Jump to content

Audio adware + Chrome automuting, Malwarebytes missed


Recommended Posts

I recently got a bit of adware which I got most of with various programs, but I still have a piece of audio adware that plays whenever I have Google Chrome open. It is listed as a separate Google Chrome in the mixer, and automatically mutes itself. 

I've scanned the Google folder with multiple AV programs including Malwarebytes, showing nothing. I've scanned my entire computer with multiple AV programs including Malwarebytes, showing nothing. I've run multiple rootkit utilities, showing nothing. I've run RKill, which stopped two processes "runner.exe" and "clicker.exe" but the audio adware continued. I've run ComboFix, nothing. I've run Kaspsersky Security Scan and ESET Online Scanner, nothing. 

 

DDS Log: 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by Cathy at 21:32:07 on 2013-09-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8140.5098 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\SafeConnect\scManager.sys
C:\Program Files (x86)\AlienRespawn\sftservice.EXE
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AlienRespawn\TOASTER.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SndVol.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - 
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIGFOO~1.LNK - C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: NameServer = 157.62.75.3 157.62.75.2
TCP: Interfaces\{41937714-BC84-4DB4-9CA9-CED7E93F0865} : DHCPNameServer = 157.62.75.3 157.62.75.2
TCP: Interfaces\{41937714-BC84-4DB4-9CA9-CED7E93F0865}\2427967686473456461627 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{41937714-BC84-4DB4-9CA9-CED7E93F0865}\36F6C6463707F647 : DHCPNameServer = 8.8.8.8 209.18.47.61 209.18.47.62
TCP: Interfaces\{41937714-BC84-4DB4-9CA9-CED7E93F0865}\84940254870727563737027516573756F6E60213 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{41937714-BC84-4DB4-9CA9-CED7E93F0865}\B4E61607073723437484A7 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F4C4CF89-60BF-43C0-98CB-E4319FA6FC3D} : DHCPNameServer = 157.62.75.3 157.62.75.2
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-12-1 25960]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-12-1 21616]
R1 BfLwf;Bigfoot Networks Bandwidth Control;C:\Windows\System32\drivers\bflwfx64.sys [2011-3-29 68712]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-12-1 98208]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2011-3-22 15296]
R2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2011-3-29 763904]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-1 13336]
R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-12-7 202328]
R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys [2012-11-19 176520]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2011-12-1 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-2-18 378472]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-12-1 27760]
R3 Ak27x64;Killer Wireless-N 1102 device driver;C:\Windows\System32\drivers\Ak27x64.sys [2011-3-29 2705000]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-12-1 344616]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-12-1 176096]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-1 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-12-1 76912]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-12-1 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-12-1 181760]
S0 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2011-12-1 25688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-12-1 158976]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-12-1 173656]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 139616]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-2 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-2 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-2 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-23 1255736]
.
=============== Created Last 30 ================
.
2013-09-06 01:20:35 -------- d-----w- C:\Program Files (x86)\ESET
2013-09-05 20:11:02 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9CEAE50F-BA78-4795-92A4-44BA7B510DDE}\mpengine.dll
2013-09-05 06:02:15 -------- d-sh--w- C:\$RECYCLE.BIN
2013-09-05 05:55:48 98816 ----a-w- C:\Windows\sed.exe
2013-09-05 05:55:48 256000 ----a-w- C:\Windows\PEV.exe
2013-09-05 05:55:48 208896 ----a-w- C:\Windows\MBR.exe
2013-09-05 05:05:45 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-09-05 05:05:45 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2013-09-05 04:39:57 -------- d-----w- C:\TDSSKiller_Quarantine
2013-09-05 00:45:56 -------- d-----w- C:\ProgramData\EA Core
2013-09-04 23:15:38 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2013-09-04 23:00:24 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-04 22:57:25 -------- d-----w- C:\Program Files\AVAST Software
2013-09-04 22:54:09 -------- d-----w- C:\ProgramData\AVAST Software
2013-09-04 22:09:24 -------- d-----w- C:\Users\Cathy\AppData\Roaming\Malwarebytes
2013-09-04 22:09:10 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-04 22:09:08 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-04 22:09:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-04 22:08:47 -------- d-----w- C:\Users\Cathy\AppData\Local\Programs
2013-09-04 19:54:13 -------- d-----w- C:\Users\Cathy\AppData\Local\Weather_Notifications,_LL
2013-09-04 19:54:11 -------- d-----w- C:\Program Files (x86)\Minecraft
2013-09-04 19:53:48 -------- d-----w- C:\Users\Cathy\AppData\Local\GC
2013-09-04 19:53:46 -------- d-----w- C:\Users\Cathy\AppData\Local\DownloadTerms
2013-09-04 19:53:32 -------- d-----w- C:\Program Files (x86)\File Type Helper
2013-09-04 19:53:27 -------- d-----w- C:\Users\Cathy\AppData\Local\SwvUpdater
2013-09-04 19:50:41 -------- d-----w- C:\Users\Cathy\AppData\Roaming\.minecraft
2013-09-04 13:02:01 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-02 05:59:54 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-09-02 05:59:54 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2013-09-02 05:59:54 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2013-09-02 05:59:53 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2013-09-02 05:59:34 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2013-09-02 05:59:34 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2013-09-02 05:58:26 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-09-02 05:58:26 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-09-02 05:58:19 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-09-02 05:58:19 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-09-02 05:58:12 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2013-09-02 05:58:11 515584 ----a-w- C:\Windows\System32\timedate.cpl
2013-09-02 05:56:57 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-09-02 05:55:44 55296 ----a-w- C:\Windows\SysWow64\cero.rs
2013-09-02 05:54:48 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-09-02 05:54:48 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-09-02 05:54:47 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-09-02 05:54:47 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-09-02 05:54:47 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-09-02 05:54:46 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-09-02 05:54:46 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-09-02 05:54:41 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2013-09-02 05:54:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2013-09-02 05:53:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2013-09-02 05:53:35 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-09-02 05:53:32 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2013-09-02 05:53:31 503808 ----a-w- C:\Windows\System32\srcore.dll
2013-09-02 05:50:21 67072 ----a-w- C:\Windows\splwow64.exe
2013-09-02 05:50:21 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-08-31 16:27:45 -------- d-----w- C:\Program Files (x86)\SafeConnect
2013-08-26 02:14:44 -------- d-----w- C:\Users\Cathy\AppData\Local\Diagnostics
2013-08-25 21:35:36 258048 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll
2013-08-23 02:18:42 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0757C798-FB25-4C46-8BD9-83A108B98BC9}\gapaengine.dll
2013-08-15 19:19:46 -------- d-----w- C:\Users\Cathy\AppData\Local\Criterion Games
2013-08-15 03:24:00 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-15 03:24:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-14 21:54:19 -------- d-----w- C:\Program Files (x86)\Origin Games
2013-08-14 21:51:18 -------- d-----w- C:\Users\Cathy\AppData\Roaming\Origin
2013-08-14 21:51:17 -------- d-----w- C:\Users\Cathy\AppData\Local\Origin
2013-08-14 21:50:10 -------- d-----w- C:\ProgramData\Origin
2013-08-14 21:50:09 -------- d-----w- C:\ProgramData\Electronic Arts
2013-08-14 21:49:59 -------- d-----w- C:\Program Files (x86)\Origin
2013-08-10 00:58:00 -------- d-----w- C:\Users\Cathy\AppData\Local\Skyrim
2013-08-08 14:59:15 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M  ====================
.
2013-08-08 14:59:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-24 01:11:42 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-23 15:19:28 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 15:19:26 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-23 15:19:26 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-19 01:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-19 01:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
.
============= FINISH: 21:32:19.93 ===============
 

attach.zip

Link to post
Share on other sites

Hello Wintermadness and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
If you want to work with me, please stop doing anything.

Please do not run ComboFix without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Next, generate a new fresh DDS log files.

Link to post
Share on other sites

Hi Borislav, thanks for your help. So far I haven't seen the problem resurface, but better safe than sorry. Here is a fresh DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by Cathy at 14:50:55 on 2013-09-06
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8140.5908 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\SafeConnect\scManager.sys
C:\Program Files (x86)\AlienRespawn\sftservice.EXE
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\AlienRespawn\TOASTER.EXE
C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIGFOO~1.LNK - C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: NameServer = 157.62.75.3 157.62.75.2
TCP: Interfaces\{41937714-BC84-4DB4-9CA9-CED7E93F0865} : DHCPNameServer = 157.62.75.3 157.62.75.2
TCP: Interfaces\{41937714-BC84-4DB4-9CA9-CED7E93F0865}\2427967686473456461627 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{41937714-BC84-4DB4-9CA9-CED7E93F0865}\36F6C6463707F647 : DHCPNameServer = 8.8.8.8 209.18.47.61 209.18.47.62
TCP: Interfaces\{41937714-BC84-4DB4-9CA9-CED7E93F0865}\84940254870727563737027516573756F6E60213 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{41937714-BC84-4DB4-9CA9-CED7E93F0865}\B4E61607073723437484A7 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F4C4CF89-60BF-43C0-98CB-E4319FA6FC3D} : DHCPNameServer = 157.62.75.3 157.62.75.2
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-12-1 25960]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-12-1 21616]
R1 BfLwf;Bigfoot Networks Bandwidth Control;C:\Windows\System32\drivers\bflwfx64.sys [2011-3-29 68712]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-12-1 98208]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2011-3-22 15296]
R2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2011-3-29 763904]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-1 13336]
R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-12-7 202328]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 139616]
R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys [2012-11-19 176520]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2011-12-1 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-2-18 378472]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-12-1 27760]
R3 Ak27x64;Killer Wireless-N 1102 device driver;C:\Windows\System32\drivers\Ak27x64.sys [2011-3-29 2705000]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-12-1 344616]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-12-1 176096]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-1 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-12-1 76912]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-12-1 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-12-1 181760]
S0 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2011-12-1 25688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-12-1 158976]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-12-1 173656]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-2 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-2 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-2 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-23 1255736]
.
=============== Created Last 30 ================
.
2013-09-06 18:39:26 965008 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CB5A71F5-8973-4985-95E4-5EFA64174642}\gapaengine.dll
2013-09-06 18:39:10 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6C0A8272-BE9B-4BE2-8745-685D3842282F}\mpengine.dll
2013-09-06 01:59:24 -------- d-----w- C:\Users\Cathy\AppData\Roaming\Synaptics
2013-09-06 01:48:34 9515512 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-06 01:41:56 -------- d-----w- C:\AdwCleaner
2013-09-06 01:20:35 -------- d-----w- C:\Program Files (x86)\ESET
2013-09-05 06:02:15 -------- d-sh--w- C:\$RECYCLE.BIN
2013-09-05 05:55:48 98816 ----a-w- C:\Windows\sed.exe
2013-09-05 05:55:48 256000 ----a-w- C:\Windows\PEV.exe
2013-09-05 05:55:48 208896 ----a-w- C:\Windows\MBR.exe
2013-09-05 05:05:45 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-09-05 05:05:45 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2013-09-05 04:39:57 -------- d-----w- C:\TDSSKiller_Quarantine
2013-09-05 00:45:56 -------- d-----w- C:\ProgramData\EA Core
2013-09-04 23:15:38 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2013-09-04 23:00:24 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-04 22:57:25 -------- d-----w- C:\Program Files\AVAST Software
2013-09-04 22:54:09 -------- d-----w- C:\ProgramData\AVAST Software
2013-09-04 22:09:24 -------- d-----w- C:\Users\Cathy\AppData\Roaming\Malwarebytes
2013-09-04 22:09:10 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-04 22:09:08 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-04 22:09:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-04 22:08:47 -------- d-----w- C:\Users\Cathy\AppData\Local\Programs
2013-09-04 19:54:13 -------- d-----w- C:\Users\Cathy\AppData\Local\Weather_Notifications,_LL
2013-09-04 19:54:11 -------- d-----w- C:\Program Files (x86)\Minecraft
2013-09-04 19:53:48 -------- d-----w- C:\Users\Cathy\AppData\Local\GC
2013-09-04 19:50:41 -------- d-----w- C:\Users\Cathy\AppData\Roaming\.minecraft
2013-09-02 05:59:54 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-09-02 05:59:54 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2013-09-02 05:59:54 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2013-09-02 05:59:53 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2013-09-02 05:59:34 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2013-09-02 05:59:34 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2013-09-02 05:58:26 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-09-02 05:58:26 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-09-02 05:58:19 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-09-02 05:58:19 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-09-02 05:58:12 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2013-09-02 05:58:11 515584 ----a-w- C:\Windows\System32\timedate.cpl
2013-09-02 05:56:57 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-09-02 05:55:44 55296 ----a-w- C:\Windows\SysWow64\cero.rs
2013-09-02 05:54:48 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-09-02 05:54:48 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-09-02 05:54:47 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-09-02 05:54:47 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-09-02 05:54:47 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-09-02 05:54:46 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-09-02 05:54:46 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-09-02 05:54:41 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2013-09-02 05:54:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2013-09-02 05:53:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2013-09-02 05:53:35 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-09-02 05:53:32 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2013-09-02 05:53:31 503808 ----a-w- C:\Windows\System32\srcore.dll
2013-09-02 05:50:21 67072 ----a-w- C:\Windows\splwow64.exe
2013-09-02 05:50:21 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-08-31 16:27:45 -------- d-----w- C:\Program Files (x86)\SafeConnect
2013-08-26 02:14:44 -------- d-----w- C:\Users\Cathy\AppData\Local\Diagnostics
2013-08-25 21:35:36 258048 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll
2013-08-23 02:18:42 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0757C798-FB25-4C46-8BD9-83A108B98BC9}\gapaengine.dll
2013-08-15 19:19:46 -------- d-----w- C:\Users\Cathy\AppData\Local\Criterion Games
2013-08-15 03:24:00 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-15 03:24:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-14 21:54:19 -------- d-----w- C:\Program Files (x86)\Origin Games
2013-08-14 21:51:18 -------- d-----w- C:\Users\Cathy\AppData\Roaming\Origin
2013-08-14 21:51:17 -------- d-----w- C:\Users\Cathy\AppData\Local\Origin
2013-08-14 21:50:10 -------- d-----w- C:\ProgramData\Origin
2013-08-14 21:50:09 -------- d-----w- C:\ProgramData\Electronic Arts
2013-08-14 21:49:59 -------- d-----w- C:\Program Files (x86)\Origin
2013-08-10 00:58:00 -------- d-----w- C:\Users\Cathy\AppData\Local\Skyrim
2013-08-08 14:59:15 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M  ====================
.
2013-09-06 01:54:55 532208 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2013-09-06 01:54:55 114416 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2013-09-06 01:54:55 1048576 ----a-w- C:\Windows\System32\syndata.bin
2013-09-06 01:54:54 180464 ----a-w- C:\Windows\System32\SynTPCo16.dll
2013-09-06 01:54:53 1038064 ----a-w- C:\Windows\System32\SynCOM.dll
2013-09-06 01:54:50 229616 ----a-w- C:\Windows\System32\SynTPAPI.dll
2013-09-06 01:54:48 470256 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2013-08-08 14:59:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-24 01:11:42 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-23 15:19:28 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 15:19:26 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-23 15:19:26 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-19 01:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-19 01:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
.
============= FINISH: 14:51:12.35 ===============
Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.5.9 (09.07.2013:1)

OS: Windows 7 Home Premium x64

Ran by Cathy on Tue 09/10/2013 at 16:33:27.23

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 09/10/2013 at 16:35:03.49

Computer was rebooted

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.09.04.08

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

Cathy :: CATHY-PC [administrator]

 

9/10/2013 4:36:40 PM

mbam-log-2013-09-10 (16-36-40).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 248104

Time elapsed: 3 minute(s), 15 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

Link to post
Share on other sites

My bad. 

Update Malwarebytes and ran a quick scan, here's that log. 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.12.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Cathy :: CATHY-PC [administrator]
 
9/12/2013 12:53:08 PM
mbam-log-2013-09-12 (12-53-08).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249467
Time elapsed: 3 minute(s), 35 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.