arrow-l.gif
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller
3

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.

    If running Vista or Windows 7 / 8, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.

  • If an infected file is detected, the default action will be Cure, click on Continue.

    TDSSKillerMal-1.png

  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

    Skip and click on Continue

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • 4

    If you have a prior copy of Combofix, delete it now

    Download Combofix from any of the links below, and SAVE it to your Desktop.

    Link 1

    Link 2

    **Note: It is important that it is saved directly to your Desktop and not run straight away from download **

    Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

    Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

    It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

    You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

    Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

    If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

    Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

    Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

    • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.

      When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

    A caution - Do not run Combofix more than once.

    Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

    The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

    If this occurs, please reboot to restore the desktop.

    A file will be created at => C:\Combofix.txt.

    Notes:

    [1] IF after Combofix reboot you get the message

    Illegal operation attempted on registry key that has been marked for deletion

    ....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

    [2] Do not mouseclick combofix's window nor run any program while Combofix is running.

    That may cause it to stall.

    [3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

    Reply & Copy & Paste contents of the C:\Combofix.txt log

    and tell me, How is the system now icon_question.gif

    Re-enable your antivirus program.

Link to post
Share on other sites

Combo Fix Log-

 

ComboFix 13-07-15.01 - Sains 07/16/2013  13:58:39.4.8 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16361.13937 [GMT -5:00]

Running from: c:\users\Sains\Desktop\mozilla downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((   Files Created from 2013-06-16 to 2013-07-16  )))))))))))))))))))))))))))))))

.

.

2013-07-16 19:00 . 2013-07-16 19:00 --------    d-----w-      c:\users\UpdatusUser\AppData\Local\temp

2013-07-16 19:00 . 2013-07-16 19:00 --------    d-----w-      c:\users\Default\AppData\Local\temp

2013-07-16 15:03 . 2013-07-16 18:39 --------    d-----w-      c:\users\Sains\AppData\Roaming\vlc

2013-07-16 14:32 . 2013-07-16 14:32 --------    d-----w-    c:\users\Sains\.MakeMKV

2013-07-16 14:32 . 2013-07-16 14:32 --------    d-----w-    c:\program files (x86)\MakeMKV

2013-07-16 08:32 . 2013-07-02 08:34 9460976     ----a-w-      c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30902F92-72C4-44C1-9B30-10A39FA47036}\mpengine.dll

2013-07-15 08:32 . 2013-06-12 03:08 9552976     ----a-w-      c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-07-15 08:01 . 2013-07-15 08:02 --------    d-----w-    c:\windows\system32\MRT

2013-07-12 22:52 . 2013-06-04 06:00 624128      ----a-w-    c:\windows\system32\qedit.dll

2013-07-01 00:02 . 2013-07-01 00:07 --------    d-----w-    c:\users\Sains\Doctor Web

2013-06-29 15:40 . 2013-06-29 15:49 --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-06-29 14:38 . 2013-06-29 14:38 --------    d-----w-      c:\users\Sains\AppData\Roaming\Oracle

2013-06-28 06:44 . 2013-06-28 06:44 --------    d-----w-    c:\users\Sains\AppData\Local\ESET

2013-06-27 21:51 . 2013-06-27 21:51 --------    d-----w-    c:\program files (x86)\ESET

2013-06-23 03:26 . 2013-06-23 03:26 --------    d-----w-      c:\users\Sains\AppData\Roaming\Malwarebytes

2013-06-23 03:25 . 2013-06-23 03:25 --------    d-----w-    c:\programdata\Malwarebytes

2013-06-23 03:25 . 2013-06-23 03:26 --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware

2013-06-23 03:25 . 2013-04-04 19:50 25928 ----a-w-    c:\windows\system32\drivers\mbam.sys

2013-06-23 03:21 . 2013-06-23 03:21 --------    d-----w-    c:\program files\CCleaner

2013-06-21 13:51 . 2013-06-21 13:51 964552      ------w-      c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C0E5C5E-F816-4193-942C-7C5BD9108090}\gapaengine.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-24 05:57 . 2012-01-20 05:16 78277128    ----a-w-    c:\windows\system32\MRT.exe

2013-06-18 16:47 . 2012-02-29 03:15 291088      ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr

2013-06-18 16:47 . 2012-02-29 03:08 291088      ----a-w-    c:\windows\SysWow64\PnkBstrB.exe

2013-06-18 16:46 . 2012-02-29 03:08 280904      ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0

2013-06-13 02:48 . 2013-03-26 16:06 867240      ----a-w-      c:\windows\SysWow64\npDeployJava1.dll

2013-06-13 02:48 . 2012-01-18 05:18 789416      ----a-w-      c:\windows\SysWow64\deployJava1.dll

2013-05-28 01:01 . 2012-11-05 01:26 692104      ----a-w-      c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-28 01:01 . 2012-01-18 05:20 71048 ----a-w-      c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-21 14:39 . 2012-02-10 18:09 964552      ------w-      c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-05-13 05:51 . 2013-06-12 01:16 184320      ----a-w-    c:\windows\system32\cryptsvc.dll

2013-05-13 05:51 . 2013-06-12 01:16 1464320     ----a-w-    c:\windows\system32\crypt32.dll

2013-05-13 05:51 . 2013-06-12 01:16 139776      ----a-w-    c:\windows\system32\cryptnet.dll

2013-05-13 05:50 . 2013-06-12 01:16 52224 ----a-w-    c:\windows\system32\certenc.dll

2013-05-13 04:45 . 2013-06-12 01:16 140288      ----a-w-    c:\windows\SysWow64\cryptsvc.dll

2013-05-13 04:45 . 2013-06-12 01:16 1160192     ----a-w-    c:\windows\SysWow64\crypt32.dll

2013-05-13 04:45 . 2013-06-12 01:16 103936      ----a-w-    c:\windows\SysWow64\cryptnet.dll

2013-05-13 03:43 . 2013-06-12 01:16 1192448     ----a-w-    c:\windows\system32\certutil.exe

2013-05-13 03:08 . 2013-06-12 01:16 903168      ----a-w-    c:\windows\SysWow64\certutil.exe

2013-05-13 03:08 . 2013-06-12 01:16 43008 ----a-w-    c:\windows\SysWow64\certenc.dll

2013-05-10 05:49 . 2013-06-12 01:16 30720 ----a-w-    c:\windows\system32\cryptdlg.dll

2013-05-10 03:20 . 2013-06-12 01:16 24576 ----a-w-    c:\windows\SysWow64\cryptdlg.dll

2013-05-08 06:39 . 2013-06-12 01:16 1910632     ----a-w-      c:\windows\system32\drivers\tcpip.sys

2013-05-02 15:29 . 2010-11-21 03:27 278800      ------w-    c:\windows\system32\MpSigStub.exe

2013-04-30 22:40 . 2013-04-30 22:40 719360      ----a-w-      c:\windows\SysWow64\mshtmlmedia.dll

2013-04-30 22:40 . 2013-04-30 22:40 523264      ----a-w-    c:\windows\SysWow64\vbscript.dll

2013-04-30 22:40 . 2013-04-30 22:40 38400 ----a-w-    c:\windows\SysWow64\imgutil.dll

2013-04-30 22:40 . 2013-04-30 22:40 226304      ----a-w-    c:\windows\system32\elshyph.dll

2013-04-30 22:40 . 2013-04-30 22:40 185344      ----a-w-    c:\windows\SysWow64\elshyph.dll

2013-04-30 22:40 . 2013-04-30 22:40 158720      ----a-w-    c:\windows\SysWow64\msls31.dll

2013-04-30 22:40 . 2013-04-30 22:40 150528      ----a-w-    c:\windows\SysWow64\iexpress.exe

2013-04-30 22:40 . 2013-04-30 22:40 138752      ----a-w-    c:\windows\SysWow64\wextract.exe

2013-04-30 22:40 . 2013-04-30 22:40 137216      ----a-w-    c:\windows\SysWow64\ieUnatt.exe

2013-04-30 22:40 . 2013-04-30 22:40 12800 ----a-w-    c:\windows\SysWow64\mshta.exe

2013-04-30 22:40 . 2013-04-30 22:40 1054720     ----a-w-      c:\windows\system32\MsSpellCheckingFacility.exe

2013-04-30 22:40 . 2013-04-30 22:40 97280 ----a-w-    c:\windows\system32\mshtmled.dll

2013-04-30 22:40 . 2013-04-30 22:40 905728      ----a-w-      c:\windows\system32\mshtmlmedia.dll

2013-04-30 22:40 . 2013-04-30 22:40 81408 ----a-w-    c:\windows\system32\icardie.dll

2013-04-30 22:40 . 2013-04-30 22:40 762368      ----a-w-    c:\windows\system32\ieapfltr.dll

2013-04-30 22:40 . 2013-04-30 22:40 73728 ----a-w-      c:\windows\SysWow64\SetIEInstalledDate.exe

2013-04-30 22:40 . 2013-04-30 22:40 61952 ----a-w-    c:\windows\SysWow64\tdc.ocx

2013-04-30 22:40 . 2013-04-30 22:40 48640 ----a-w-    c:\windows\SysWow64\mshtmler.dll

2013-04-30 22:40 . 2013-04-30 22:40 452096      ----a-w-    c:\windows\system32\dxtmsft.dll

2013-04-30 22:40 . 2013-04-30 22:40 441856      ----a-w-    c:\windows\system32\html.iec

2013-04-30 22:40 . 2013-04-30 22:40 361984      ----a-w-    c:\windows\SysWow64\html.iec

2013-04-30 22:40 . 2013-04-30 22:40 281600      ----a-w-    c:\windows\system32\dxtrans.dll

2013-04-30 22:40 . 2013-04-30 22:40 27648 ----a-w-    c:\windows\system32\licmgr10.dll

2013-04-30 22:40 . 2013-04-30 22:40 270848      ----a-w-    c:\windows\system32\iedkcs32.dll

2013-04-30 22:40 . 2013-04-30 22:40 247296      ----a-w-    c:\windows\system32\webcheck.dll

2013-04-30 22:40 . 2013-04-30 22:40 235008      ----a-w-    c:\windows\system32\url.dll

2013-04-30 22:40 . 2013-04-30 22:40 23040 ----a-w-    c:\windows\SysWow64\licmgr10.dll

2013-04-30 22:40 . 2013-04-30 22:40 216064      ----a-w-    c:\windows\system32\msls31.dll

2013-04-30 22:40 . 2013-04-30 22:40 197120      ----a-w-    c:\windows\system32\msrating.dll

2013-04-30 22:40 . 2013-04-30 22:40 167424      ----a-w-    c:\windows\system32\iexpress.exe

2013-04-30 22:40 . 2013-04-30 22:40 1509376     ----a-w-    c:\windows\system32\inetcpl.cpl

2013-04-30 22:40 . 2013-04-30 22:40 144896      ----a-w-    c:\windows\system32\wextract.exe

2013-04-30 22:40 . 2013-04-30 22:40 1441280     ----a-w-    c:\windows\SysWow64\inetcpl.cpl

2013-04-30 22:40 . 2013-04-30 22:40 1400416     ----a-w-    c:\windows\system32\ieapfltr.dat

2013-04-30 22:40 . 2013-04-30 22:40 110592      ----a-w-    c:\windows\SysWow64\IEAdvpack.dll

2013-04-30 22:40 . 2013-04-30 22:40 102912      ----a-w-    c:\windows\system32\inseng.dll

2013-04-30 22:40 . 2013-04-30 22:40 92160 ----a-w-      c:\windows\system32\SetIEInstalledDate.exe

2013-04-30 22:40 . 2013-04-30 22:40 77312 ----a-w-    c:\windows\system32\tdc.ocx

2013-04-30 22:40 . 2013-04-30 22:40 62976 ----a-w-    c:\windows\system32\pngfilt.dll

2013-04-30 22:40 . 2013-04-30 22:40 599552      ----a-w-    c:\windows\system32\vbscript.dll

2013-04-30 22:40 . 2013-04-30 22:40 52224 ----a-w-    c:\windows\system32\msfeedsbs.dll

2013-04-30 22:40 . 2013-04-30 22:40 51200 ----a-w-    c:\windows\system32\imgutil.dll

2013-04-30 22:40 . 2013-04-30 22:40 48640 ----a-w-    c:\windows\system32\mshtmler.dll

2013-04-30 22:40 . 2013-04-30 22:40 173568      ----a-w-    c:\windows\system32\ieUnatt.exe

2013-04-30 22:40 . 2013-04-30 22:40 149504      ----a-w-    c:\windows\system32\occache.dll

2013-04-30 22:40 . 2013-04-30 22:40 13824 ----a-w-    c:\windows\system32\mshta.exe

2013-04-30 22:40 . 2013-04-30 22:40 136192      ----a-w-    c:\windows\system32\iepeers.dll

2013-04-30 22:40 . 2013-04-30 22:40 135680      ----a-w-    c:\windows\system32\IEAdvpack.dll

2013-04-30 22:40 . 2013-04-30 22:40 12800 ----a-w-    c:\windows\system32\msfeedssync.exe

2013-04-26 05:51 . 2013-06-12 01:16 751104      ----a-w-    c:\windows\system32\win32spl.dll

2013-04-26 04:55 . 2013-06-12 01:16 492544      ----a-w-    c:\windows\SysWow64\win32spl.dll

2013-04-25 23:30 . 2013-06-12 01:16 1505280     ----a-w-    c:\windows\SysWow64\d3d11.dll

2009-05-15 02:02 . 2009-05-15 02:02 3392872     ----a-w-    c:\program files (x86)\Common Files\adlmint_libFNP.dll

2009-05-15 02:02 . 2009-05-15 02:02 3298152     ----a-w-    c:\program files (x86)\Common Files\adlmint.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3E7C8B5A-96AB-438F-BF9B-782400655440}]

2012-05-07 19:52  1960520     ----a-w-      c:\users\Sains\AppData\Roaming\Qwiklinx\Qwiklinx.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-13 3093624]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2012-11-15 222496]

"MusicManager"="c:\users\Sains\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-06-20 7345664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SteelSeries World of Warcraft® MMO Gaming Mouse Legendary Edition"="c:\program files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMHID4.exe" [2011-10-04 1945600]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2012-09-06 206120]

"VirtualCloneDrive"="h:\clone drive\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"DNS7reminder"="h:\dragons rawr\Ereg\Ereg.exe" [2007-04-16 259624]

.

c:\users\Sains\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2013-7-5 0]

GameStop Now.lnk - h:\gamestop\GameStop App\Now\GameStopNow.exe [2013-1-18 1963872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-4 1079584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Sains\Desktop\real temp\WinRing0x64.sys;c:\users\Sains\Desktop\real temp\WinRing0x64.sys [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]

S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]

S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]

S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]

S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe;c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe;c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [x]

S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]

S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]

S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 SSMO4Filter;MMO-4 Mouse;c:\windows\system32\drivers\MO4Driver.sys;c:\windows\SYSNATIVE\drivers\MO4Driver.sys [x]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-01 18:10]

.

2013-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-01 18:10]

.

2013-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3125898561-2427038791-1072086541-1000Core.job

- c:\users\Sains\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-21 19:14]

.

2013-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3125898561-2427038791-1072086541-1000UA.job

- c:\users\Sains\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-21 19:14]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-06-07 04:57  778192      ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-07 04:57  778192      ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-07 04:57  778192      ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-06-07 04:57  778192      ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-06-07 04:57  778192      ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-06-07 04:57  778192      ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &Download All using 4shared Desktop - f:\random game stuff\4shared Desktop\Desktop.32/D_ALL_LINK

IE: &Download using 4shared Desktop - f:\random game stuff\4shared Desktop\Desktop.32/D_ONE_LINK

IE: E&xport to Microsoft Excel - f:\micros~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - f:\micros~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Sains\AppData\Roaming\Mozilla\Firefox\Profiles\9n9zi97t.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - ExtSQL: 2013-06-15 11:56; {79D6101A-ED22-BC03-A3FB-0EDAA033A329}; c:\users\Sains\AppData\Roaming\Mozilla\Firefox\Profiles\9n9zi97t.default\extensions\{79D6101A-ED22-BC03-A3FB-0EDAA033A329}

FF - ExtSQL: 2013-06-23 12:52; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Sains\AppData\Roaming\Mozilla\Firefox\Profiles\9n9zi97t.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF - user.js: extensions.autoDisableScopes - 14

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

AddRemove-4shared Desktop - f:\random game stuff\4shared Desktop\uninstall.exe

AddRemove-Age of Empires 2.0 - f:\all game files\Games\UNINSTAL.EXE

AddRemove-Age of Empires II: The Conquerors Expansion 1.0 - f:\all game files\Games\UNINSTALX.EXE

AddRemove-DAEMON Tools Pro - f:\d tools\DAEMON Tools Pro\uninst.exe

AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

AddRemove-foobar2000 - f:\lame_foobar\foobar2000\uninstall.exe

AddRemove-ManyCam - f:\manyvam\uninstall.exe

AddRemove-RFOnline - f:\rfonline\uninst.exe

AddRemove-The Amazing Spider-Man_is1 - h:\all games\ASM\The Amazing Spider-Man\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-07-16  14:01:14

ComboFix-quarantined-files.txt  2013-07-16 19:01

ComboFix2.txt  2013-07-16 18:50

ComboFix3.txt  2013-06-27 21:34

ComboFix4.txt  2013-06-27 08:53

.

Pre-Run: 27,079,364,608 bytes free

Post-Run: 27,004,055,552 bytes free

.

- - End Of File - - 8F8B5475E0D34A5BC1ECA542D1CB4BA2

A36C5E4F47E84449FF07ED3517B43A31

Link to post
Share on other sites

Are there any more recent OUTGOING ip blocks from MBAM?

Are you ready now to wrap-this-up ?

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

http://www.bleepingcomputer.com/forums/index.php?showtopic=114351

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

When all done, Re-Enable your antivirus program.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.