nunevega Posted September 12, 2013 ID:728748 Share Posted September 12, 2013 Each time I restart the ransom screen pops up for a few seconds after windows loads and then it drops me back to the desktop and asks if I want to send a notice to Microsoft.here are the reports, DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 1.6.0_37Run by DMJ at 21:51:48 on 2013-09-11Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2180 [GMT -7:00].AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\AUDIODG.EXEC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exeC:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exec:\Program Files\Microsoft Mouse and Keyboard Center\itype.exeC:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exec:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exeC:\Program Files (x86)\EVGA Precision\EVGAPrecision.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exeC:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exeC:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEC:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exeC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exeC:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\SearchIndexer.exec:\Program Files\Microsoft Security Client\NisSrv.exeC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exec:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dlluURLSearchHooks: <No Name>: - LocalServer32 - <no file>mWinlogon: Userinit = userinit.exe,BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: MAGIX Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: MAGIX Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllTB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllTB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllTB: MAGIX Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dlluRun: [YfkAacAt] C:\Users\DMJ\AppData\Local\CRE\OWGaGlYi.exemRun: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -bmRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeStartupFolder: C:\Users\DMJ\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEStartupFolder: C:\Users\DMJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QYnusxFo.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PLAYWI~1.LNK - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlIE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllIE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllIE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: NameServer = 24.205.224.36 24.205.192.61 68.116.46.115TCP: Interfaces\{189CA46C-9323-4B68-A630-052571418A4A} : DHCPNameServer = 24.205.224.36 24.205.192.61 68.116.46.115TCP: Interfaces\{1EF7A2EE-6CC9-492B-AD5A-51CB2D25BEEC} : DHCPNameServer = 192.168.42.129TCP: Interfaces\{41BE79E2-E5E0-4F83-9CB8-ECFC271F6C48} : DHCPNameServer = 24.205.224.36 24.205.192.61 68.116.46.115TCP: Interfaces\{9054707B-AFC8-49D1-88F5-39E167AE85C3} : DHCPNameServer = 24.205.224.36 24.205.192.61 68.116.46.115TCP: Interfaces\{9054707B-AFC8-49D1-88F5-39E167AE85C3}\C696E6B6379737 : DHCPNameServer = 68.116.46.115 68.116.46.70 68.185.34.67TCP: Interfaces\{9054707B-AFC8-49D1-88F5-39E167AE85C3}\D416A65637479636 : DHCPNameServer = 24.205.224.36 24.205.192.61 68.116.46.115TCP: Interfaces\{B3BC16F9-ED54-4A48-9E3C-8C66F9722BA4} : DHCPNameServer = 24.205.224.36 24.205.192.61 68.116.46.115Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllAppInit_DLLs= C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-BHO: Save Valet: {F0F12903-DE76-4DF7-BCDC-0A0689151189} -x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\DMJ\AppData\Roaming\Mozilla\Firefox\Profiles\9ivpxosr.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npitifffree.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\DMJ\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dllFF - plugin: C:\Users\DMJ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dllFF - plugin: C:\Windows\SysWOW64\npdeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - plugin: C:\Windows\SysWOW64\npptools.dllFF - ExtSQL: !HIDDEN! 2010-09-23 16:55; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3.---- FIREFOX POLICIES ----FF - user.js: security.csp.enable - falseFF - user.js: extensions.autoDisableScopes - 0FF - user.js: extensions.shownSelectionUI - trueFF - user.js: extensions.delta.tlbrSrchUrl -FF - user.js: extensions.delta.id - 3cf6bde100000000000008863b512d71FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}FF - user.js: extensions.delta.instlDay - 15934FF - user.js: extensions.delta.vrsn - 1.8.24.5FF - user.js: extensions.delta.vrsni - 1.8.24.5FF - user.js: extensions.delta.vrsnTs - 1.8.24.512:56:16FF - user.js: extensions.delta.prtnrId - deltaFF - user.js: extensions.delta.prdct - deltaFF - user.js: extensions.delta.aflt - babsstFF - user.js: extensions.delta.smplGrp - noneFF - user.js: extensions.delta.tlbrId - baseFF - user.js: extensions.delta.instlRef - sstFF - user.js: extensions.delta.dfltLng - enFF - user.js: extensions.delta.excTlbr - falseFF - user.js: extensions.delta.ffxUnstlRst - trueFF - user.js: extensions.delta.admin - falseFF - user.js: extensions.delta_i.babTrack - affID=119351&tsp=4977FF - user.js: extensions.delta_i.babExt -FF - user.js: extensions.delta_i.srcExt - ssFF - user.js: extensions.delta.autoRvrt - falseFF - user.js: extensions.delta.rvrt - falseFF - user.js: extensions.delta.newTab - falseFF - user.js: yahoo.ytff.general.dontshowhpoffer - true============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [2010-9-2 96896]R2 cpuz134;cpuz134;C:\Windows\System32\drivers\cpuz134_x64.sys [2010-9-2 21480]R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2011-6-16 87368]R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-1 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-1 701512]R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-4-26 223088]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-9-7 14984480]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-8-18 414496]R2 WLANBelkinService;Belkin WLAN service;C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-9-2 25928]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-9-3 39712]R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision\RTCore64.sys [2010-8-10 14440]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-21 452200]R3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;C:\Windows\System32\drivers\rtl8192cu.sys [2012-8-8 848384]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-9-2 1250816]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2011-8-12 19456]S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2011-8-12 27648]S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2011-8-12 27136]S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2011-8-12 33792]S3 BCMH43XX;N+ Wireless USB Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2009-11-6 838136]S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-6-28 49152]S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936]S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2011-4-4 21504]S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-3-27 97040]S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2010-4-1 26624]S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2010-1-25 10240]S3 MRV6X64P;Vista 64-bits Native WiFi Driver;C:\Windows\System32\drivers\MRVW13C.sys [2007-5-3 244736]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-22 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-4 1255736].=============== Created Last 30 ================.2013-09-12 04:51:25 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56EDB97B-32F6-4CDF-A5AC-3BD5B0BBA3E5}\offreg.dll2013-09-12 03:50:13 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56EDB97B-32F6-4CDF-A5AC-3BD5B0BBA3E5}\mpengine.dll2013-09-11 20:32:08 -------- d-----w- C:\Users\DMJ\AppData\Local\jwSKQAUj2013-09-11 20:32:04 -------- d-----w- C:\Users\DMJ\AppData\Local\bpVEiVZe2013-09-11 20:32:01 149504 --s---w- C:\Users\DMJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QYnusxFo.exe2013-09-11 03:23:13 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-09-07 08:37:15 965008 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2ED2A715-E4EA-4259-9812-E6E301CC2FD9}\gapaengine.dll2013-09-07 07:59:52 -------- d-----w- C:\Program Files (x86)\RivaTuner Statistics Server2013-09-07 07:59:23 -------- d-----w- C:\Program Files (x86)\EVGA Precision X2013-09-05 07:15:34 -------- d-----w- C:\Users\DMJ\AppData\Local\VisualBeeExe2013-09-05 07:14:42 -------- d-----w- C:\Users\DMJ\AppData\Roaming\Systweak2013-09-05 07:14:29 -------- d-----w- C:\Users\DMJ\AppData\Roaming\DSite2013-09-04 21:59:44 -------- d-----w- C:\Program Files\Core Temp2013-09-04 21:59:36 -------- d-----w- C:\Program Files (x86)\Yahoo Browser Settings2013-09-04 00:34:19 -------- d-----w- C:\Users\DMJ\AppData\Local\NVIDIA2013-09-04 00:31:52 -------- dc----w- C:\NvidiaLogging2013-09-04 00:24:38 39712 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys2013-09-04 00:24:38 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll2013-09-04 00:24:38 28448 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll2013-08-24 19:49:26 -------- d-----w- C:\Windows\SysWow64\searchplugins2013-08-24 19:49:26 -------- d-----w- C:\Windows\SysWow64\Extensions2013-08-18 21:58:20 571168 ----a-w- C:\Windows\SysWow64\nvStreaming.exe2013-08-17 21:06:00 -------- d-----w- C:\Users\DMJ\AppData\Local\avgchrome2013-08-17 19:55:49 -------- d-----w- C:\ProgramData\Babylon2013-08-17 19:55:48 -------- d-----w- C:\Program Files (x86)\FLVPlayer2013-08-15 17:19:02 -------- d-----w- C:\Users\DMJ\AppData\Local\{33CB860D-936D-4A6A-88EE-C9F5D19FDFEE}2013-08-15 10:01:32 -------- d-----w- C:\Windows\System32\MRT.==================== Find3M ====================.2013-09-10 19:05:23 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-09-10 19:05:23 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-08-18 19:34:11 6599968 ----a-w- C:\Windows\System32\nvcpl.dll2013-08-18 19:34:10 3452192 ----a-w- C:\Windows\System32\nvsvc64.dll2013-08-18 19:34:08 920864 ----a-w- C:\Windows\System32\nvvsvc.exe2013-08-18 19:34:08 63776 ----a-w- C:\Windows\System32\nvshext.dll2013-08-18 19:34:07 219424 ----a-w- C:\Windows\System32\nvmctray.dll2013-08-17 05:30:06 3319709 ----a-w- C:\Windows\System32\nvcoproc.bin2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-21 16:35:03 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll2013-07-21 16:34:59 972712 ----a-w- C:\Windows\System32\deployJava1.dll2013-07-21 16:34:59 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-06-16 12:38:18 31520 ----a-w- C:\Windows\System32\nvhdap64.dll2013-06-16 12:38:15 196384 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys.============= FINISH: 21:53:55.78 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 9/2/2010 3:17:14 PMSystem Uptime: 9/11/2013 9:50:08 PM (0 hours ago).Motherboard: ASUSTeK Computer INC. | | P7P55D-E PROProcessor: Intel® Core i7 CPU 860 @ 2.80GHz | LGA1156 | 1176/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 931 GiB total, 515.659 GiB free.D: is CDROM (UDF)E: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP448: 9/7/2013 9:55:44 AM - Device Driver Package Install: NVIDIA Universal Serial Bus controllersRP449: 9/10/2013 8:22:44 PM - Windows UpdateRP450: 9/11/2013 6:13:30 PM - Device Driver Package Install: Microsoft Network adaptersRP451: 9/11/2013 8:05:53 PM - Restore Operation.==== Installed Programs ======================.64 Bit HP CIO Components Installer7-zip v9.20Adobe AIRAdobe Digital EditionsAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.03)AI SuiteAIO_CDA_ProductContextAIO_CDA_SoftwareAIO_ScanApple Application SupportApple Mobile Device SupportApple Software UpdateAsk ToolbarBattlEye for OA UninstallBelkin N300 Micro USB Wireless AdapterBlenderBonjourBufferChmC4100c4100_HelpCCleanerCopyCore Temp 1.0 RC5CPUID CPU-Z 1.55D3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDestinationsDeviceDiscoveryDocProcDocument Express DjVu Plug-inDVD Shrink 3.2EPSON Artisan 810 Series Printer UninstallEPSON ScanEVGA Precision 1.9.6Facebook Video Calling 1.2.0.287FaxFirebird SQL Server - MAGIX EditionFolk TaleGeForce Experience NvStream Client ComponentsGoogle Calendar SyncGoogle ChromeGoogle SketchUp Pro 8Google Update HelperGPBaseService2HP Customer Participation Program 13.0HP Imaging Device Functions 13.0HP Photosmart All-In-One Driver Software 13.0 Rel. AHP Photosmart Essential 3.5HP Smart Web Printing 4.51HP Solution Center 13.0HP UpdateHPPhotoGadgetHPPhotoSmartDiscLabelContent1HPPhotosmartEssentialHPProductAssistantHPSSupplyiCloudImpulseinterneTIFF 2012 FREE Version 10 (Firefox Browser)iTunesIZArc 4.1.6Java 7 Update 25 (64-bit)Java Auto UpdaterJava 6 Update 37LeapFrog ConnectLeapFrog My Pals PluginLG SP USB DriverLG United Mobile DriverLibUSB-Win32-0.1.10.1MAGIX Goya burnR (MSI)MAGIX Music Maker MXMAGIX ScreenshareMalwarebytes Anti-Malware version 1.75.0.1300MarketResearchMaster of Orion IIMicrosoft .NET Framework 1.1Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)Microsoft Games for Windows - LIVE RedistributableMicrosoft Games for Windows MarketplaceMicrosoft Mouse and Keyboard CenterMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Home and Business 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft XNA Framework Redistributable 3.1Microsoft XNA Framework Redistributable 4.0 RefreshMotioninJoy ds3 driver version 0.6.0003MotoHelper 2.0.51 Driver 5.1.0MotoHelper MergeModulesMOTOROLA MEDIA LINKMotorola Mobile Drivers Installation 5.1.0Mozilla Firefox 17.0 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)MSXML 4.0 SP3 Parser (KB973685)NEC Electronics USB 3.0 Host Controller DriverNetwork64NVIDIA 3D Vision Controller DriverNVIDIA 3D Vision Controller Driver 326.80NVIDIA 3D Vision Driver 326.80NVIDIA Control Panel 326.80NVIDIA Display Control PanelNVIDIA GeForce Experience 1.6.1NVIDIA Graphics Driver 326.80NVIDIA HD Audio Driver 1.3.26.4NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.13.0725NVIDIA Stereoscopic 3D DriverNVIDIA Update 8.3.14NVIDIA Update ComponentsNVIDIA Virtual Audio 1.2.2OCR Software by I.R.I.S. 13.0PCSX2 - Playstation 2 EmulatorPhotoScapePlanetSide 2PlatformPlay Wireless USB AdapterPlayalot GamesPVSonyDllQuickTimeRevo Uninstaller 1.93RoboForm 7-9-0-0 (All Users)SAMSUNG USB Driver for Mobile PhonesScanSchoolSite LocatorSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit EditionSecurity Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687276) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft OneNote 2010 (KB2760600) 32-Bit EditionSecurity Update for Microsoft Publisher 2010 (KB2553147) 32-Bit EditionSecurity Update for Microsoft Visio 2010 (KB2810068) 32-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionSHIELD StreamingShop for HP SuppliesSmartWebPrintingSolutionCenterSource SDK Base 2007StatusSteamSUPERAntiSpywareSystem Requirements LabText-To-Speech-RuntimeToolboxTrayAppTurboV EVOUbisoft Game LauncherUnity Web PlayerUnloadSupportUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553378) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687503) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2767886) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2597090) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2598240) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionUse the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)VIA Platform Device ManagerWarhammer® 40,000®: Dawn of War® II – Retribution™WebRegWindows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackXCOM: Enemy UnknownYahoo Browser SettingsYahoo! Software Update.==== Event Viewer Messages From Past Week ========.9/9/2013 6:46:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.9/9/2013 6:46:12 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.9/9/2013 6:33:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8003d394e0, 0xfffff880049b06f0, 0xffffffffc00000b5, 0x000000000000000a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090913-20654-01.9/9/2013 10:47:26 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8004199010, 0xfffff880049776f0, 0xffffffffc00000b5, 0x000000000000000a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090913-21278-01.9/7/2013 9:20:02 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000101 (0x0000000000000019, 0x0000000000000000, 0xfffff88003167180, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090713-21949-01.9/7/2013 5:06:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8007ae1010, 0xfffff880049d56f0, 0xffffffffc00000b5, 0x000000000000000a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090713-20997-01.9/7/2013 12:48:18 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000101 (0x0000000000000019, 0x0000000000000000, 0xfffff88003167180, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090713-34741-01.9/7/2013 11:18:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000101 (0x0000000000000019, 0x0000000000000000, 0xfffff880030f7180, 0x0000000000000006). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090713-21481-01.9/7/2013 1:37:19 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.9/7/2013 1:25:38 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x80004005 Error description: Unspecified error Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.9/7/2013 1:13:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}9/7/2013 1:11:58 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.9/7/2013 1:11:51 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000101 (0x0000000000000019, 0x0000000000000000, 0xfffff88003167180, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090713-40513-01.9/7/2013 1:11:46 AM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.9/5/2013 7:32:39 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-21470148479/5/2013 12:18:52 AM, Error: Service Control Manager [7031] - The Update WebConnect service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.9/4/2013 2:48:16 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000101 (0x0000000000000019, 0x0000000000000000, 0xfffff88003167180, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090413-23821-01.9/4/2013 2:42:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000101 (0x0000000000000019, 0x0000000000000000, 0xfffff880030f7180, 0x0000000000000006). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090413-30076-01.9/4/2013 12:15:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}9/4/2013 12:08:39 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.9/4/2013 10:13:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8003f134e0, 0xfffff880049ee6f0, 0xffffffffc00000b5, 0x000000000000000a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090413-20638-01.9/11/2013 9:50:47 PM, Error: Service Control Manager [7000] - The LibUsb-Win32 - Daemon, Version 0.1.10.1 service failed to start due to the following error: The system cannot find the file specified.9/11/2013 9:50:25 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.9/11/2013 9:47:38 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.9/11/2013 9:47:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}9/11/2013 9:46:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}9/11/2013 9:46:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}9/11/2013 9:31:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}9/11/2013 9:31:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}9/11/2013 9:31:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}9/11/2013 9:31:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}9/11/2013 9:31:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO discache MpFilter SASDIFSV SASKUTIL spldr Wanarpv69/11/2013 7:54:15 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.9/11/2013 7:54:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}9/11/2013 7:54:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}9/11/2013 7:53:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf9/11/2013 7:53:55 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.9/11/2013 7:53:55 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.9/11/2013 7:53:55 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.9/11/2013 7:53:55 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.9/11/2013 7:53:55 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.9/11/2013 7:53:55 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.9/11/2013 7:53:55 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.9/11/2013 7:53:55 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.9/11/2013 7:53:55 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.9/11/2013 7:53:55 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.9/11/2013 7:28:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800863f4e0, 0xfffff8800499a6f0, 0xffffffffc00000b5, 0x000000000000000a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091113-20295-01.9/11/2013 6:52:02 PM, Error: nvlddmkm [14] -9/10/2013 8:10:20 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.9/10/2013 10:06:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.9/10/2013 10:06:17 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion..==== End Of File =========================== Link to post Share on other sites More sharing options...
Psychotic Posted September 12, 2013 ID:728756 Share Posted September 12, 2013 Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. Scan with Gmer rootkit scannerPlease download Gmer from here by clicking on the "Download EXE" Button.Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. In the right panel, you will see several boxes that have been checked. Uncheck the following ...Sections IAT/EAT Show All ( should be unchecked by default )[*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Link to post Share on other sites More sharing options...
nunevega Posted September 12, 2013 Author ID:728758 Share Posted September 12, 2013 Thank you for the quick reply Marius.Here is the atk.txt result, GMER 2.1.19163 - http://www.gmer.netRootkit scan 2013-09-11 22:58:21Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1002FAEX-00Z3A0 rev.05.01D05 931.51GBRunning: uncdxmck.exe; Driver: C:\Users\DMJ\AppData\Local\Temp\uwldapow.sys---- Registry - GMER 2.1 ----Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 10836---- EOF - GMER 2.1 ---- Link to post Share on other sites More sharing options...
Psychotic Posted September 12, 2013 ID:728787 Share Posted September 12, 2013 CombofixCombofix should only be run when adviced by a team member!LinkImportant - Save the file to your desktop! Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work. Run Combofix.exeWhen finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this. Link to post Share on other sites More sharing options...
nunevega Posted September 12, 2013 Author ID:728950 Share Posted September 12, 2013 ComboFix 13-09-10.03 - DMJ 09/12/2013 6:41.1.8 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2218 [GMT -7:00]Running from: c:\users\DMJ\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\ENDc:\users\DMJ\AppData\Roaming\Mozilla\Firefox\Profiles\9ivpxosr.default\searchplugins\bing-zugo.xmlc:\users\DMJ\Documents\~WRL0214.tmpc:\users\DMJ\Documents\~WRL1844.tmpc:\users\DMJ\Documents\ShopToWinc:\users\Public\sdelevURL.tmpc:\windows\security\Database\tmp.edbc:\windows\SysWow64\local.txtc:\windows\SysWow64\Packet.dllc:\windows\SysWow64\pthreadVC.dllc:\windows\SysWow64\wpcap.dllc:\windows\wininit.ini..((((((((((((((((((((((((( Files Created from 2013-08-12 to 2013-09-12 )))))))))))))))))))))))))))))))..2013-09-12 13:48 . 2013-09-12 13:48 -------- d-----w- c:\users\hedev\AppData\Local\temp2013-09-12 13:48 . 2013-09-12 13:48 -------- d-----w- c:\users\Default\AppData\Local\temp2013-09-12 11:16 . 2013-09-12 11:16 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56EDB97B-32F6-4CDF-A5AC-3BD5B0BBA3E5}\offreg.dll2013-09-12 10:45 . 2013-08-10 05:22 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll2013-09-12 10:45 . 2013-08-10 05:21 53248 ----a-w- c:\windows\system32\jsproxy.dll2013-09-12 10:45 . 2013-08-10 03:59 1767936 ----a-w- c:\windows\SysWow64\wininet.dll2013-09-12 10:45 . 2013-08-10 03:59 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll2013-09-12 10:45 . 2013-08-10 03:58 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll2013-09-12 10:45 . 2013-08-10 05:22 2241024 ----a-w- c:\windows\system32\wininet.dll2013-09-12 10:45 . 2013-08-10 05:20 15404544 ----a-w- c:\windows\system32\ieframe.dll2013-09-12 10:45 . 2013-08-10 05:21 19246592 ----a-w- c:\windows\system32\mshtml.dll2013-09-12 03:50 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56EDB97B-32F6-4CDF-A5AC-3BD5B0BBA3E5}\mpengine.dll2013-09-11 20:32 . 2013-09-11 20:32 -------- d-----w- c:\users\DMJ\AppData\Local\jwSKQAUj2013-09-11 20:32 . 2013-09-11 20:32 -------- d-----w- c:\users\DMJ\AppData\Local\bpVEiVZe2013-09-11 20:32 . 2013-09-11 20:31 149504 --s---w- c:\users\DMJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QYnusxFo.exe2013-09-11 03:23 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-09-07 08:37 . 2013-09-07 08:35 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2ED2A715-E4EA-4259-9812-E6E301CC2FD9}\gapaengine.dll2013-09-07 07:59 . 2013-09-07 08:22 -------- d-----w- c:\program files (x86)\RivaTuner Statistics Server2013-09-07 07:59 . 2013-09-07 08:22 -------- d-----w- c:\program files (x86)\EVGA Precision X2013-09-05 07:15 . 2013-09-05 07:19 -------- d-----w- c:\users\DMJ\AppData\Local\VisualBeeExe2013-09-05 07:14 . 2013-09-05 07:23 -------- d-----w- c:\users\DMJ\AppData\Roaming\Systweak2013-09-05 07:14 . 2013-09-05 07:14 -------- d-----w- c:\users\DMJ\AppData\Roaming\DSite2013-09-04 21:59 . 2013-09-12 04:20 -------- d-----w- c:\program files\Core Temp2013-09-04 21:59 . 2013-09-07 08:22 -------- d-----w- c:\program files (x86)\Yahoo Browser Settings2013-09-04 00:34 . 2013-09-04 00:34 -------- d-----w- c:\users\DMJ\AppData\Local\NVIDIA2013-09-04 00:31 . 2013-09-04 00:31 -------- dc----w- C:\NvidiaLogging2013-09-04 00:30 . 2013-09-04 00:30 -------- d-----w- c:\program files (x86)\AGEIA Technologies2013-09-04 00:28 . 2013-09-12 03:34 -------- d-----w- c:\users\UpdatusUser2013-09-04 00:24 . 2013-07-18 17:15 39712 ----a-w- c:\windows\system32\drivers\nvvad64v.sys2013-09-04 00:24 . 2013-07-18 17:15 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll2013-09-04 00:24 . 2013-07-18 17:15 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll2013-08-24 19:49 . 2013-08-24 19:49 -------- d-----w- c:\windows\SysWow64\searchplugins2013-08-24 19:49 . 2013-08-24 19:49 -------- d-----w- c:\windows\SysWow64\Extensions2013-08-18 21:58 . 2013-08-18 21:58 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe2013-08-17 21:06 . 2013-08-17 21:06 -------- d-----w- c:\users\DMJ\AppData\Local\avgchrome2013-08-17 19:55 . 2013-08-17 19:55 -------- d-----w- c:\programdata\Babylon2013-08-17 19:55 . 2013-08-17 19:55 -------- d-----w- c:\program files (x86)\FLVPlayer2013-08-15 10:01 . 2013-09-12 10:45 -------- d-----w- c:\windows\system32\MRT2013-08-14 14:53 . 2013-08-14 14:53 18634944 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-09-12 10:44 . 2010-09-17 14:59 79143768 ----a-w- c:\windows\system32\MRT.exe2013-09-10 19:05 . 2012-04-12 15:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-09-10 19:05 . 2011-07-23 04:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-22 17:29 . 2012-06-13 00:10 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-08-18 19:34 . 2010-07-09 23:17 6599968 ----a-w- c:\windows\system32\nvcpl.dll2013-08-18 19:34 . 2010-07-09 23:17 3452192 ----a-w- c:\windows\system32\nvsvc64.dll2013-08-18 19:34 . 2010-07-09 23:27 63776 ----a-w- c:\windows\system32\nvshext.dll2013-08-18 19:34 . 2010-07-09 23:17 920864 ----a-w- c:\windows\system32\nvvsvc.exe2013-08-18 19:34 . 2010-07-09 23:17 219424 ----a-w- c:\windows\system32\nvmctray.dll2013-08-17 05:30 . 2012-03-03 05:31 3319709 ----a-w- c:\windows\system32\nvcoproc.bin2013-08-02 01:48 . 2013-09-11 17:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-07-21 16:35 . 2013-07-21 16:35 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll2013-07-21 16:35 . 2013-07-21 16:35 312232 ----a-w- c:\windows\system32\javaws.exe2013-07-21 16:35 . 2013-07-21 16:35 189352 ----a-w- c:\windows\system32\javaw.exe2013-07-21 16:35 . 2013-07-21 16:35 188840 ----a-w- c:\windows\system32\java.exe2013-07-21 16:34 . 2013-07-21 16:35 972712 ----a-w- c:\windows\system32\deployJava1.dll2013-07-21 16:34 . 2013-07-21 16:35 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712].[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]2010-09-29 06:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712].[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"YfkAacAt"="c:\users\DMJ\AppData\Local\CRE\OWGaGlYi.exe" [2013-09-11 149504].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-05-06 9921664]"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2010-03-25 611968]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888].c:\users\DMJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]QYnusxFo.exe [2013-9-11 149504].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe;c:\windows\SYSNATIVE\libusbd-nt.exe [x]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe [x]R3 ALSysIO;ALSysIO;c:\users\DMJ\AppData\Local\Temp\ALSysIO64.sys;c:\users\DMJ\AppData\Local\Temp\ALSysIO64.sys [x]R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]R3 MRV6X64P;Vista 64-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13C.sys;c:\windows\SYSNATIVE\DRIVERS\MRVW13C.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [x]S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz134_x64.sys [x]S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys;c:\program files (x86)\EVGA Precision\RTCore64.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-09-04 15:51 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 19:05].2013-09-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2839669530-1956647516-2849348352-1001Core.job- c:\users\DMJ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-05 04:55].2013-09-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2839669530-1956647516-2849348352-1001UA.job- c:\users\DMJ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-05 04:55].2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 06:28].2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 06:28]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.local;192.168.*.*IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105Trusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115FF - ProfilePath - c:\users\DMJ\AppData\Roaming\Mozilla\Firefox\Profiles\9ivpxosr.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - ExtSQL: !HIDDEN! 2010-09-23 16:55; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF - user.js: security.csp.enable - falseFF - user.js: extensions.autoDisableScopes - 0FF - user.js: extensions.shownSelectionUI - trueFF - user.js: extensions.delta.tlbrSrchUrl -FF - user.js: extensions.delta.id - 3cf6bde100000000000008863b512d71FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}FF - user.js: extensions.delta.instlDay - 15934FF - user.js: extensions.delta.vrsn - 1.8.24.5FF - user.js: extensions.delta.vrsni - 1.8.24.5FF - user.js: extensions.delta.vrsnTs - 1.8.24.512:56FF - user.js: extensions.delta.prtnrId - deltaFF - user.js: extensions.delta.prdct - deltaFF - user.js: extensions.delta.aflt - babsstFF - user.js: extensions.delta.smplGrp - noneFF - user.js: extensions.delta.tlbrId - baseFF - user.js: extensions.delta.instlRef - sstFF - user.js: extensions.delta.dfltLng - enFF - user.js: extensions.delta.excTlbr - falseFF - user.js: extensions.delta.ffxUnstlRst - trueFF - user.js: extensions.delta.admin - falseFF - user.js: extensions.delta_i.babTrack - affID=119351&tsp=4977FF - user.js: extensions.delta_i.babExt -FF - user.js: extensions.delta_i.srcExt - ssFF - user.js: extensions.delta.autoRvrt - falseFF - user.js: extensions.delta.rvrt - falseFF - user.js: extensions.delta.newTab - falseFF - user.js: yahoo.ytff.general.dontshowhpoffer - true.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKLM-Run-<NO NAME> - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startBHO-{F0F12903-DE76-4DF7-BCDC-0A0689151189} - c:\program files (x86)\SaveValet\ie\SaveValetIE_64.dllAddRemove-3088945428.www.schoolsiteonline.com - c:\program files (x86)\Microsoft Silverlight\4.1.10111.0\Silverlight.Configuration.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-09-12 06:50:16ComboFix-quarantined-files.txt 2013-09-12 13:50.Pre-Run: 555,827,666,944 bytes freePost-Run: 555,768,336,384 bytes free.- - End Of File - - 502FE0DC51892643A3011C046097A6BFA36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
nunevega Posted September 12, 2013 Author ID:729053 Share Posted September 12, 2013 Things seem to have gotten worse. Now it keeps me on the fbi ransom page and does not drop me to the desk top. I am getting on wwith safemode w/networking. Link to post Share on other sites More sharing options...
Psychotic Posted September 13, 2013 ID:729249 Share Posted September 13, 2013 Combofix scripting1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Download the attached CFScript.txt and save it to the location where Combofix is.Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Full System Scan with Malwarebytes AntimalwareIf not existing, please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If the program is already installed:Run Malwarebytes Antimalware If an update is found, it will download and install the latest version. Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt Post that log back here.CFScript.txt Link to post Share on other sites More sharing options...
nunevega Posted September 13, 2013 Author ID:729467 Share Posted September 13, 2013 ComboFix 13-09-10.03 - DMJ 09/13/2013 7:41.2.8 - x64 NETWORKMicrosoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.3099 [GMT -7:00]Running from: c:\users\DMJ\Desktop\ComboFix.exeCommand switches used :: c:\users\DMJ\Desktop\CFScript.txtAV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point.FILE ::"c:\users\DMJ\AppData\Local\CRE\OWGaGlYi.exe""c:\users\DMJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QYnusxFo.exe"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\Ask.comc:\program files (x86)\Ask.com\btn_search.pngc:\program files (x86)\Ask.com\cobrand.icoc:\program files (x86)\Ask.com\config.xmlc:\program files (x86)\Ask.com\favicon.icoc:\program files (x86)\Ask.com\fv_b911.icoc:\program files (x86)\Ask.com\GenericAskToolbar.dllc:\program files (x86)\Ask.com\limewire_logo.pngc:\program files (x86)\Ask.com\mupcfg.xmlc:\program files (x86)\Ask.com\SaUpdate.exec:\program files (x86)\Ask.com\UpdateTask.exec:\programdata\Babylonc:\users\DMJ\AppData\Local\bpVEiVZec:\users\DMJ\AppData\Local\CRE\OWGaGlYi.exec:\users\DMJ\AppData\Local\jwSKQAUjc:\users\DMJ\AppData\Local\jwSKQAUj\css\all.cssc:\users\DMJ\AppData\Local\jwSKQAUj\css\style-custom.cssc:\users\DMJ\AppData\Local\jwSKQAUj\images\arrow.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-box-bottom.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-box.jpgc:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-btn-sprite.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-header-repeat.gifc:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-html.jpgc:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-li.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-track.gifc:\users\DMJ\AppData\Local\jwSKQAUj\images\content\img1.jpgc:\users\DMJ\AppData\Local\jwSKQAUj\images\content\img2.jpgc:\users\DMJ\AppData\Local\jwSKQAUj\images\content\img3.jpgc:\users\DMJ\AppData\Local\jwSKQAUj\images\content\img4.jpgc:\users\DMJ\AppData\Local\jwSKQAUj\images\dominicks.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\dotted-copy.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\dotted-small.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\dotted.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\epay.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\genuardis.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\logo-ie.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\logo.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\moneypack.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\nowprepay.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\oder.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\paysafe.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\pioneer.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\precash.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\price.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\safeway.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\sagamie.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\shoprite.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\total.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\usa.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\webcam.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\x.jpgc:\users\DMJ\AppData\Local\jwSKQAUj\index.htmlc:\users\DMJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QYnusxFo.exe..((((((((((((((((((((((((( Files Created from 2013-08-13 to 2013-09-13 )))))))))))))))))))))))))))))))..2013-09-13 14:50 . 2013-09-13 14:50 -------- d-----w- c:\users\hedev\AppData\Local\temp2013-09-13 14:50 . 2013-09-13 14:50 -------- d-----w- c:\users\Default\AppData\Local\temp2013-09-12 20:21 . 2013-09-12 20:21 -------- d-----w- c:\users\DMJ\AppData\Local\ElevatedDiagnostics2013-09-12 20:17 . 2013-09-12 20:17 -------- d-----w- c:\program files\wrapper_inst2013-09-12 20:17 . 2013-09-12 20:17 -------- d-----w- c:\program files (x86)\wrapper_inst2013-09-12 11:16 . 2013-09-12 11:16 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56EDB97B-32F6-4CDF-A5AC-3BD5B0BBA3E5}\offreg.dll2013-09-12 10:45 . 2013-08-10 05:22 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll2013-09-12 10:45 . 2013-08-10 05:21 53248 ----a-w- c:\windows\system32\jsproxy.dll2013-09-12 10:45 . 2013-08-10 03:59 1767936 ----a-w- c:\windows\SysWow64\wininet.dll2013-09-12 10:45 . 2013-08-10 03:59 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll2013-09-12 10:45 . 2013-08-10 03:58 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll2013-09-12 10:45 . 2013-08-10 05:22 2241024 ----a-w- c:\windows\system32\wininet.dll2013-09-12 10:45 . 2013-08-10 05:20 15404544 ----a-w- c:\windows\system32\ieframe.dll2013-09-12 10:45 . 2013-08-10 05:21 19246592 ----a-w- c:\windows\system32\mshtml.dll2013-09-12 03:50 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56EDB97B-32F6-4CDF-A5AC-3BD5B0BBA3E5}\mpengine.dll2013-09-11 03:23 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-09-07 08:37 . 2013-09-07 08:35 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2ED2A715-E4EA-4259-9812-E6E301CC2FD9}\gapaengine.dll2013-09-07 07:59 . 2013-09-07 08:22 -------- d-----w- c:\program files (x86)\RivaTuner Statistics Server2013-09-07 07:59 . 2013-09-07 08:22 -------- d-----w- c:\program files (x86)\EVGA Precision X2013-09-05 07:15 . 2013-09-05 07:19 -------- d-----w- c:\users\DMJ\AppData\Local\VisualBeeExe2013-09-05 07:14 . 2013-09-05 07:23 -------- d-----w- c:\users\DMJ\AppData\Roaming\Systweak2013-09-05 07:14 . 2013-09-05 07:14 -------- d-----w- c:\users\DMJ\AppData\Roaming\DSite2013-09-04 21:59 . 2013-09-12 04:20 -------- d-----w- c:\program files\Core Temp2013-09-04 21:59 . 2013-09-07 08:22 -------- d-----w- c:\program files (x86)\Yahoo Browser Settings2013-09-04 00:34 . 2013-09-04 00:34 -------- d-----w- c:\users\DMJ\AppData\Local\NVIDIA2013-09-04 00:31 . 2013-09-04 00:31 -------- dc----w- C:\NvidiaLogging2013-09-04 00:30 . 2013-09-04 00:30 -------- d-----w- c:\program files (x86)\AGEIA Technologies2013-09-04 00:28 . 2013-09-12 03:34 -------- d-----w- c:\users\UpdatusUser2013-09-04 00:24 . 2013-07-18 17:15 39712 ----a-w- c:\windows\system32\drivers\nvvad64v.sys2013-09-04 00:24 . 2013-07-18 17:15 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll2013-09-04 00:24 . 2013-07-18 17:15 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll2013-08-24 19:49 . 2013-08-24 19:49 -------- d-----w- c:\windows\SysWow64\searchplugins2013-08-24 19:49 . 2013-08-24 19:49 -------- d-----w- c:\windows\SysWow64\Extensions2013-08-18 21:58 . 2013-08-18 21:58 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe2013-08-17 21:06 . 2013-08-17 21:06 -------- d-----w- c:\users\DMJ\AppData\Local\avgchrome2013-08-17 19:55 . 2013-08-17 19:55 -------- d-----w- c:\program files (x86)\FLVPlayer2013-08-15 10:01 . 2013-09-12 10:45 -------- d-----w- c:\windows\system32\MRT2013-08-14 14:53 . 2013-08-14 14:53 18634944 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-09-12 10:44 . 2010-09-17 14:59 79143768 ----a-w- c:\windows\system32\MRT.exe2013-09-10 19:05 . 2012-04-12 15:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-09-10 19:05 . 2011-07-23 04:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-22 17:29 . 2012-06-13 00:10 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-08-18 19:34 . 2010-07-09 23:17 6599968 ----a-w- c:\windows\system32\nvcpl.dll2013-08-18 19:34 . 2010-07-09 23:17 3452192 ----a-w- c:\windows\system32\nvsvc64.dll2013-08-18 19:34 . 2010-07-09 23:27 63776 ----a-w- c:\windows\system32\nvshext.dll2013-08-18 19:34 . 2010-07-09 23:17 920864 ----a-w- c:\windows\system32\nvvsvc.exe2013-08-18 19:34 . 2010-07-09 23:17 219424 ----a-w- c:\windows\system32\nvmctray.dll2013-08-17 05:30 . 2012-03-03 05:31 3319709 ----a-w- c:\windows\system32\nvcoproc.bin2013-08-02 01:48 . 2013-09-11 17:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-07-25 09:25 . 2013-08-14 12:05 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-07-25 08:57 . 2013-08-14 12:05 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL2013-07-21 16:35 . 2013-07-21 16:35 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll2013-07-21 16:35 . 2013-07-21 16:35 312232 ----a-w- c:\windows\system32\javaws.exe2013-07-21 16:35 . 2013-07-21 16:35 189352 ----a-w- c:\windows\system32\javaw.exe2013-07-21 16:35 . 2013-07-21 16:35 188840 ----a-w- c:\windows\system32\java.exe2013-07-21 16:34 . 2013-07-21 16:35 972712 ----a-w- c:\windows\system32\deployJava1.dll2013-07-21 16:34 . 2013-07-21 16:35 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll2013-07-19 01:58 . 2013-08-14 12:05 2048 ----a-w- c:\windows\system32\tzres.dll2013-07-19 01:41 . 2013-08-14 12:05 2048 ----a-w- c:\windows\SysWow64\tzres.dll2013-07-09 05:52 . 2013-08-14 12:05 224256 ----a-w- c:\windows\system32\wintrust.dll2013-07-09 05:51 . 2013-08-14 12:05 1217024 ----a-w- c:\windows\system32\rpcrt4.dll2013-07-09 05:46 . 2013-08-14 12:05 1472512 ----a-w- c:\windows\system32\crypt32.dll2013-07-09 05:46 . 2013-08-14 12:05 184320 ----a-w- c:\windows\system32\cryptsvc.dll2013-07-09 05:46 . 2013-08-14 12:05 139776 ----a-w- c:\windows\system32\cryptnet.dll2013-07-09 04:52 . 2013-08-14 12:05 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll2013-07-09 04:52 . 2013-08-14 12:05 175104 ----a-w- c:\windows\SysWow64\wintrust.dll2013-07-09 04:46 . 2013-08-14 12:05 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll2013-07-09 04:46 . 2013-08-14 12:05 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2013-07-09 04:46 . 2013-08-14 12:05 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2013-07-06 06:03 . 2013-08-14 12:05 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-05-06 9921664]"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2010-03-25 611968]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888].c:\users\DMJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 0 (0x0)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz134_x64.sys [x]R2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe;c:\windows\SYSNATIVE\libusbd-nt.exe [x]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]R2 pcregservice;pcregservice Service;c:\program files (x86)\wrapper_inst\file_to_run.exe;c:\program files (x86)\wrapper_inst\file_to_run.exe [x]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe [x]R3 ALSysIO;ALSysIO;c:\users\DMJ\AppData\Local\Temp\ALSysIO64.sys;c:\users\DMJ\AppData\Local\Temp\ALSysIO64.sys [x]R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]R3 MRV6X64P;Vista 64-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13C.sys;c:\windows\SYSNATIVE\DRIVERS\MRVW13C.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]R3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys;c:\program files (x86)\EVGA Precision\RTCore64.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-09-04 15:51 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 19:05].2013-09-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2839669530-1956647516-2849348352-1001Core.job- c:\users\DMJ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-05 04:55].2013-09-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2839669530-1956647516-2849348352-1001UA.job- c:\users\DMJ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-05 04:55].2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 06:28].2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 06:28]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0F12903-DE76-4DF7-BCDC-0A0689151189}]c:\program files (x86)\SaveValet\ie\SaveValetIE_64.dll [bU].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]"pcreg"="c:\program files\wrapper_inst\service.exe" [2013-09-12 346720].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.local;192.168.*.*IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105Trusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115FF - ProfilePath - c:\users\DMJ\AppData\Roaming\Mozilla\Firefox\Profiles\9ivpxosr.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - ExtSQL: !HIDDEN! 2010-09-23 16:55; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF - user.js: security.csp.enable - falseFF - user.js: extensions.autoDisableScopes - 0FF - user.js: extensions.shownSelectionUI - true.- - - - ORPHANS REMOVED - - - -.BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dllWow6432Node-HKLM-Run-<NO NAME> - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-09-13 07:52:34ComboFix-quarantined-files.txt 2013-09-13 14:52ComboFix2.txt 2013-09-12 13:50.Pre-Run: 584,076,460,032 bytes freePost-Run: 584,019,738,624 bytes free.- - End Of File - - C5082B883F7348303B8C21BD9475566AA36C5E4F47E84449FF07ED3517B43A31 ComboFix 13-09-10.03 - DMJ 09/13/2013 7:41.2.8 - x64 NETWORKMicrosoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.3099 [GMT -7:00]Running from: c:\users\DMJ\Desktop\ComboFix.exeCommand switches used :: c:\users\DMJ\Desktop\CFScript.txtAV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point.FILE ::"c:\users\DMJ\AppData\Local\CRE\OWGaGlYi.exe""c:\users\DMJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QYnusxFo.exe"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\Ask.comc:\program files (x86)\Ask.com\btn_search.pngc:\program files (x86)\Ask.com\cobrand.icoc:\program files (x86)\Ask.com\config.xmlc:\program files (x86)\Ask.com\favicon.icoc:\program files (x86)\Ask.com\fv_b911.icoc:\program files (x86)\Ask.com\GenericAskToolbar.dllc:\program files (x86)\Ask.com\limewire_logo.pngc:\program files (x86)\Ask.com\mupcfg.xmlc:\program files (x86)\Ask.com\SaUpdate.exec:\program files (x86)\Ask.com\UpdateTask.exec:\programdata\Babylonc:\users\DMJ\AppData\Local\bpVEiVZec:\users\DMJ\AppData\Local\CRE\OWGaGlYi.exec:\users\DMJ\AppData\Local\jwSKQAUjc:\users\DMJ\AppData\Local\jwSKQAUj\css\all.cssc:\users\DMJ\AppData\Local\jwSKQAUj\css\style-custom.cssc:\users\DMJ\AppData\Local\jwSKQAUj\images\arrow.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-box-bottom.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-box.jpgc:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-btn-sprite.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-header-repeat.gifc:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-html.jpgc:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-li.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\bg-track.gifc:\users\DMJ\AppData\Local\jwSKQAUj\images\content\img1.jpgc:\users\DMJ\AppData\Local\jwSKQAUj\images\content\img2.jpgc:\users\DMJ\AppData\Local\jwSKQAUj\images\content\img3.jpgc:\users\DMJ\AppData\Local\jwSKQAUj\images\content\img4.jpgc:\users\DMJ\AppData\Local\jwSKQAUj\images\dominicks.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\dotted-copy.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\dotted-small.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\dotted.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\epay.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\genuardis.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\logo-ie.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\logo.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\moneypack.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\nowprepay.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\oder.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\paysafe.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\pioneer.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\precash.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\price.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\safeway.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\sagamie.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\shoprite.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\total.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\usa.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\webcam.pngc:\users\DMJ\AppData\Local\jwSKQAUj\images\x.jpgc:\users\DMJ\AppData\Local\jwSKQAUj\index.htmlc:\users\DMJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QYnusxFo.exe..((((((((((((((((((((((((( Files Created from 2013-08-13 to 2013-09-13 )))))))))))))))))))))))))))))))..2013-09-13 14:50 . 2013-09-13 14:50 -------- d-----w- c:\users\hedev\AppData\Local\temp2013-09-13 14:50 . 2013-09-13 14:50 -------- d-----w- c:\users\Default\AppData\Local\temp2013-09-12 20:21 . 2013-09-12 20:21 -------- d-----w- c:\users\DMJ\AppData\Local\ElevatedDiagnostics2013-09-12 20:17 . 2013-09-12 20:17 -------- d-----w- c:\program files\wrapper_inst2013-09-12 20:17 . 2013-09-12 20:17 -------- d-----w- c:\program files (x86)\wrapper_inst2013-09-12 11:16 . 2013-09-12 11:16 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56EDB97B-32F6-4CDF-A5AC-3BD5B0BBA3E5}\offreg.dll2013-09-12 10:45 . 2013-08-10 05:22 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll2013-09-12 10:45 . 2013-08-10 05:21 53248 ----a-w- c:\windows\system32\jsproxy.dll2013-09-12 10:45 . 2013-08-10 03:59 1767936 ----a-w- c:\windows\SysWow64\wininet.dll2013-09-12 10:45 . 2013-08-10 03:59 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll2013-09-12 10:45 . 2013-08-10 03:58 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll2013-09-12 10:45 . 2013-08-10 05:22 2241024 ----a-w- c:\windows\system32\wininet.dll2013-09-12 10:45 . 2013-08-10 05:20 15404544 ----a-w- c:\windows\system32\ieframe.dll2013-09-12 10:45 . 2013-08-10 05:21 19246592 ----a-w- c:\windows\system32\mshtml.dll2013-09-12 03:50 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56EDB97B-32F6-4CDF-A5AC-3BD5B0BBA3E5}\mpengine.dll2013-09-11 03:23 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-09-07 08:37 . 2013-09-07 08:35 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2ED2A715-E4EA-4259-9812-E6E301CC2FD9}\gapaengine.dll2013-09-07 07:59 . 2013-09-07 08:22 -------- d-----w- c:\program files (x86)\RivaTuner Statistics Server2013-09-07 07:59 . 2013-09-07 08:22 -------- d-----w- c:\program files (x86)\EVGA Precision X2013-09-05 07:15 . 2013-09-05 07:19 -------- d-----w- c:\users\DMJ\AppData\Local\VisualBeeExe2013-09-05 07:14 . 2013-09-05 07:23 -------- d-----w- c:\users\DMJ\AppData\Roaming\Systweak2013-09-05 07:14 . 2013-09-05 07:14 -------- d-----w- c:\users\DMJ\AppData\Roaming\DSite2013-09-04 21:59 . 2013-09-12 04:20 -------- d-----w- c:\program files\Core Temp2013-09-04 21:59 . 2013-09-07 08:22 -------- d-----w- c:\program files (x86)\Yahoo Browser Settings2013-09-04 00:34 . 2013-09-04 00:34 -------- d-----w- c:\users\DMJ\AppData\Local\NVIDIA2013-09-04 00:31 . 2013-09-04 00:31 -------- dc----w- C:\NvidiaLogging2013-09-04 00:30 . 2013-09-04 00:30 -------- d-----w- c:\program files (x86)\AGEIA Technologies2013-09-04 00:28 . 2013-09-12 03:34 -------- d-----w- c:\users\UpdatusUser2013-09-04 00:24 . 2013-07-18 17:15 39712 ----a-w- c:\windows\system32\drivers\nvvad64v.sys2013-09-04 00:24 . 2013-07-18 17:15 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll2013-09-04 00:24 . 2013-07-18 17:15 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll2013-08-24 19:49 . 2013-08-24 19:49 -------- d-----w- c:\windows\SysWow64\searchplugins2013-08-24 19:49 . 2013-08-24 19:49 -------- d-----w- c:\windows\SysWow64\Extensions2013-08-18 21:58 . 2013-08-18 21:58 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe2013-08-17 21:06 . 2013-08-17 21:06 -------- d-----w- c:\users\DMJ\AppData\Local\avgchrome2013-08-17 19:55 . 2013-08-17 19:55 -------- d-----w- c:\program files (x86)\FLVPlayer2013-08-15 10:01 . 2013-09-12 10:45 -------- d-----w- c:\windows\system32\MRT2013-08-14 14:53 . 2013-08-14 14:53 18634944 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-09-12 10:44 . 2010-09-17 14:59 79143768 ----a-w- c:\windows\system32\MRT.exe2013-09-10 19:05 . 2012-04-12 15:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-09-10 19:05 . 2011-07-23 04:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-22 17:29 . 2012-06-13 00:10 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-08-18 19:34 . 2010-07-09 23:17 6599968 ----a-w- c:\windows\system32\nvcpl.dll2013-08-18 19:34 . 2010-07-09 23:17 3452192 ----a-w- c:\windows\system32\nvsvc64.dll2013-08-18 19:34 . 2010-07-09 23:27 63776 ----a-w- c:\windows\system32\nvshext.dll2013-08-18 19:34 . 2010-07-09 23:17 920864 ----a-w- c:\windows\system32\nvvsvc.exe2013-08-18 19:34 . 2010-07-09 23:17 219424 ----a-w- c:\windows\system32\nvmctray.dll2013-08-17 05:30 . 2012-03-03 05:31 3319709 ----a-w- c:\windows\system32\nvcoproc.bin2013-08-02 01:48 . 2013-09-11 17:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-07-25 09:25 . 2013-08-14 12:05 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-07-25 08:57 . 2013-08-14 12:05 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL2013-07-21 16:35 . 2013-07-21 16:35 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll2013-07-21 16:35 . 2013-07-21 16:35 312232 ----a-w- c:\windows\system32\javaws.exe2013-07-21 16:35 . 2013-07-21 16:35 189352 ----a-w- c:\windows\system32\javaw.exe2013-07-21 16:35 . 2013-07-21 16:35 188840 ----a-w- c:\windows\system32\java.exe2013-07-21 16:34 . 2013-07-21 16:35 972712 ----a-w- c:\windows\system32\deployJava1.dll2013-07-21 16:34 . 2013-07-21 16:35 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll2013-07-19 01:58 . 2013-08-14 12:05 2048 ----a-w- c:\windows\system32\tzres.dll2013-07-19 01:41 . 2013-08-14 12:05 2048 ----a-w- c:\windows\SysWow64\tzres.dll2013-07-09 05:52 . 2013-08-14 12:05 224256 ----a-w- c:\windows\system32\wintrust.dll2013-07-09 05:51 . 2013-08-14 12:05 1217024 ----a-w- c:\windows\system32\rpcrt4.dll2013-07-09 05:46 . 2013-08-14 12:05 1472512 ----a-w- c:\windows\system32\crypt32.dll2013-07-09 05:46 . 2013-08-14 12:05 184320 ----a-w- c:\windows\system32\cryptsvc.dll2013-07-09 05:46 . 2013-08-14 12:05 139776 ----a-w- c:\windows\system32\cryptnet.dll2013-07-09 04:52 . 2013-08-14 12:05 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll2013-07-09 04:52 . 2013-08-14 12:05 175104 ----a-w- c:\windows\SysWow64\wintrust.dll2013-07-09 04:46 . 2013-08-14 12:05 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll2013-07-09 04:46 . 2013-08-14 12:05 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2013-07-09 04:46 . 2013-08-14 12:05 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2013-07-06 06:03 . 2013-08-14 12:05 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-05-06 9921664]"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2010-03-25 611968]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888].c:\users\DMJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 0 (0x0)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz134_x64.sys [x]R2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe;c:\windows\SYSNATIVE\libusbd-nt.exe [x]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]R2 pcregservice;pcregservice Service;c:\program files (x86)\wrapper_inst\file_to_run.exe;c:\program files (x86)\wrapper_inst\file_to_run.exe [x]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe [x]R3 ALSysIO;ALSysIO;c:\users\DMJ\AppData\Local\Temp\ALSysIO64.sys;c:\users\DMJ\AppData\Local\Temp\ALSysIO64.sys [x]R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]R3 MRV6X64P;Vista 64-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13C.sys;c:\windows\SYSNATIVE\DRIVERS\MRVW13C.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]R3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys;c:\program files (x86)\EVGA Precision\RTCore64.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-09-04 15:51 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 19:05].2013-09-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2839669530-1956647516-2849348352-1001Core.job- c:\users\DMJ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-05 04:55].2013-09-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2839669530-1956647516-2849348352-1001UA.job- c:\users\DMJ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-05 04:55].2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 06:28].2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 06:28]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0F12903-DE76-4DF7-BCDC-0A0689151189}]c:\program files (x86)\SaveValet\ie\SaveValetIE_64.dll [bU].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]"pcreg"="c:\program files\wrapper_inst\service.exe" [2013-09-12 346720].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.local;192.168.*.*IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105Trusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115FF - ProfilePath - c:\users\DMJ\AppData\Roaming\Mozilla\Firefox\Profiles\9ivpxosr.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - ExtSQL: !HIDDEN! 2010-09-23 16:55; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF - user.js: security.csp.enable - falseFF - user.js: extensions.autoDisableScopes - 0FF - user.js: extensions.shownSelectionUI - true.- - - - ORPHANS REMOVED - - - -.BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dllWow6432Node-HKLM-Run-<NO NAME> - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-09-13 07:52:34ComboFix-quarantined-files.txt 2013-09-13 14:52ComboFix2.txt 2013-09-12 13:50.Pre-Run: 584,076,460,032 bytes freePost-Run: 584,019,738,624 bytes free.- - End Of File - - C5082B883F7348303B8C21BD9475566AA36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
Psychotic Posted September 14, 2013 ID:729803 Share Posted September 14, 2013 You posted the cf log twice. I need the scan log from mbam. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 17, 2013 Root Admin ID:731073 Share Posted September 17, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts