Jump to content

Possible Bitcoin Botnet problem


Recommended Posts

Hello jakedude182 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Thanks:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385
Run by jake at 18:54:11 on 2013-07-06
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.44.1033.18.4095.1306 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~2\AVG\AVG8\avgrsa.exe
C:\PROGRA~2\AVG\AVG8\avgnsa.exe
H:\Program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
K:\Programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
K:\Programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks Flow Simulation\binCFW\dispatcher.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
K:\Programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks\sldworks_fs.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\jake\Desktop\HWMonitor.exe
C:\Windows\system32\wbem\wmiprvse.exe
F:\My Programs\Firefox portable\FirefoxPortable.exe
F:\My Programs\Firefox portable\App\firefox\firefox.exe
C:\Windows\system32\mmc.exe
H:\Programs\Process xp\ProcessExplorer\procexp.exe
H:\Programs\Process xp\ProcessExplorer\procexp64.exe
F:\My Programs\Firefox portable\App\firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\System32\svchost.exe -k secsvcs
H:\Program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamservice.exe
H:\Program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.6\bh\zonealarm.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - K:\Programs\Office 2010 install\Office14\URLREDIR.DLL
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.6\zonealarmTlbr.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\jake\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [spotify Web Helper] "C:\Users\jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [DAEMON Tools Lite] "H:\Programs\DTools free\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [bCSSync] "K:\Programs\Office 2010 install\Office14\BCSSync.exe" /DelayServices
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~2.LNK - C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~1.LNK - C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.


TCP: NameServer = 192.168.1.1
TCP: Interfaces\{FAB9A42A-CF03-4F9B-A848-1DE0C93BF7A5} : NameServer = 192.168.1.1
TCP: Interfaces\{FAB9A42A-CF03-4F9B-A848-1DE0C93BF7A5} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
AppInit_DLLs= avgrssta.dll
SSODL: WebCheck - <orphaned>
x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2009-10-29 33800]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-3-9 427016]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-3-9 33416]
R1 AvgTdiA;AVG Free8 Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-3-9 133640]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-6-27 45856]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-7-5 283064]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2010-3-9 297752]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-3-16 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-3-16 828072]
R2 MBAMScheduler;MBAMScheduler;H:\Program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-14 418376]
R2 MBAMService;MBAMService;H:\Program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-14 701512]
R2 RemoteSolverDispatcher;Remote Solver for Flow Simulation 2013;K:\Programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [2012-9-13 51848]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-10-26 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-6-27 1598128]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\System32\drivers\l160x64.sys [2009-10-13 61440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2009-12-31 25928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG8\Toolbar\ToolbarBroker.exe [2010-10-31 167264]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;K:\Programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks\swScheduler\DTSCoordinatorService.exe [2012-9-28 76904]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-4-16 16264]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-4-16 9096]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-6-18 1431888]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-8-1 130976]
S3 Media Center 17 Service;Media Center 17 Service;C:\Program Files (x86)\J River\Media Center 17\JRService.exe [2012-7-16 386176]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-6 1255736]
.
=============== File Associations ===============
.
ShellExec: switch.exe: open="C:\Program Files (x86)\NCH Software\Switch\switch" "%L"
.
=============== Created Last 30 ================
.
2013-07-06 17:52:44    76232    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{816AAD8B-7E5E-4563-8933-D2EA08447376}\offreg.dll
2013-07-06 15:44:17    --------    d-----w-    C:\Program Files (x86)\ESET
2013-07-05 22:12:54    466456    ----a-w-    C:\Windows\System32\wrap_oal.dll
2013-07-05 22:12:54    444952    ----a-w-    C:\Windows\SysWow64\wrap_oal.dll
2013-07-05 22:12:54    122904    ----a-w-    C:\Windows\System32\OpenAL32.dll
2013-07-05 22:12:54    109080    ----a-w-    C:\Windows\SysWow64\OpenAL32.dll
2013-07-05 22:02:20    283064    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2013-07-02 12:47:57    --------    d-----w-    C:\Users\jake\AppData\Roaming\NVIDIA
2013-07-02 12:25:12    --------    d-----w-    C:\Users\jake\Valley
2013-07-02 11:43:03    884512    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-07-02 11:43:03    6496544    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-07-02 11:43:03    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-07-02 11:43:03    3514656    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-07-02 11:43:03    3253909    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-07-02 11:43:03    2555680    ----a-w-    C:\Windows\System32\nvsvcr.dll
2013-07-02 11:43:03    237856    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-07-02 11:42:46    61216    ----a-w-    C:\Windows\System32\OpenCL.dll
2013-07-02 11:42:46    53024    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2013-07-02 11:42:28    --------    d-----w-    C:\ProgramData\NVIDIA Corporation
2013-06-29 15:08:53    9552976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{816AAD8B-7E5E-4563-8933-D2EA08447376}\mpengine.dll
2013-06-27 21:33:01    --------    d-----w-    C:\Users\jake\AppData\Local\DoNotTrackPlus
2013-06-27 18:32:30    --------    d-----w-    C:\Users\jake\AppData\Local\AVG Secure Search
2013-06-27 18:31:45    45856    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-06-25 22:39:15    --------    d-----w-    C:\Users\jake\AppData\Local\BIT.TRIP BEAT
2013-06-25 16:31:19    --------    d-----w-    C:\Users\jake\AppData\Local\NVIDIA
2013-06-25 16:28:41    --------    d-----w-    C:\ProgramData\Microsoft Toolkit
2013-06-21 04:16:02    566048    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2013-06-19 18:12:55    172032    ----a-w-    C:\Windows\SysWow64\binkw32.dll
2013-06-19 18:12:24    327168    ----a-w-    C:\Windows\IsUninst.exe
2013-06-18 13:49:17    --------    d-----w-    C:\Users\jake\AppData\Local\TempSWBackupDirectory
2013-06-18 13:48:42    --------    d-----w-    C:\Users\jake\AppData\Local\SolidWorks
2013-06-18 13:45:00    --------    d-----w-    C:\Temp
2013-06-18 13:43:03    --------    d-----w-    C:\ProgramData\Simpoe
2013-06-18 13:41:52    --------    d-----w-    C:\ProgramData\COSMOS Applications
2013-06-18 13:41:44    --------    d-----w-    C:\ProgramData\SolidWorks Flow Simulation
2013-06-18 13:39:37    --------    d-----w-    C:\Users\jake\AppData\Roaming\help_images_otherUI
2013-06-18 13:37:59    --------    d-----w-    C:\Users\jake\AppData\Roaming\DassaultSystemes
2013-06-18 13:37:59    --------    d-----w-    C:\Users\jake\AppData\Local\DassaultSystemes
2013-06-18 13:37:59    --------    d-----w-    C:\ProgramData\DassaultSystemes
2013-06-18 13:29:33    --------    d-----w-    C:\ProgramData\SolidWorks
2013-06-18 13:29:33    --------    d-----w-    C:\Program Files\Common Files\SolidWorks Shared
2013-06-18 13:29:14    --------    d-----w-    C:\Program Files\Common Files\Macrovision Shared
2013-06-18 13:28:52    --------    d-----w-    C:\Program Files\Microsoft Visual Studio 8
2013-06-18 13:28:39    --------    d-----w-    C:\Program Files\Bonjour
2013-06-18 13:28:39    --------    d-----w-    C:\Program Files (x86)\Bonjour
2013-06-18 13:25:42    --------    d-----w-    C:\Program Files (x86)\Microsoft Visual Studio 8
2013-06-18 13:25:20    --------    d-----w-    C:\Program Files (x86)\MSECache
2013-06-18 13:22:42    --------    d-----w-    C:\Program Files (x86)\Common Files\SolidWorks Shared
2013-06-18 13:22:36    --------    d-----w-    C:\SolidWorks Data
2013-06-18 13:10:34    --------    d-----w-    C:\Program Files (x86)\Common Files\SolidWorks Installation Manager
2013-06-18 13:04:30    --------    d-----w-    C:\Windows\SolidWorks
2013-06-18 13:04:28    --------    d-----w-    C:\Users\jake\AppData\Roaming\SolidWorks
2013-06-07 23:16:49    --------    d-----w-    C:\Users\jake\AppData\Local\FalloutNV
.
==================== Find3M  ====================
.
2013-06-12 11:31:29    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 11:31:29    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 01:06:08    278800    ------w-    C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 18:55:04.55 ===============
 

 

 

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 26/10/2009 22:29:31
System Uptime: 06/07/2013 18:48:51 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P5KC
Processor: Intel® Core2 Quad CPU    Q6600  @ 2.40GHz | LGA775 | 3599/402mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 44 GiB total, 4.781 GiB free.
D: is FIXED (NTFS) - 39 GiB total, 8.236 GiB free.
E: is FIXED (NTFS) - 59 GiB total, 25.648 GiB free.
F: is FIXED (NTFS) - 199 GiB total, 23.23 GiB free.
G: is FIXED (NTFS) - 60 GiB total, 16.935 GiB free.
H: is FIXED (NTFS) - 828 GiB total, 4.882 GiB free.
I: is CDROM ()
J: is FIXED (NTFS) - 59 GiB total, 33.24 GiB free.
K: is FIXED (NTFS) - 1804 GiB total, 84.249 GiB free.
L: is CDROM (CDFS)
O: is Removable
P: is Removable
Q: is Removable
R: is Removable
S: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&20D7719E&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&20D7719E&0
Service: i8042prt
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
AVG Free 8.5
AxCrypt 1.7.2931.0
Bonjour
Call of Duty Modern Warfare 2
CCleaner
Core Temp 1.0 RC3
CPUID CPU-Z 1.61.3
Crysis WARHEAD®
DAEMON Tools Lite
DiRT2
EASEUS Partition Master 5.5.1 Professional
ESET Online Scanner v3
FileHippo.com Update Checker
foobar2000 v1.1.11
Framebuffer Crysis WARHEAD Benchmark Tool
FreeMind
Futuremark SystemInfo
Geeks3D.com FurMark 1.10.1
Google Chrome
Google SketchUp Pro 8
Google Talk Plugin
Grand Theft Auto IV
Just Cause 2 1.0
K-Lite Codec Pack 5.8.3 (Full)
Malwarebytes Anti-Malware version 1.75.0.1300
Media Center 17
Metro: Last Light © Deep Silver version 1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft IntelliPoint 7.0
Microsoft Office 2003 Web Components
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual Basic for Applications 7.1 (x64)
Microsoft Visual Basic for Applications 7.1 (x64) English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2005 Tools for Applications - ENU
Mumble 1.2.3
Music Manager
NVIDIA 3D Vision Controller Driver 320.49
NVIDIA 3D Vision Driver 320.49
NVIDIA Control Panel 320.49
NVIDIA GeForce Experience 1.5
NVIDIA Graphics Driver 320.49
NVIDIA HD Audio Driver 1.3.24.2
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 4.11.9
NVIDIA Update Components
OpenAL
Panda ActiveScan 2.0
Pando Media Booster
PCSX2 - Playstation 2 Emulator
PDF-Viewer
Rapture3D 2.3.22 Game
Realtek High Definition Audio Driver
Rockstar Games Social Club
Rosetta Stone Version 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Skype™ 6.3
SolidWorks 2013 x64 Edition SP0
SolidWorks eDrawings 2013 x64 Edition SP0
SolidWorks Explorer 2013 SP0 x64 Edition
SolidWorks Flow Simulation 2013 SP0 x64 Edition
SolidWorks Plastics 2013 SP0 x64 Edition
Spotify
Spybot - Search & Destroy
Switch Sound File Converter
SyncBack
Tomb Raider - The Last Revelation
Tombraider
TrackMania Nations Forever
Unigine Valley Benchmark version 1.0
VC 9.0 Runtime
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 2.0.7
Wave Splitter 2.10
WinDirStat 1.1.2
WinRAR archiver
Zello 1.33.0.0
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm LTD Toolbar
ZoneAlarm Security
ZoneAlarm Security Toolbar
.
==== Event Viewer Messages From Past Week ========
.
30/06/2013 15:47:26, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
29/06/2013 16:42:07, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa80075df4e0, 0xfffff880073fa010, 0x0000000000000000, 0x000000000000000d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062913-31262-01.
29/06/2013 16:36:37, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa800447b010, 0xfffff880073ab010, 0x0000000000000000, 0x000000000000000d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062913-25708-01.
29/06/2013 14:55:05, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
06/07/2013 16:27:28, Error: nvlddmkm [14]  -
05/07/2013 19:52:35, Error: Microsoft-Windows-WHEA-Logger [18]  - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Bus/Interconnect Error Processor ID: 1 The details view of this entry contains further information.
05/07/2013 19:52:35, Error: Microsoft-Windows-WHEA-Logger [18]  - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Bus/Interconnect Error Processor ID: 0 The details view of this entry contains further information.
05/07/2013 19:52:07, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa8004c75028, 0x00000000f2000040, 0x0000000000000800). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070513-33618-01.
03/07/2013 18:47:32, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
02/07/2013 11:45:09, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
02/07/2013 11:44:53, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
02/07/2013 11:44:51, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
02/07/2013 11:44:50, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
02/07/2013 11:44:43, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
02/07/2013 11:44:43, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
02/07/2013 11:44:42, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
02/07/2013 11:44:31, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
02/07/2013 11:44:21, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AvgLdx64 AvgMfx64 AvgTdiA CSC DfsC discache NetBIOS NetBT nsiproxy pavboot Psched rdbss spldr tdx Vsdatant Wanarpv6 WfpLwf
02/07/2013 11:44:21, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
02/07/2013 11:44:21, Error: Service Control Manager [7001]  - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
02/07/2013 11:44:21, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
02/07/2013 11:44:21, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
02/07/2013 11:44:21, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
02/07/2013 11:44:21, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
02/07/2013 11:44:21, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
02/07/2013 11:44:21, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
02/07/2013 11:44:21, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
02/07/2013 11:44:21, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
02/07/2013 11:44:21, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
02/07/2013 11:43:56, Error: sptd [4]  - Driver detected an internal error in its data structures for .
.
==== End Of File ===========================
 

Link to post
Share on other sites

Step 1

Please uninstall the following applications:

ZoneAlarm LTD Toolbar

ZoneAlarm Security Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 5

  • Download on the desktop RogueKiller
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
  • RogueKiller log
  • a new fresh DDS log
Link to post
Share on other sites

Hi thanks for the response. I ran all those, and have noticed a drop of about 10 degrees for my gpu.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by jake on 07/07/2013 at 11:42:17.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\wmhelper.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{299F0A1F-A12D-4DFF-A919-C4565D9E23D6}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/07/2013 at 11:46:41.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

# AdwCleaner v2.304 - Logfile created 07/07/2013 at 11:47:39
# Updated 03/07/2013 by Xplode
# Operating system : Windows 7 Ultimate  (64 bits)
# User : jake - ANTEC900
# Boot Mode : Normal
# Running from : C:\Users\jake\Desktop\adwcleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Users\jake\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\jake\AppData\Local\AVG Security Toolbar
Folder Deleted : C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\jake\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\jake\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\jake\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v [unable to get version]

File : C:\Users\jake\AppData\Roaming\Mozilla\Firefox\Profiles\y67ehsx4.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [11852 octets] - [06/07/2013 17:06:53]
AdwCleaner[s1].txt - [7564 octets] - [07/07/2013 11:47:39]

########## EOF - C:\AdwCleaner[s1].txt - [7624 octets] ##########
 

 

 

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.07.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
jake :: ANTEC900 [administrator]

Protection: Enabled

07/07/2013 11:51:53
mbam-log-2013-07-07 (11-51-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238855
Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

 

 

 

 

RogueKiller V8.6.2 _x64_ [Jul  2 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com


Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : jake [Admin rights]
Mode : Scan -- Date : 07/07/2013 12:00:39
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] HWMonitor.exe -- C:\Users\jake\Desktop\HWMonitor.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[EXT RUN][sUSP PATH] HKCU\Jake_ON_J:\[...]\Run : start windows audio (M:\Documents and Settings\Jake\Desktop\start windows audio.bat [x][x][x]) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM
 C:\WINDOWS\system32
 C:\Documents and Settings\Default User\Start Menu\Programs\Startup
-> D:\windows\system32\config\SOFTWARE
 C:\WINDOWS\system32
 C:\Documents and Settings\Default User\Start Menu\Programs\Startup
-> D:\windows\system32\config\SECURITY
 C:\WINDOWS\system32
 C:\Documents and Settings\Default User\Start Menu\Programs\Startup
-> D:\windows\system32\config\SAM
 C:\WINDOWS\system32
 C:\Documents and Settings\Default User\Start Menu\Programs\Startup
-> D:\windows\system32\config\DEFAULT
 C:\WINDOWS\system32
 C:\Documents and Settings\Default User\Start Menu\Programs\Startup
-> D:\Documents and Settings\All Users\NTUSER.DAT
 C:\WINDOWS\system32
 
-> D:\Documents and Settings\Default User\NTUSER.DAT
 C:\WINDOWS\system32
 C:\Documents and Settings\Default User\Start Menu\Programs\Startup
-> D:\Documents and Settings\Jake\NTUSER.DAT
 C:\WINDOWS\system32
 C:\Documents and Settings\Jake\Start Menu\Programs\Startup
-> D:\Documents and Settings\LocalService\NTUSER.DAT
 C:\WINDOWS\system32
 C:\Documents and Settings\LocalService\Start Menu\Programs\Startup
-> D:\Documents and Settings\NetworkService\NTUSER.DAT
 C:\WINDOWS\system32
 C:\Documents and Settings\NetworkService\Start Menu\Programs\Startup
-> E:\windows\system32\config\SYSTEM
 D:\WINDOWS\system32
 D:\Documents and Settings\Default User\Start Menu\Programs\Startup
-> E:\windows\system32\config\SOFTWARE
 D:\WINDOWS\system32
 D:\Documents and Settings\Default User\Start Menu\Programs\Startup
-> E:\windows\system32\config\SECURITY
 D:\WINDOWS\system32
 D:\Documents and Settings\Default User\Start Menu\Programs\Startup
-> E:\windows\system32\config\SAM
 D:\WINDOWS\system32
 D:\Documents and Settings\Default User\Start Menu\Programs\Startup
-> E:\windows\system32\config\DEFAULT
 D:\WINDOWS\system32
 D:\Documents and Settings\Default User\Start Menu\Programs\Startup
-> E:\Documents and Settings\Default User\NTUSER.DAT
 D:\WINDOWS\system32
 D:\Documents and Settings\Default User\Start Menu\Programs\Startup
-> E:\Documents and Settings\Jake\NTUSER.DAT
 D:\WINDOWS\system32
 D:\Documents and Settings\Jake\Start Menu\Programs\Startup
-> E:\Documents and Settings\LocalService\NTUSER.DAT
 D:\WINDOWS\system32
 D:\Documents and Settings\LocalService\Start Menu\Programs\Startup
-> E:\Documents and Settings\NetworkService\NTUSER.DAT
 D:\WINDOWS\system32
 D:\Documents and Settings\NetworkService\Start Menu\Programs\Startup
-> G:\windows\system32\config\SYSTEM
 C:\Windows\system32
 C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
-> G:\windows\system32\config\SOFTWARE
 C:\Windows\system32
 C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
-> G:\windows\system32\config\SECURITY
 C:\Windows\system32
 C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
-> G:\windows\system32\config\SAM
 C:\Windows\system32
 C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
-> G:\windows\system32\config\DEFAULT
 C:\Windows\system32
 C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
-> G:\Users\Default\NTUSER.DAT
 C:\Windows\system32
 
-> G:\Users\Default User\NTUSER.DAT
 C:\Windows\system32
 
-> G:\Users\Jake\NTUSER.DAT
 C:\Windows\system32
 C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
-> G:\Documents and Settings\Default\NTUSER.DAT
 C:\Windows\system32
 
-> G:\Documents and Settings\Default User\NTUSER.DAT
 C:\Windows\system32
 
-> G:\Documents and Settings\jake\NTUSER.DAT
 C:\Windows\system32
 
-> G:\Documents and Settings\UpdatusUser\NTUSER.DAT
 C:\Windows\system32
 
-> J:\windows\system32\config\SYSTEM
 M:\windows\system32
 M:\Documents and Settings\Administrator\Start Menu\Programs\Startup
-> J:\windows\system32\config\SOFTWARE
 M:\windows\system32
 M:\Documents and Settings\Administrator\Start Menu\Programs\Startup
-> J:\windows\system32\config\SECURITY
 M:\windows\system32
 M:\Documents and Settings\Administrator\Start Menu\Programs\Startup
-> J:\windows\system32\config\SAM
 M:\windows\system32
 M:\Documents and Settings\Administrator\Start Menu\Programs\Startup
-> J:\windows\system32\config\DEFAULT
 M:\windows\system32
 M:\Documents and Settings\Administrator\Start Menu\Programs\Startup
-> J:\Documents and Settings\Administrator\NTUSER.DAT
 M:\windows\system32
 M:\Documents and Settings\Administrator\Start Menu\Programs\Startup
-> J:\Documents and Settings\Default User\NTUSER.DAT
 M:\windows\system32
 D:\Documents and Settings\Default User\Start Menu\Programs\Startup
-> J:\Documents and Settings\Jake\NTUSER.DAT
 M:\windows\system32
 M:\Documents and Settings\Jake\Start Menu\Programs\Startup
-> J:\Documents and Settings\LocalService\NTUSER.DAT
 M:\windows\system32
 M:\Documents and Settings\LocalService\Start Menu\Programs\Startup
-> J:\Documents and Settings\NetworkService\NTUSER.DAT
 M:\windows\system32
 M:\Documents and Settings\NetworkService\Start Menu\Programs\Startup
-> J:\Documents and Settings\UpdatusUser\NTUSER.DAT
 M:\windows\system32
 M:\Documents and Settings\UpdatusUser\Start Menu\Programs\Startup

¤¤¤ Infection : Mal.Hosts ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1    www.download-winmx-free.com --> Potentially malicious!
127.0.0.1    download-winmx-free.com --> Potentially malicious!
127.0.0.1    free-winmx-downloads.com --> Potentially malicious!
127.0.0.1    www.free-winmx-downloads.com --> Potentially malicious!
127.0.0.1    www.mp3winmx.com --> Potentially malicious!
127.0.0.1    mp3winmx.com --> Potentially malicious!
127.0.0.1    winmx.click-new-download.com --> Potentially malicious!
127.0.0.1    www.winmx.click-new-download.com --> Potentially malicious!
127.0.0.1    www.winmx-d0wnload.com --> Potentially malicious!
127.0.0.1    winmx-d0wnload.com --> Potentially malicious!
127.0.0.1    winmxfrance.com --> Potentially malicious!
127.0.0.1    www.winmxfrance.com --> Potentially malicious!
127.0.0.1    www.winmx-freebie.com --> Potentially malicious!
127.0.0.1    winmx-freebie.com --> Potentially malicious!
127.0.0.1    www.winmx-music-download.com --> Potentially malicious!
127.0.0.1    winmx-music-download.com --> Potentially malicious!
127.0.0.1    www.winmx-usa.com --> Potentially malicious!
127.0.0.1    winmx-usa.com --> Potentially malicious!
127.0.0.1    www.facebook.com.img335.tk --> Potentially malicious!
127.0.0.1    www.google.dospop.com --> Potentially malicious!

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100888290cs.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD321KJ ATA Device +++++
--- User ---
[MBR] 48fc2d5bf8841d605c5e256e93258e00
[bSP] ea30613a942850d32b14e080daf9f5bc : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 39997 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 81915435 | Size: 265237 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD321KJ ATA Device +++++
--- User ---
[MBR] 7348343b97c726fa033e2abe62b29dd4
[bSP] 9467f53f8c521948145711922d26133c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 45056 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 92277360 | Size: 847946 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 1828871730 | Size: 60863 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: SAMSUNG HD321KJ ATA Device +++++
--- User ---
[MBR] f0731def7f8fdcdaa26147bad88b79a0
[bSP] a93aeb92316c1b1d995279421794fb4f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 60330 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 123555915 | Size: 1847396 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07072013_120039.txt >>



 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385
Run by jake at 12:02:09 on 2013-07-07
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.44.1033.18.4095.1631 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
H:\Program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Core Temp\Core Temp.exe
H:\Program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
H:\Program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\PROGRA~2\AVG\AVG8\avgrsa.exe
C:\PROGRA~2\AVG\AVG8\avgnsa.exe
K:\Programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
K:\Programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks Flow Simulation\binCFW\dispatcher.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
K:\Programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks\sldworks_fs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
F:\My Programs\Firefox portable\FirefoxPortable.exe
F:\My Programs\Firefox portable\App\firefox\firefox.exe
F:\My Programs\Firefox portable\App\firefox\plugin-container.exe
C:\Users\jake\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
F:\My Programs\Firefox portable\App\firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - K:\Programs\Office 2010 install\Office14\URLREDIR.DLL
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\jake\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [spotify Web Helper] "C:\Users\jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [DAEMON Tools Lite] "H:\Programs\DTools free\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [bCSSync] "K:\Programs\Office 2010 install\Office14\BCSSync.exe" /DelayServices
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~2.LNK - C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~1.LNK - C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.


TCP: NameServer = 192.168.1.1
TCP: Interfaces\{FAB9A42A-CF03-4F9B-A848-1DE0C93BF7A5} : NameServer = 192.168.1.1
TCP: Interfaces\{FAB9A42A-CF03-4F9B-A848-1DE0C93BF7A5} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= avgrssta.dll
SSODL: WebCheck - <orphaned>
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2009-10-29 33800]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-3-9 427016]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-3-9 33416]
R1 AvgTdiA;AVG Free8 Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-3-9 133640]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-6-27 45856]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-7-5 283064]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2010-3-9 297752]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-3-16 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-3-16 828072]
R2 MBAMScheduler;MBAMScheduler;H:\Program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-14 418376]
R2 MBAMService;MBAMService;H:\Program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-14 701512]
R2 RemoteSolverDispatcher;Remote Solver for Flow Simulation 2013;K:\Programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [2012-9-13 51848]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-10-26 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-6-27 1598128]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\System32\drivers\l160x64.sys [2009-10-13 61440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2009-12-31 25928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG8\Toolbar\ToolbarBroker.exe [2010-10-31 167264]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;K:\Programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks\swScheduler\DTSCoordinatorService.exe [2012-9-28 76904]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-4-16 16264]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-4-16 9096]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-6-18 1431888]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-8-1 130976]
S3 Media Center 17 Service;Media Center 17 Service;C:\Program Files (x86)\J River\Media Center 17\JRService.exe [2012-7-16 386176]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-6 1255736]
.
=============== File Associations ===============
.
ShellExec: switch.exe: open="C:\Program Files (x86)\NCH Software\Switch\switch" "%L"
.
=============== Created Last 30 ================
.
2013-07-07 10:53:03    76232    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{816AAD8B-7E5E-4563-8933-D2EA08447376}\offreg.dll
2013-07-07 10:47:46    121    ----a-w-    C:\Windows\DeleteOnReboot.bat
2013-07-07 10:42:12    --------    d-----w-    C:\Windows\ERUNT
2013-07-07 10:36:15    --------    d-----w-    C:\JRT
2013-07-07 09:58:42    --------    d-----w-    C:\ProgramData\Rosetta Stone
2013-07-06 15:44:17    --------    d-----w-    C:\Program Files (x86)\ESET
2013-07-05 22:12:54    466456    ----a-w-    C:\Windows\System32\wrap_oal.dll
2013-07-05 22:12:54    444952    ----a-w-    C:\Windows\SysWow64\wrap_oal.dll
2013-07-05 22:12:54    122904    ----a-w-    C:\Windows\System32\OpenAL32.dll
2013-07-05 22:12:54    109080    ----a-w-    C:\Windows\SysWow64\OpenAL32.dll
2013-07-05 22:02:20    283064    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2013-07-02 12:47:57    --------    d-----w-    C:\Users\jake\AppData\Roaming\NVIDIA
2013-07-02 12:25:12    --------    d-----w-    C:\Users\jake\Valley
2013-07-02 11:43:03    884512    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-07-02 11:43:03    6496544    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-07-02 11:43:03    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-07-02 11:43:03    3514656    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-07-02 11:43:03    3253909    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-07-02 11:43:03    2555680    ----a-w-    C:\Windows\System32\nvsvcr.dll
2013-07-02 11:43:03    237856    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-07-02 11:42:46    61216    ----a-w-    C:\Windows\System32\OpenCL.dll
2013-07-02 11:42:46    53024    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2013-07-02 11:42:28    --------    d-----w-    C:\ProgramData\NVIDIA Corporation
2013-06-29 15:08:53    9552976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{816AAD8B-7E5E-4563-8933-D2EA08447376}\mpengine.dll
2013-06-27 21:33:01    --------    d-----w-    C:\Users\jake\AppData\Local\DoNotTrackPlus
2013-06-27 18:31:45    45856    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-06-25 22:39:15    --------    d-----w-    C:\Users\jake\AppData\Local\BIT.TRIP BEAT
2013-06-25 16:31:19    --------    d-----w-    C:\Users\jake\AppData\Local\NVIDIA
2013-06-25 16:28:41    --------    d-----w-    C:\ProgramData\Microsoft Toolkit
2013-06-21 04:16:02    566048    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2013-06-19 18:12:55    172032    ----a-w-    C:\Windows\SysWow64\binkw32.dll
2013-06-19 18:12:24    327168    ----a-w-    C:\Windows\IsUninst.exe
2013-06-18 13:49:17    --------    d-----w-    C:\Users\jake\AppData\Local\TempSWBackupDirectory
2013-06-18 13:48:42    --------    d-----w-    C:\Users\jake\AppData\Local\SolidWorks
2013-06-18 13:45:00    --------    d-----w-    C:\Temp
2013-06-18 13:43:03    --------    d-----w-    C:\ProgramData\Simpoe
2013-06-18 13:41:52    --------    d-----w-    C:\ProgramData\COSMOS Applications
2013-06-18 13:41:44    --------    d-----w-    C:\ProgramData\SolidWorks Flow Simulation
2013-06-18 13:39:37    --------    d-----w-    C:\Users\jake\AppData\Roaming\help_images_otherUI
2013-06-18 13:37:59    --------    d-----w-    C:\Users\jake\AppData\Roaming\DassaultSystemes
2013-06-18 13:37:59    --------    d-----w-    C:\Users\jake\AppData\Local\DassaultSystemes
2013-06-18 13:37:59    --------    d-----w-    C:\ProgramData\DassaultSystemes
2013-06-18 13:29:33    --------    d-----w-    C:\ProgramData\SolidWorks
2013-06-18 13:29:33    --------    d-----w-    C:\Program Files\Common Files\SolidWorks Shared
2013-06-18 13:29:14    --------    d-----w-    C:\Program Files\Common Files\Macrovision Shared
2013-06-18 13:28:52    --------    d-----w-    C:\Program Files\Microsoft Visual Studio 8
2013-06-18 13:28:39    --------    d-----w-    C:\Program Files\Bonjour
2013-06-18 13:28:39    --------    d-----w-    C:\Program Files (x86)\Bonjour
2013-06-18 13:25:42    --------    d-----w-    C:\Program Files (x86)\Microsoft Visual Studio 8
2013-06-18 13:25:20    --------    d-----w-    C:\Program Files (x86)\MSECache
2013-06-18 13:22:42    --------    d-----w-    C:\Program Files (x86)\Common Files\SolidWorks Shared
2013-06-18 13:22:36    --------    d-----w-    C:\SolidWorks Data
2013-06-18 13:10:34    --------    d-----w-    C:\Program Files (x86)\Common Files\SolidWorks Installation Manager
2013-06-18 13:04:30    --------    d-----w-    C:\Windows\SolidWorks
2013-06-18 13:04:28    --------    d-----w-    C:\Users\jake\AppData\Roaming\SolidWorks
2013-06-07 23:16:49    --------    d-----w-    C:\Users\jake\AppData\Local\FalloutNV
.
==================== Find3M  ====================
.
2013-06-12 11:31:29    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 11:31:29    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 01:06:08    278800    ------w-    C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 12:02:47.90 ===============
 

 

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 26/10/2009 22:29:31
System Uptime: 07/07/2013 11:49:04 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P5KC
Processor: Intel® Core2 Quad CPU    Q6600  @ 2.40GHz | LGA775 | 3599/402mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 44 GiB total, 1.58 GiB free.
D: is FIXED (NTFS) - 39 GiB total, 12.235 GiB free.
E: is FIXED (NTFS) - 59 GiB total, 25.648 GiB free.
F: is FIXED (NTFS) - 199 GiB total, 23.229 GiB free.
G: is FIXED (NTFS) - 60 GiB total, 16.935 GiB free.
H: is FIXED (NTFS) - 828 GiB total, 4.883 GiB free.
I: is CDROM ()
J: is FIXED (NTFS) - 59 GiB total, 33.24 GiB free.
K: is FIXED (NTFS) - 1804 GiB total, 84.249 GiB free.
L: is CDROM ()
O: is Removable
P: is Removable
Q: is Removable
R: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&20D7719E&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&20D7719E&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP290: 07/07/2013 11:09:00 - Removed Rosetta Stone Version 3
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
AVG Free 8.5
AxCrypt 1.7.2931.0
Bonjour
Call of Duty Modern Warfare 2
CCleaner
Core Temp 1.0 RC3
CPUID CPU-Z 1.61.3
Crysis WARHEAD®
DAEMON Tools Lite
DiRT2
EASEUS Partition Master 5.5.1 Professional
ESET Online Scanner v3
FileHippo.com Update Checker
foobar2000 v1.1.11
Framebuffer Crysis WARHEAD Benchmark Tool
FreeMind
Futuremark SystemInfo
Geeks3D.com FurMark 1.10.1
Google Chrome
Google SketchUp Pro 8
Google Talk Plugin
Grand Theft Auto IV
Just Cause 2 1.0
K-Lite Codec Pack 5.8.3 (Full)
Malwarebytes Anti-Malware version 1.75.0.1300
Media Center 17
Metro: Last Light © Deep Silver version 1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft IntelliPoint 7.0
Microsoft Office 2003 Web Components
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual Basic for Applications 7.1 (x64)
Microsoft Visual Basic for Applications 7.1 (x64) English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2005 Tools for Applications - ENU
Mumble 1.2.3
Music Manager
NVIDIA 3D Vision Controller Driver 320.49
NVIDIA 3D Vision Driver 320.49
NVIDIA Control Panel 320.49
NVIDIA GeForce Experience 1.5
NVIDIA Graphics Driver 320.49
NVIDIA HD Audio Driver 1.3.24.2
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 4.11.9
NVIDIA Update Components
OpenAL
Panda ActiveScan 2.0
Pando Media Booster
PCSX2 - Playstation 2 Emulator
PDF-Viewer
Rapture3D 2.3.22 Game
Realtek High Definition Audio Driver
Rockstar Games Social Club
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Skype™ 6.6
SolidWorks 2013 x64 Edition SP0
SolidWorks eDrawings 2013 x64 Edition SP0
SolidWorks Explorer 2013 SP0 x64 Edition
SolidWorks Flow Simulation 2013 SP0 x64 Edition
SolidWorks Plastics 2013 SP0 x64 Edition
Spotify
Spybot - Search & Destroy
Switch Sound File Converter
SyncBack
Tomb Raider - The Last Revelation
Tombraider
TrackMania Nations Forever
Unigine Valley Benchmark version 1.0
VC 9.0 Runtime
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 2.0.7
Wave Splitter 2.10
WinDirStat 1.1.2
WinRAR archiver
Zello 1.33.0.0
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm Security
.
==== End Of File ===========================
 

Link to post
Share on other sites

Okay, we have a little progress.

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

I really appreciate your help!

 

ComboFix 13-07-07.01 - jake 07/07/2013  17:53:34.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.44.1033.18.4095.2603 [GMT 1:00]
Running from: c:\users\jake\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe
c:\windows\SysWow64\tmp1883.tmp
c:\windows\SysWow64\tmp1884.tmp
c:\windows\SysWow64\tmp429B.tmp
c:\windows\SysWow64\tmp42DA.tmp
H:\install.exe
K:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-07 to 2013-07-07  )))))))))))))))))))))))))))))))
.
.
2013-07-07 16:59 . 2013-07-07 16:59    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-07 16:42 . 2013-07-07 16:42    76232    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{816AAD8B-7E5E-4563-8933-D2EA08447376}\offreg.dll
2013-07-07 10:47 . 2013-07-07 10:47    121    ----a-w-    c:\windows\DeleteOnReboot.bat
2013-07-07 10:42 . 2013-07-07 10:42    --------    d-----w-    c:\windows\ERUNT
2013-07-07 10:36 . 2013-07-07 10:42    --------    d-----w-    C:\JRT
2013-07-07 09:58 . 2013-07-07 10:10    --------    d-----w-    c:\programdata\Rosetta Stone
2013-07-06 15:44 . 2013-07-06 15:44    --------    d-----w-    c:\program files (x86)\ESET
2013-07-05 22:12 . 2013-07-05 22:12    466456    ----a-w-    c:\windows\system32\wrap_oal.dll
2013-07-05 22:12 . 2013-07-05 22:12    444952    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2013-07-05 22:12 . 2013-07-05 22:12    122904    ----a-w-    c:\windows\system32\OpenAL32.dll
2013-07-05 22:12 . 2013-07-05 22:12    109080    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2013-07-05 22:02 . 2013-07-05 22:02    283064    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2013-07-02 12:47 . 2013-07-02 23:48    --------    d-----w-    c:\users\jake\AppData\Roaming\NVIDIA
2013-07-02 12:25 . 2013-07-03 23:20    --------    d-----w-    c:\users\jake\Valley
2013-07-02 11:44 . 2013-07-02 11:44    --------    d-----w-    c:\users\UpdatusUser
2013-07-02 11:43 . 2013-07-02 11:43    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-07-02 11:43 . 2013-06-21 10:23    6496544    ----a-w-    c:\windows\system32\nvcpl.dll
2013-07-02 11:43 . 2013-06-21 10:23    3514656    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-07-02 11:43 . 2013-06-21 10:23    884512    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-07-02 11:43 . 2013-06-21 10:23    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-07-02 11:43 . 2013-06-21 10:23    2555680    ----a-w-    c:\windows\system32\nvsvcr.dll
2013-07-02 11:43 . 2013-06-21 10:23    237856    ----a-w-    c:\windows\system32\nvmctray.dll
2013-07-02 11:43 . 2013-06-20 04:17    3253909    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-07-02 11:42 . 2013-06-21 12:06    61216    ----a-w-    c:\windows\system32\OpenCL.dll
2013-07-02 11:42 . 2013-06-21 12:06    53024    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2013-07-02 11:42 . 2013-07-02 11:47    --------    d-----w-    c:\programdata\NVIDIA Corporation
2013-06-29 15:08 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{816AAD8B-7E5E-4563-8933-D2EA08447376}\mpengine.dll
2013-06-27 21:33 . 2013-07-05 22:20    --------    d-----w-    c:\users\jake\AppData\Local\DoNotTrackPlus
2013-06-27 18:31 . 2013-06-27 18:30    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-06-25 22:39 . 2013-06-25 22:39    --------    d-----w-    c:\users\jake\AppData\Local\BIT.TRIP BEAT
2013-06-25 16:31 . 2013-07-02 11:48    --------    d-----w-    c:\users\jake\AppData\Local\NVIDIA
2013-06-25 16:28 . 2013-06-25 16:28    --------    d-----w-    c:\programdata\Microsoft Toolkit
2013-06-25 15:41 . 2013-07-07 16:39    --------    d-----w-    c:\programdata\NVIDIA
2013-06-21 04:16 . 2013-06-21 04:16    566048    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2013-06-19 18:12 . 1999-08-03 09:50    172032    ----a-w-    c:\windows\SysWow64\binkw32.dll
2013-06-19 18:12 . 1998-10-02 18:00    327168    ----a-w-    c:\windows\IsUninst.exe
2013-06-18 13:49 . 2013-06-18 15:25    --------    d-----w-    c:\users\jake\AppData\Local\TempSWBackupDirectory
2013-06-18 13:48 . 2013-06-18 13:48    --------    d-----w-    c:\users\jake\AppData\Local\SolidWorks
2013-06-18 13:45 . 2013-07-02 11:43    --------    d-----w-    C:\Temp
2013-06-18 13:43 . 2013-06-18 13:43    --------    d-----w-    c:\programdata\Simpoe
2013-06-18 13:41 . 2013-06-18 13:41    --------    d-----w-    c:\programdata\COSMOS Applications
2013-06-18 13:41 . 2013-06-18 13:41    --------    d-----w-    c:\programdata\SolidWorks Flow Simulation
2013-06-18 13:39 . 2013-06-18 13:39    --------    d-----w-    c:\users\jake\AppData\Roaming\help_images_otherUI
2013-06-18 13:37 . 2013-06-18 13:37    --------    d-----w-    c:\users\jake\AppData\Roaming\DassaultSystemes
2013-06-18 13:37 . 2013-06-18 13:37    --------    d-----w-    c:\users\jake\AppData\Local\DassaultSystemes
2013-06-18 13:37 . 2013-06-18 13:37    --------    d-----w-    c:\programdata\DassaultSystemes
2013-06-18 13:29 . 2013-06-18 13:40    --------    d-----w-    c:\program files\Common Files\SolidWorks Shared
2013-06-18 13:29 . 2013-06-18 13:29    --------    d-----w-    c:\programdata\SolidWorks
2013-06-18 13:29 . 2013-06-18 13:29    --------    d-----w-    c:\program files\Common Files\Macrovision Shared
2013-06-18 13:28 . 2013-06-18 13:28    --------    d-----w-    c:\program files\Microsoft Visual Studio 8
2013-06-18 13:28 . 2013-06-18 13:28    --------    d-----w-    c:\program files\Bonjour
2013-06-18 13:28 . 2013-06-18 13:28    --------    d-----w-    c:\program files (x86)\Bonjour
2013-06-18 13:28 . 2013-06-18 13:28    --------    d-----w-    c:\programdata\Apple
2013-06-18 13:25 . 2013-06-18 13:25    --------    d-----w-    c:\program files (x86)\Microsoft Visual Studio 8
2013-06-18 13:25 . 2013-06-18 13:25    --------    d-----w-    c:\program files (x86)\MSECache
2013-06-18 13:22 . 2013-06-18 13:40    --------    d-----w-    c:\program files (x86)\Common Files\SolidWorks Shared
2013-06-18 13:22 . 2013-06-18 13:35    --------    d-----w-    C:\SolidWorks Data
2013-06-18 13:10 . 2013-06-18 13:23    --------    d-----w-    c:\program files (x86)\Common Files\SolidWorks Installation Manager
2013-06-18 13:04 . 2013-06-18 13:22    --------    d-----w-    c:\windows\SolidWorks
2013-06-18 13:04 . 2013-06-18 13:48    --------    d-----w-    c:\users\jake\AppData\Roaming\SolidWorks
2013-06-07 23:16 . 2013-06-07 23:16    --------    d-----w-    c:\users\jake\AppData\Local\FalloutNV
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 11:31 . 2013-02-23 18:02    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 11:31 . 2013-02-23 18:02    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-02 01:06 . 2009-10-26 23:49    278800    ------w-    c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2012-06-10 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2012-06-10 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Spotify Web Helper"="c:\users\jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-04 1104384]
"DAEMON Tools Lite"="h:\programs\DTools free\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~2\AVG\AVG8\avgtray.exe" [2011-11-03 2042208]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-29 73832]
"BCSSync"="k:\programs\Office 2010 install\Office14\BCSSync.exe" [2010-01-21 91520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SolidWorks Background Downloader.lnk - c:\program files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe /launch_from 0 [2013-6-18 2737768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG8\Toolbar\ToolbarBroker.exe;c:\program files (x86)\AVG\AVG8\Toolbar\ToolbarBroker.exe [x]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;k:\programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks\swScheduler\DTSCoordinatorService.exe;k:\programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks\swScheduler\DTSCoordinatorService.exe [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 GPU-Z;GPU-Z;c:\users\jake\AppData\Local\Temp\GPU-Z.sys;c:\users\jake\AppData\Local\Temp\GPU-Z.sys [x]
R3 Media Center 17 Service;Media Center 17 Service;c:\program files (x86)\J River\Media Center 17\JRService.exe;c:\program files (x86)\J River\Media Center 17\JRService.exe [x]
R3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys;c:\windows\SYSNATIVE\drivers\RkPavproc1.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys;c:\windows\SYSNATIVE\drivers\pavboot64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys;c:\windows\SYSNATIVE\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys;c:\windows\SYSNATIVE\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Free8 Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys;c:\windows\SYSNATIVE\Drivers\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~2\AVG\AVG8\avgwdsvc.exe;c:\progra~2\AVG\AVG8\avgwdsvc.exe [x]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;h:\program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamscheduler.exe;h:\program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;h:\program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamservice.exe;h:\program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 RemoteSolverDispatcher;Remote Solver for Flow Simulation 2013;k:\programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2013;k:\programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2013 [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
S3 ALSysIO;ALSysIO;c:\users\jake\AppData\Local\Temp\ALSysIO64.sys;c:\users\jake\AppData\Local\Temp\ALSysIO64.sys [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys;c:\windows\SYSNATIVE\DRIVERS\point64k.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121477230-1356459136-3669562405-1001Core.job
- c:\users\jake\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-19 15:42]
.
2013-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121477230-1356459136-3669562405-1001UA.job
- c:\users\jake\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-19 15:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 2314120]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FAB9A42A-CF03-4F9B-A848-1DE0C93BF7A5}: NameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Fast Start.lnk - c:\windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-ISW - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-07  18:02:01
ComboFix-quarantined-files.txt  2013-07-07 17:02
.
Pre-Run: 3,228,164,096 bytes free
Post-Run: 3,278,057,472 bytes free
.
- - End Of File - - 0CBA0BE352C9826C872C829E6D57BEBE
8F558EB6672622401DA993E1E865C861
 

Link to post
Share on other sites

I am not sure how to uninstall ZoneAlarm LTD Toolbar
ZoneAlarm Security Toolbar as they are not on add or remove programs.

 

Just ran only a scan on adwcleaner and it showed this

 

 

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\jake\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

Link to post
Share on other sites

Some remnants, but AdwCleaner already take care for them. :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::

c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll | c:\windows\system32\user32.dll

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

I've spent a bit of time this evening trying to solve the problems.

 

Adwcleaner now only finds these two. I uninstalled both antivirus and firewall, and then re-installed them.

 

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Users\jake\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

 

only after changing combofix name did it find more stuff, although it took ages to run last time and restarted at a different time from the other times.

 

 

ComboFix 13-07-08.02 - jake 07/07/2013  21:36:30.4.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.44.1033.18.4095.2434 [GMT 1:00]
Running from: c:\users\jake\Desktop\3ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jake\AppData\Local\Temp\nsb46E1.tmp\NSISdl.dll
c:\users\jake\AppData\Local\Temp\nsb46E1.tmp\System.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-07 to 2013-07-07  )))))))))))))))))))))))))))))))
.
.
2013-07-07 20:43 . 2013-07-07 20:43    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-07 20:08 . 2013-07-07 20:08    --------    d-----w-    c:\program files\CheckPoint
2013-07-07 20:06 . 2013-07-07 20:06    --------    d-----w-    c:\users\jake\AppData\Roaming\AVG2013
2013-07-07 20:04 . 2013-07-07 20:04    --------    d-----w-    c:\program files (x86)\Check Point Software Technologies LTD
2013-07-07 20:04 . 2013-07-07 20:04    --------    d-----w-    c:\users\jake\AppData\Roaming\Check Point Software Technologies LTD
2013-07-07 20:04 . 2013-07-07 20:07    --------    d-----w-    c:\program files (x86)\CheckPoint
2013-07-07 20:03 . 2013-07-07 20:06    --------    d-----w-    c:\programdata\AVG2013
2013-07-07 20:00 . 2013-07-07 20:17    --------    d-----w-    c:\users\jake\AppData\Local\Avg2013
2013-07-07 20:00 . 2013-07-07 20:08    --------    d-----w-    c:\programdata\MFAData
2013-07-07 20:00 . 2013-07-07 20:00    --------    d-----w-    c:\users\jake\AppData\Local\MFAData
2013-07-07 10:47 . 2013-07-07 20:13    804    ----a-w-    c:\windows\DeleteOnReboot.bat
2013-07-07 10:42 . 2013-07-07 10:42    --------    d-----w-    c:\windows\ERUNT
2013-07-07 10:36 . 2013-07-07 19:32    --------    d-----w-    C:\JRT
2013-07-07 09:58 . 2013-07-07 10:10    --------    d-----w-    c:\programdata\Rosetta Stone
2013-07-06 15:44 . 2013-07-06 15:44    --------    d-----w-    c:\program files (x86)\ESET
2013-07-05 22:12 . 2013-07-05 22:12    466456    ----a-w-    c:\windows\system32\wrap_oal.dll
2013-07-05 22:12 . 2013-07-05 22:12    444952    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2013-07-05 22:12 . 2013-07-05 22:12    122904    ----a-w-    c:\windows\system32\OpenAL32.dll
2013-07-05 22:12 . 2013-07-05 22:12    109080    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2013-07-05 22:02 . 2013-07-05 22:02    283064    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2013-07-02 12:47 . 2013-07-02 23:48    --------    d-----w-    c:\users\jake\AppData\Roaming\NVIDIA
2013-07-02 12:25 . 2013-07-03 23:20    --------    d-----w-    c:\users\jake\Valley
2013-07-02 11:44 . 2013-07-02 11:44    --------    d-----w-    c:\users\UpdatusUser
2013-07-02 11:43 . 2013-07-02 11:43    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-07-02 11:43 . 2013-06-21 10:23    6496544    ----a-w-    c:\windows\system32\nvcpl.dll
2013-07-02 11:43 . 2013-06-21 10:23    3514656    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-07-02 11:43 . 2013-06-21 10:23    884512    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-07-02 11:43 . 2013-06-21 10:23    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-07-02 11:43 . 2013-06-21 10:23    2555680    ----a-w-    c:\windows\system32\nvsvcr.dll
2013-07-02 11:43 . 2013-06-21 10:23    237856    ----a-w-    c:\windows\system32\nvmctray.dll
2013-07-02 11:43 . 2013-06-20 04:17    3253909    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-07-02 11:42 . 2013-06-21 12:06    61216    ----a-w-    c:\windows\system32\OpenCL.dll
2013-07-02 11:42 . 2013-06-21 12:06    53024    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2013-07-02 11:42 . 2013-07-02 11:47    --------    d-----w-    c:\programdata\NVIDIA Corporation
2013-06-29 15:08 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{816AAD8B-7E5E-4563-8933-D2EA08447376}\mpengine.dll
2013-06-27 18:31 . 2013-07-07 20:05    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-06-25 22:39 . 2013-06-25 22:39    --------    d-----w-    c:\users\jake\AppData\Local\BIT.TRIP BEAT
2013-06-25 16:31 . 2013-07-02 11:48    --------    d-----w-    c:\users\jake\AppData\Local\NVIDIA
2013-06-25 16:28 . 2013-06-25 16:28    --------    d-----w-    c:\programdata\Microsoft Toolkit
2013-06-25 15:41 . 2013-07-07 20:45    --------    d-----w-    c:\programdata\NVIDIA
2013-06-21 04:16 . 2013-06-21 04:16    566048    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2013-06-19 18:12 . 1999-08-03 09:50    172032    ----a-w-    c:\windows\SysWow64\binkw32.dll
2013-06-19 18:12 . 1998-10-02 18:00    327168    ----a-w-    c:\windows\IsUninst.exe
2013-06-18 13:49 . 2013-06-18 15:25    --------    d-----w-    c:\users\jake\AppData\Local\TempSWBackupDirectory
2013-06-18 13:48 . 2013-06-18 13:48    --------    d-----w-    c:\users\jake\AppData\Local\SolidWorks
2013-06-18 13:45 . 2013-07-02 11:43    --------    d-----w-    C:\Temp
2013-06-18 13:43 . 2013-06-18 13:43    --------    d-----w-    c:\programdata\Simpoe
2013-06-18 13:41 . 2013-06-18 13:41    --------    d-----w-    c:\programdata\COSMOS Applications
2013-06-18 13:41 . 2013-06-18 13:41    --------    d-----w-    c:\programdata\SolidWorks Flow Simulation
2013-06-18 13:39 . 2013-06-18 13:39    --------    d-----w-    c:\users\jake\AppData\Roaming\help_images_otherUI
2013-06-18 13:37 . 2013-06-18 13:37    --------    d-----w-    c:\users\jake\AppData\Roaming\DassaultSystemes
2013-06-18 13:37 . 2013-06-18 13:37    --------    d-----w-    c:\users\jake\AppData\Local\DassaultSystemes
2013-06-18 13:37 . 2013-06-18 13:37    --------    d-----w-    c:\programdata\DassaultSystemes
2013-06-18 13:29 . 2013-06-18 13:40    --------    d-----w-    c:\program files\Common Files\SolidWorks Shared
2013-06-18 13:29 . 2013-06-18 13:29    --------    d-----w-    c:\programdata\SolidWorks
2013-06-18 13:29 . 2013-06-18 13:29    --------    d-----w-    c:\program files\Common Files\Macrovision Shared
2013-06-18 13:28 . 2013-06-18 13:28    --------    d-----w-    c:\program files\Microsoft Visual Studio 8
2013-06-18 13:28 . 2013-06-18 13:28    --------    d-----w-    c:\program files\Bonjour
2013-06-18 13:28 . 2013-06-18 13:28    --------    d-----w-    c:\program files (x86)\Bonjour
2013-06-18 13:28 . 2013-06-18 13:28    --------    d-----w-    c:\programdata\Apple
2013-06-18 13:25 . 2013-06-18 13:25    --------    d-----w-    c:\program files (x86)\Microsoft Visual Studio 8
2013-06-18 13:25 . 2013-06-18 13:25    --------    d-----w-    c:\program files (x86)\MSECache
2013-06-18 13:22 . 2013-06-18 13:40    --------    d-----w-    c:\program files (x86)\Common Files\SolidWorks Shared
2013-06-18 13:22 . 2013-06-18 13:35    --------    d-----w-    C:\SolidWorks Data
2013-06-18 13:10 . 2013-06-18 13:23    --------    d-----w-    c:\program files (x86)\Common Files\SolidWorks Installation Manager
2013-06-18 13:04 . 2013-06-18 13:22    --------    d-----w-    c:\windows\SolidWorks
2013-06-18 13:04 . 2013-06-18 13:48    --------    d-----w-    c:\users\jake\AppData\Roaming\SolidWorks
2013-06-07 23:16 . 2013-06-07 23:16    --------    d-----w-    c:\users\jake\AppData\Local\FalloutNV
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 11:31 . 2013-02-23 18:02    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 11:31 . 2013-02-23 18:02    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-02 01:06 . 2009-10-26 23:49    278800    ------w-    c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2012-06-10 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2012-06-10 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Spotify Web Helper"="c:\users\jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-04 1104384]
"DAEMON Tools Lite"="h:\programs\DTools free\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="k:\programs\Office 2010 install\Office14\BCSSync.exe" [2010-01-21 91520]
"AVG_UI"="k:\programs\avg free\avgui.exe" [2013-04-28 4408368]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SolidWorks Background Downloader.lnk - c:\program files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe /launch_from 0 [2013-6-18 2737768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;k:\programs\avg free\avgidsagent.exe;k:\programs\avg free\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;k:\programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks\swScheduler\DTSCoordinatorService.exe;k:\programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks\swScheduler\DTSCoordinatorService.exe [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 GPU-Z;GPU-Z;c:\users\jake\AppData\Local\Temp\GPU-Z.sys;c:\users\jake\AppData\Local\Temp\GPU-Z.sys [x]
R3 Media Center 17 Service;Media Center 17 Service;c:\program files (x86)\J River\Media Center 17\JRService.exe;c:\program files (x86)\J River\Media Center 17\JRService.exe [x]
R3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys;c:\windows\SYSNATIVE\drivers\RkPavproc1.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys;c:\windows\SYSNATIVE\drivers\pavboot64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 avgwd;AVG WatchDog;k:\programs\avg free\avgwdsvc.exe;k:\programs\avg free\avgwdsvc.exe [x]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;h:\program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamscheduler.exe;h:\program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;h:\program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamservice.exe;h:\program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 RemoteSolverDispatcher;Remote Solver for Flow Simulation 2013;k:\programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2013;k:\programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2013 [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
S3 ALSysIO;ALSysIO;c:\users\jake\AppData\Local\Temp\ALSysIO64.sys;c:\users\jake\AppData\Local\Temp\ALSysIO64.sys [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys;c:\windows\SYSNATIVE\DRIVERS\point64k.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121477230-1356459136-3669562405-1001Core.job
- c:\users\jake\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-19 15:42]
.
2013-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121477230-1356459136-3669562405-1001UA.job
- c:\users\jake\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-19 15:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 2314120]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"ISW"="" [bU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FAB9A42A-CF03-4F9B-A848-1DE0C93BF7A5}: NameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
h:\program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
k:\programs\avg free\avgcfgex.exe
.
**************************************************************************
.
Completion time: 2013-07-07  22:13:26 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-07 21:13
ComboFix2.txt  2013-07-07 18:59
ComboFix3.txt  2013-07-07 18:44
ComboFix4.txt  2013-07-07 17:02
.
Pre-Run: 2,927,521,792 bytes free
Post-Run: 3,232,735,232 bytes free
.
- - End Of File - - 57E5E4B5B17BA32FEA6478266E9F67E9
8F558EB6672622401DA993E1E865C861
 

Link to post
Share on other sites

Just ran it with that script, thank you.  The pc seems a bit more responsive than before I think, i'll see how it's running tomorrow :)

 

 

ComboFix 13-07-08.02 - jake 07/07/2013  22:45:04.5.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.44.1033.18.4095.2940 [GMT 1:00]
Running from: c:\users\jake\Desktop\3ComboFix.exe
Command switches used :: c:\users\jake\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll --> c:\windows\system32\user32.dll
.
(((((((((((((((((((((((((   Files Created from 2013-06-07 to 2013-07-07  )))))))))))))))))))))))))))))))
.
.
2013-07-07 22:06 . 2013-07-07 22:06    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-07 20:08 . 2013-07-07 20:08    --------    d-----w-    c:\program files\CheckPoint
2013-07-07 20:06 . 2013-07-07 20:06    --------    d-----w-    c:\users\jake\AppData\Roaming\AVG2013
2013-07-07 20:04 . 2013-07-07 20:04    --------    d-----w-    c:\program files (x86)\Check Point Software Technologies LTD
2013-07-07 20:04 . 2013-07-07 20:04    --------    d-----w-    c:\users\jake\AppData\Roaming\Check Point Software Technologies LTD
2013-07-07 20:04 . 2013-07-07 20:07    --------    d-----w-    c:\program files (x86)\CheckPoint
2013-07-07 20:03 . 2013-07-07 20:06    --------    d-----w-    c:\programdata\AVG2013
2013-07-07 20:00 . 2013-07-07 20:17    --------    d-----w-    c:\users\jake\AppData\Local\Avg2013
2013-07-07 20:00 . 2013-07-07 20:08    --------    d-----w-    c:\programdata\MFAData
2013-07-07 20:00 . 2013-07-07 20:00    --------    d-----w-    c:\users\jake\AppData\Local\MFAData
2013-07-07 10:47 . 2013-07-07 21:25    925    ----a-w-    c:\windows\DeleteOnReboot.bat
2013-07-07 10:42 . 2013-07-07 10:42    --------    d-----w-    c:\windows\ERUNT
2013-07-07 10:36 . 2013-07-07 21:18    --------    d-----w-    C:\JRT
2013-07-07 09:58 . 2013-07-07 10:10    --------    d-----w-    c:\programdata\Rosetta Stone
2013-07-06 15:44 . 2013-07-06 15:44    --------    d-----w-    c:\program files (x86)\ESET
2013-07-05 22:12 . 2013-07-05 22:12    466456    ----a-w-    c:\windows\system32\wrap_oal.dll
2013-07-05 22:12 . 2013-07-05 22:12    444952    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2013-07-05 22:12 . 2013-07-05 22:12    122904    ----a-w-    c:\windows\system32\OpenAL32.dll
2013-07-05 22:12 . 2013-07-05 22:12    109080    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2013-07-05 22:02 . 2013-07-05 22:02    283064    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2013-07-02 12:47 . 2013-07-02 23:48    --------    d-----w-    c:\users\jake\AppData\Roaming\NVIDIA
2013-07-02 12:25 . 2013-07-03 23:20    --------    d-----w-    c:\users\jake\Valley
2013-07-02 11:44 . 2013-07-02 11:44    --------    d-----w-    c:\users\UpdatusUser
2013-07-02 11:43 . 2013-07-02 11:43    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-07-02 11:43 . 2013-06-21 10:23    6496544    ----a-w-    c:\windows\system32\nvcpl.dll
2013-07-02 11:43 . 2013-06-21 10:23    3514656    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-07-02 11:43 . 2013-06-21 10:23    884512    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-07-02 11:43 . 2013-06-21 10:23    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-07-02 11:43 . 2013-06-21 10:23    2555680    ----a-w-    c:\windows\system32\nvsvcr.dll
2013-07-02 11:43 . 2013-06-21 10:23    237856    ----a-w-    c:\windows\system32\nvmctray.dll
2013-07-02 11:43 . 2013-06-20 04:17    3253909    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-07-02 11:42 . 2013-06-21 12:06    61216    ----a-w-    c:\windows\system32\OpenCL.dll
2013-07-02 11:42 . 2013-06-21 12:06    53024    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2013-07-02 11:42 . 2013-07-02 11:47    --------    d-----w-    c:\programdata\NVIDIA Corporation
2013-06-29 15:08 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{816AAD8B-7E5E-4563-8933-D2EA08447376}\mpengine.dll
2013-06-27 18:31 . 2013-07-07 20:05    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-06-25 22:39 . 2013-06-25 22:39    --------    d-----w-    c:\users\jake\AppData\Local\BIT.TRIP BEAT
2013-06-25 16:31 . 2013-07-02 11:48    --------    d-----w-    c:\users\jake\AppData\Local\NVIDIA
2013-06-25 16:28 . 2013-06-25 16:28    --------    d-----w-    c:\programdata\Microsoft Toolkit
2013-06-25 15:41 . 2013-07-07 21:27    --------    d-----w-    c:\programdata\NVIDIA
2013-06-21 04:16 . 2013-06-21 04:16    566048    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2013-06-19 18:12 . 1999-08-03 09:50    172032    ----a-w-    c:\windows\SysWow64\binkw32.dll
2013-06-19 18:12 . 1998-10-02 18:00    327168    ----a-w-    c:\windows\IsUninst.exe
2013-06-18 13:49 . 2013-06-18 15:25    --------    d-----w-    c:\users\jake\AppData\Local\TempSWBackupDirectory
2013-06-18 13:48 . 2013-06-18 13:48    --------    d-----w-    c:\users\jake\AppData\Local\SolidWorks
2013-06-18 13:45 . 2013-07-02 11:43    --------    d-----w-    C:\Temp
2013-06-18 13:43 . 2013-06-18 13:43    --------    d-----w-    c:\programdata\Simpoe
2013-06-18 13:41 . 2013-06-18 13:41    --------    d-----w-    c:\programdata\COSMOS Applications
2013-06-18 13:41 . 2013-06-18 13:41    --------    d-----w-    c:\programdata\SolidWorks Flow Simulation
2013-06-18 13:39 . 2013-06-18 13:39    --------    d-----w-    c:\users\jake\AppData\Roaming\help_images_otherUI
2013-06-18 13:37 . 2013-06-18 13:37    --------    d-----w-    c:\users\jake\AppData\Roaming\DassaultSystemes
2013-06-18 13:37 . 2013-06-18 13:37    --------    d-----w-    c:\users\jake\AppData\Local\DassaultSystemes
2013-06-18 13:37 . 2013-06-18 13:37    --------    d-----w-    c:\programdata\DassaultSystemes
2013-06-18 13:29 . 2013-06-18 13:40    --------    d-----w-    c:\program files\Common Files\SolidWorks Shared
2013-06-18 13:29 . 2013-06-18 13:29    --------    d-----w-    c:\programdata\SolidWorks
2013-06-18 13:29 . 2013-06-18 13:29    --------    d-----w-    c:\program files\Common Files\Macrovision Shared
2013-06-18 13:28 . 2013-06-18 13:28    --------    d-----w-    c:\program files\Microsoft Visual Studio 8
2013-06-18 13:28 . 2013-06-18 13:28    --------    d-----w-    c:\program files\Bonjour
2013-06-18 13:28 . 2013-06-18 13:28    --------    d-----w-    c:\program files (x86)\Bonjour
2013-06-18 13:28 . 2013-06-18 13:28    --------    d-----w-    c:\programdata\Apple
2013-06-18 13:25 . 2013-06-18 13:25    --------    d-----w-    c:\program files (x86)\Microsoft Visual Studio 8
2013-06-18 13:25 . 2013-06-18 13:25    --------    d-----w-    c:\program files (x86)\MSECache
2013-06-18 13:22 . 2013-06-18 13:40    --------    d-----w-    c:\program files (x86)\Common Files\SolidWorks Shared
2013-06-18 13:22 . 2013-06-18 13:35    --------    d-----w-    C:\SolidWorks Data
2013-06-18 13:10 . 2013-06-18 13:23    --------    d-----w-    c:\program files (x86)\Common Files\SolidWorks Installation Manager
2013-06-18 13:04 . 2013-06-18 13:22    --------    d-----w-    c:\windows\SolidWorks
2013-06-18 13:04 . 2013-06-18 13:48    --------    d-----w-    c:\users\jake\AppData\Roaming\SolidWorks
2013-06-07 23:16 . 2013-06-07 23:16    --------    d-----w-    c:\users\jake\AppData\Local\FalloutNV
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 11:31 . 2013-02-23 18:02    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 11:31 . 2013-02-23 18:02    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-02 01:06 . 2009-10-26 23:49    278800    ------w-    c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-06-10 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Spotify Web Helper"="c:\users\jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-04 1104384]
"DAEMON Tools Lite"="h:\programs\DTools free\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="k:\programs\Office 2010 install\Office14\BCSSync.exe" [2010-01-21 91520]
"AVG_UI"="k:\programs\avg free\avgui.exe" [2013-04-28 4408368]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SolidWorks Background Downloader.lnk - c:\program files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe /launch_from 0 [2013-6-18 2737768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;k:\programs\avg free\avgidsagent.exe;k:\programs\avg free\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;k:\programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks\swScheduler\DTSCoordinatorService.exe;k:\programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks\swScheduler\DTSCoordinatorService.exe [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 GPU-Z;GPU-Z;c:\users\jake\AppData\Local\Temp\GPU-Z.sys;c:\users\jake\AppData\Local\Temp\GPU-Z.sys [x]
R3 Media Center 17 Service;Media Center 17 Service;c:\program files (x86)\J River\Media Center 17\JRService.exe;c:\program files (x86)\J River\Media Center 17\JRService.exe [x]
R3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys;c:\windows\SYSNATIVE\drivers\RkPavproc1.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys;c:\windows\SYSNATIVE\drivers\pavboot64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 avgwd;AVG WatchDog;k:\programs\avg free\avgwdsvc.exe;k:\programs\avg free\avgwdsvc.exe [x]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;h:\program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamscheduler.exe;h:\program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;h:\program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamservice.exe;h:\program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 RemoteSolverDispatcher;Remote Solver for Flow Simulation 2013;k:\programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2013;k:\programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2013 [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
S3 ALSysIO;ALSysIO;c:\users\jake\AppData\Local\Temp\ALSysIO64.sys;c:\users\jake\AppData\Local\Temp\ALSysIO64.sys [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys;c:\windows\SYSNATIVE\DRIVERS\point64k.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121477230-1356459136-3669562405-1001Core.job
- c:\users\jake\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-19 15:42]
.
2013-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121477230-1356459136-3669562405-1001UA.job
- c:\users\jake\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-19 15:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 2314120]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"ISW"="" [bU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FAB9A42A-CF03-4F9B-A848-1DE0C93BF7A5}: NameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-07  23:09:14
ComboFix-quarantined-files.txt  2013-07-07 22:09
ComboFix2.txt  2013-07-07 21:13
ComboFix3.txt  2013-07-07 18:59
ComboFix4.txt  2013-07-07 18:44
ComboFix5.txt  2013-07-07 21:42
.
Pre-Run: 2,998,988,800 bytes free
Post-Run: 2,902,466,560 bytes free
.
- - End Of File - - 8DFDFBCD39C422E0352A6A1EBF474D7B
8F558EB6672622401DA993E1E865C861
 

Link to post
Share on other sites

Once again, please. Manually delete your ComboFix, download a new fresh copy and then:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::

c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll | c:\windows\SysWOW64\user32.dll

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

I followed those instructions thanks.

 

 

ComboFix 13-07-08.02 - jake 08/07/2013  17:18:19.7.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.44.1033.18.4095.2609 [GMT 1:00]
Running from: c:\users\jake\Desktop\ComboFix.exe
Command switches used :: c:\users\jake\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll --> c:\windows\SysWOW64\user32.dll
.
(((((((((((((((((((((((((   Files Created from 2013-06-08 to 2013-07-08  )))))))))))))))))))))))))))))))
.
.
2013-07-08 16:26 . 2013-07-08 16:26    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-08 16:14 . 2013-07-08 16:14    --------    d-----w-    c:\users\Default\AppData\Roaming\TuneUp Software
2013-07-07 20:08 . 2013-07-07 20:08    --------    d-----w-    c:\program files\CheckPoint
2013-07-07 20:06 . 2013-07-07 20:06    --------    d-----w-    c:\users\jake\AppData\Roaming\AVG2013
2013-07-07 20:04 . 2013-07-07 20:04    --------    d-----w-    c:\program files (x86)\Check Point Software Technologies LTD
2013-07-07 20:04 . 2013-07-07 20:04    --------    d-----w-    c:\users\jake\AppData\Roaming\Check Point Software Technologies LTD
2013-07-07 20:04 . 2013-07-07 20:07    --------    d-----w-    c:\program files (x86)\CheckPoint
2013-07-07 20:03 . 2013-07-07 20:06    --------    d-----w-    c:\programdata\AVG2013
2013-07-07 20:00 . 2013-07-08 16:20    --------    d-----w-    c:\programdata\MFAData
2013-07-07 20:00 . 2013-07-07 20:17    --------    d-----w-    c:\users\jake\AppData\Local\Avg2013
2013-07-07 20:00 . 2013-07-07 20:00    --------    d-----w-    c:\users\jake\AppData\Local\MFAData
2013-07-07 10:47 . 2013-07-07 21:25    925    ----a-w-    c:\windows\DeleteOnReboot.bat
2013-07-07 10:42 . 2013-07-07 10:42    --------    d-----w-    c:\windows\ERUNT
2013-07-07 10:36 . 2013-07-07 21:18    --------    d-----w-    C:\JRT
2013-07-07 09:58 . 2013-07-07 10:10    --------    d-----w-    c:\programdata\Rosetta Stone
2013-07-06 15:44 . 2013-07-06 15:44    --------    d-----w-    c:\program files (x86)\ESET
2013-07-05 22:12 . 2013-07-05 22:12    466456    ----a-w-    c:\windows\system32\wrap_oal.dll
2013-07-05 22:12 . 2013-07-05 22:12    444952    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2013-07-05 22:12 . 2013-07-05 22:12    122904    ----a-w-    c:\windows\system32\OpenAL32.dll
2013-07-05 22:12 . 2013-07-05 22:12    109080    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2013-07-05 22:02 . 2013-07-05 22:02    283064    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2013-07-02 12:47 . 2013-07-02 23:48    --------    d-----w-    c:\users\jake\AppData\Roaming\NVIDIA
2013-07-02 12:25 . 2013-07-03 23:20    --------    d-----w-    c:\users\jake\Valley
2013-07-02 11:44 . 2013-07-07 23:29    --------    d-----w-    c:\users\UpdatusUser
2013-07-02 11:43 . 2013-07-02 11:43    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-07-02 11:43 . 2013-06-21 10:23    6496544    ----a-w-    c:\windows\system32\nvcpl.dll
2013-07-02 11:43 . 2013-06-21 10:23    3514656    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-07-02 11:43 . 2013-06-21 10:23    884512    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-07-02 11:43 . 2013-06-21 10:23    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-07-02 11:43 . 2013-06-21 10:23    2555680    ----a-w-    c:\windows\system32\nvsvcr.dll
2013-07-02 11:43 . 2013-06-21 10:23    237856    ----a-w-    c:\windows\system32\nvmctray.dll
2013-07-02 11:43 . 2013-06-20 04:17    3253909    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-07-02 11:42 . 2013-06-21 12:06    61216    ----a-w-    c:\windows\system32\OpenCL.dll
2013-07-02 11:42 . 2013-06-21 12:06    53024    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2013-07-02 11:42 . 2013-07-02 11:47    --------    d-----w-    c:\programdata\NVIDIA Corporation
2013-06-29 15:08 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{816AAD8B-7E5E-4563-8933-D2EA08447376}\mpengine.dll
2013-06-27 18:31 . 2013-07-07 20:05    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-06-25 22:39 . 2013-06-25 22:39    --------    d-----w-    c:\users\jake\AppData\Local\BIT.TRIP BEAT
2013-06-25 16:31 . 2013-07-02 11:48    --------    d-----w-    c:\users\jake\AppData\Local\NVIDIA
2013-06-25 16:28 . 2013-06-25 16:28    --------    d-----w-    c:\programdata\Microsoft Toolkit
2013-06-25 15:41 . 2013-07-08 16:11    --------    d-----w-    c:\programdata\NVIDIA
2013-06-21 04:16 . 2013-06-21 04:16    566048    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2013-06-19 18:12 . 1999-08-03 09:50    172032    ----a-w-    c:\windows\SysWow64\binkw32.dll
2013-06-19 18:12 . 1998-10-02 18:00    327168    ----a-w-    c:\windows\IsUninst.exe
2013-06-18 13:49 . 2013-06-18 15:25    --------    d-----w-    c:\users\jake\AppData\Local\TempSWBackupDirectory
2013-06-18 13:48 . 2013-06-18 13:48    --------    d-----w-    c:\users\jake\AppData\Local\SolidWorks
2013-06-18 13:45 . 2013-07-02 11:43    --------    d-----w-    C:\Temp
2013-06-18 13:43 . 2013-06-18 13:43    --------    d-----w-    c:\programdata\Simpoe
2013-06-18 13:41 . 2013-06-18 13:41    --------    d-----w-    c:\programdata\COSMOS Applications
2013-06-18 13:41 . 2013-06-18 13:41    --------    d-----w-    c:\programdata\SolidWorks Flow Simulation
2013-06-18 13:39 . 2013-06-18 13:39    --------    d-----w-    c:\users\jake\AppData\Roaming\help_images_otherUI
2013-06-18 13:37 . 2013-06-18 13:37    --------    d-----w-    c:\users\jake\AppData\Roaming\DassaultSystemes
2013-06-18 13:37 . 2013-06-18 13:37    --------    d-----w-    c:\users\jake\AppData\Local\DassaultSystemes
2013-06-18 13:37 . 2013-06-18 13:37    --------    d-----w-    c:\programdata\DassaultSystemes
2013-06-18 13:29 . 2013-06-18 13:40    --------    d-----w-    c:\program files\Common Files\SolidWorks Shared
2013-06-18 13:29 . 2013-06-18 13:29    --------    d-----w-    c:\programdata\SolidWorks
2013-06-18 13:29 . 2013-06-18 13:29    --------    d-----w-    c:\program files\Common Files\Macrovision Shared
2013-06-18 13:28 . 2013-06-18 13:28    --------    d-----w-    c:\program files\Microsoft Visual Studio 8
2013-06-18 13:28 . 2013-06-18 13:28    --------    d-----w-    c:\program files\Bonjour
2013-06-18 13:28 . 2013-06-18 13:28    --------    d-----w-    c:\program files (x86)\Bonjour
2013-06-18 13:28 . 2013-06-18 13:28    --------    d-----w-    c:\programdata\Apple
2013-06-18 13:25 . 2013-06-18 13:25    --------    d-----w-    c:\program files (x86)\Microsoft Visual Studio 8
2013-06-18 13:25 . 2013-06-18 13:25    --------    d-----w-    c:\program files (x86)\MSECache
2013-06-18 13:22 . 2013-06-18 13:40    --------    d-----w-    c:\program files (x86)\Common Files\SolidWorks Shared
2013-06-18 13:22 . 2013-06-18 13:35    --------    d-----w-    C:\SolidWorks Data
2013-06-18 13:10 . 2013-06-18 13:23    --------    d-----w-    c:\program files (x86)\Common Files\SolidWorks Installation Manager
2013-06-18 13:04 . 2013-06-18 13:22    --------    d-----w-    c:\windows\SolidWorks
2013-06-18 13:04 . 2013-06-18 13:48    --------    d-----w-    c:\users\jake\AppData\Roaming\SolidWorks
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 11:31 . 2013-02-23 18:02    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 11:31 . 2013-02-23 18:02    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-02 01:06 . 2009-10-26 23:49    278800    ------w-    c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Spotify Web Helper"="c:\users\jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-04 1104384]
"DAEMON Tools Lite"="h:\programs\DTools free\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="k:\programs\Office 2010 install\Office14\BCSSync.exe" [2010-01-21 91520]
"AVG_UI"="k:\programs\avg free\avgui.exe" [2013-04-28 4408368]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SolidWorks Background Downloader.lnk - c:\program files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe /launch_from 0 [2013-6-18 2737768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;h:\program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamservice.exe;h:\program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;k:\programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks\swScheduler\DTSCoordinatorService.exe;k:\programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks\swScheduler\DTSCoordinatorService.exe [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 Media Center 17 Service;Media Center 17 Service;c:\program files (x86)\J River\Media Center 17\JRService.exe;c:\program files (x86)\J River\Media Center 17\JRService.exe [x]
R3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys;c:\windows\SYSNATIVE\drivers\RkPavproc1.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys;c:\windows\SYSNATIVE\drivers\pavboot64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;k:\programs\avg free\avgidsagent.exe;k:\programs\avg free\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;k:\programs\avg free\avgwdsvc.exe;k:\programs\avg free\avgwdsvc.exe [x]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;h:\program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamscheduler.exe;h:\program files for win 7\malware bytes\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 RemoteSolverDispatcher;Remote Solver for Flow Simulation 2013;k:\programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2013;k:\programs\Solidworks install\SoldWorks_2013_SP0.0_x64\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2013 [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
S3 ALSysIO;ALSysIO;c:\users\jake\AppData\Local\Temp\ALSysIO64.sys;c:\users\jake\AppData\Local\Temp\ALSysIO64.sys [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys;c:\windows\SYSNATIVE\DRIVERS\point64k.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - GPU-Z
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121477230-1356459136-3669562405-1001Core.job
- c:\users\jake\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-19 15:42]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121477230-1356459136-3669562405-1001UA.job
- c:\users\jake\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-19 15:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 2314120]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"ISW"="" [bU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FAB9A42A-CF03-4F9B-A848-1DE0C93BF7A5}: NameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-08  17:35:51
ComboFix-quarantined-files.txt  2013-07-08 16:35
ComboFix2.txt  2013-07-07 22:09
ComboFix3.txt  2013-07-07 21:13
ComboFix4.txt  2013-07-07 18:59
ComboFix5.txt  2013-07-07 23:03
.
Pre-Run: 2,922,016,768 bytes free
Post-Run: 2,827,939,840 bytes free
.
- - End Of File - - 347A999CCEBA9F54EBE05D440AF2714F
8F558EB6672622401DA993E1E865C861
 

Link to post
Share on other sites

Thanks!

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Eset ran for about 8 hours and was still going. I did't have enough time to leave it to complete, so I finished it about 80% scanned.

As it takes a while I will probably run it overnight next time.

 

Here is what it found:

C:\Users\jake\Downloads\DTLite4471-0335.exe    Win32/OpenCandy application
D:\DVDVideoSoft\Installations\FreeVideoToiPodConverter.exe    multiple threats
F:\My Programs\AxCrypt-1.7.2931.0-Setup.exe    Win32/OpenCandy application
F:\My Programs\cnet2_SRS_Audio_Sandbox_exe.exe    a variant of Win32/InstallCore.D application
F:\My Programs-Vista\pdf xchange viewer\PDFXVwer.exe    multiple threats
G:\Users\Jake\Desktop\MP3 Player\FreeVideoToiPodConverter, devisions, ipod           ipod classic High quality Mpeg4, 30 fps, 320x240 AAC 192kb .exe    multiple threats
H:\Downloads\aTubeCatcher.exe    multiple threats
H:\miscellaneous\ubcd\UBCD4WinV350.exe    Win32/PrcView application
H:\miscellaneous\usb stick verbatim (corrupted)\DeviceDoctor_Bundle.exe    multiple threats

Link to post
Share on other sites

Hi, yep i'm still with you. I took out a hard drive with lots of stuff on it and scanned again to try and speed up the scanning. But I still didn't have time overnight to complete it, and didn't want the pc left on all day as others needed to use it. It did find all the same things as before though, and I think they are all legit programs I have installed?

Should I try re-downloading them after deleting with the scanner and then reinstalling encase they had become infected executables.

 

I am not experiencing any freezes at all now which is great :), thanks

Link to post
Share on other sites

Hi, I don't think I will be able to have time to complete that scan as it takes so long. But when I have use of the pc for a while I will run it in the background so hopefully soon it will complete.

 

Are there any comparable online scanners that are of similar quality which I can try in the hope that they complete faster?

Link to post
Share on other sites

The speed depends on many things. As the technology behind the scanner, and the types of files that will be scanned, their size, the hardware capabilities of the machine and so on.

You could try with this one too:

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

  • Turn OFF your antivirus program.

    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  • If this system is Windows 8/7 or VISTA, then Right-click on drweb-cureit.exe and select Run as Administrator.
  • Otherwise, on Windows XP, doubleclick on drweb-cureit.exe file to start the tool.
  • You will see a screen similar to this:

    Drweb-cureit-1_zps34a2f747.gif

    Click the checkbox to participate, and then click on Continue button.

  • Next

    Drweb-cureit-2_zpsee7bdcb6.gif

    Click on Select onjects for scanning

  • Next

    Drweb-cureit-3_zps137b4332.gif

    Put a checkmark by clicking on the boxes as shown.

    Do not select Temporary files or System Restore points.

    Then click on Start scanning button

  • The scan in progress will be shown like this

    Drweb-cureit-4_zps211037d0.gif

  • IF something is detected, you will see a screen similar to this

    Drweb-cureit-5_zpsd7be6acf.gif

    For each item "detected", click on the Action column down arrow, like this

    Drweb-cureit-8_zpsb099f9d5.gif

    Your options will be Cure or Ignore

    IF you see an item that you are very sure is ok, then un-check the checkbox for that item.

    Typically, you will keep the Cure default.

    Then click on the Neutralize button.

  • When the actions are completed, you will see this

    Drweb-cureit-7_zpsd290a127.gif

  • Click on the green Open Report line. It will pop-up the report in NOTEPAD.

    Save the report to your desktop. The report will be called Cureit.log

  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, attach the log Cureit.log you saved previously in your next reply.
Re-Enable your antivirus program when all done.
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.