Jump to content

Random Commercials?!?!?!


Dez29
 Share

Recommended Posts

My computer is randomly playing audio commercials, just out of the blue and with nothing running - it's obviously bogging down my PC, annoying as heck and a bit worrisome.  UI have run my anti-virus (Norton), Malware, CC Cleaner and Spybot yet nothing seems to detect, remove or stop this.  As I have been typing I have heard a Jimmy Dean commercial and a girl telling me how to unroll a Pillsbury biscuit.  Can anyone help?  Thanks in advance.... Dez

Link to post
Share on other sites

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16686

Run by Scott at 21:14:52 on 2013-09-12

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4095.1358 [GMT -4:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\viakaraokesrv.exe

C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe

C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe

C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe

C:\Users\Scott\AppData\Local\Apps\2.0\6RKDTTMO.QGN\GWOD2Q2Q.1E1\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe

C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe

C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Users\Scott\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_168_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Windows\System32\MsSpellCheckingFacility.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: {462be121-2b54-4218-bf00-b9bf8135b23f} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Define: {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Scott\AppData\Local\DefineExt\temp.dat

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

uRun: [ConduitFloatingPlugin_klibnahbojhkanfgaglnlalfkgpcppfi] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3289847\plugins\TBVerifier.dll",RunConduitFloatingPlugin klibnahbojhkanfgaglnlalfkgpcppfi

mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

dRunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune

StartupFolder: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm

IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

   If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{A74F8F41-1620-4E57-9468-28FF4CD7E996} : DHCPNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

LSA: Authentication Packages =  msv1_0 relog_ap

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

.

INFO: x64-HKLM has more than 50 listed domains.

   If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\s7qopizk.default\

FF - prefs.js: browser.search.selectedEngine - WhiteSmoke New Customized Web Search

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll

FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Scott\AppData\Local\Citrix\Plugins\79\npappdetector.dll

FF - plugin: C:\Users\Scott\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Users\Scott\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

FF - plugin: C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npMeetingJoinPluginAOCUser.dll

FF - plugin: C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

FF - ExtSQL: 2013-09-10 23:04; abb@amazon.com; C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\s7qopizk.default\extensions\abb@amazon.com

.

---- FIREFOX POLICIES ----

.

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys [2013-6-18 493656]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys [2013-6-18 1139800]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-9-11 45856]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [2013-9-3 1525336]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-18 169048]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130911.001\IDSviA64.sys [2013-9-11 520280]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys [2013-6-18 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-6-18 433752]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984]

R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]

R2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2010-7-1 136616]

R2 cpuz134;cpuz134;C:\Windows\System32\drivers\cpuz134_x64.sys [2010-12-13 21480]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-11 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-11 701512]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-18 144368]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-9-22 46136]

R3 AODDriver2;AODDriver2;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2010-7-1 52352]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-27 140376]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-11 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-9-11 2206864]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-27 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-4 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S4 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]

.

=============== Created Last 30 ================

.

2013-09-12 01:16:19   --------   d-----w-   C:\Program Files (x86)\FileOpenerPro

2013-09-12 01:16:00   --------   d-----w-     C:\Users\Scott\AppData\Local\DefineExt

2013-09-12 01:15:11   --------   d-----w-   C:\ProgramData\Conduit

2013-09-12 01:15:01   --------   d-----w-     C:\Users\Scott\AppData\Local\CRE

2013-09-12 00:51:08   25928 ----a-w-     C:\Windows\System32\drivers\mbam.sys

2013-09-12 00:51:07   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-11 20:54:07   --------   d-----w-   C:\ProgramData\AVG SafeGuard toolbar

2013-09-11 19:54:29   --------   d-----w-     C:\Users\Scott\AppData\Local\AVG Secure Search

2013-09-11 17:24:35   --------   d-----w-     C:\Windows\System32\SRSLabs

2013-09-11 17:24:35   --------   d-----w-   C:\Program Files\VIA

2013-09-11 17:22:39   414632     ------w-   C:\Windows\difxapi.dll

2013-09-11 17:22:39   --------   d-----w-   C:\Program Files (x86)\VIA

2013-09-11 17:08:12   --------   d-----w-   C:\Program Files\Microsoft Mouse and Keyboard Center

2013-09-11 13:17:46   --------   d-----w-     C:\Users\Scott\AppData\Local\AVG SafeGuard toolbar

2013-09-11 13:17:11   45856 ----a-w-     C:\Windows\System32\drivers\avgtpx64.sys

2013-09-11 13:16:57   --------   d-----w-   C:\Program Files (x86)\Common Files\AVG Secure Search

2013-09-11 13:16:56   --------   d-----w-   C:\Program Files (x86)\AVG SafeGuard toolbar

2013-09-11 13:16:34   --------   d-----w-     C:\Users\Scott\AppData\Local\SlimWare Utilities Inc

2013-09-11 13:16:26   --------   d--h--w-   C:\ProgramData\Common Files

2013-09-11 13:16:17   --------   d-----w-   C:\Program Files (x86)\SlimDrivers

2013-09-11 03:56:53   388096     ----a-r-     C:\Users\Scott\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-09-11 03:56:52   --------   d-----w-   C:\Program Files (x86)\Trend Micro

2013-09-11 03:16:46   9430408    ----a-w-     C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-09-11 03:09:00   --------   d-----w-   C:\Program Files\CCleaner

2013-09-11 03:04:46   --------   d-----w-   C:\Program Files (x86)\MyPC Backup

2013-09-11 03:03:02   --------   d-----w-     C:\Users\Scott\AppData\Roaming\Systweak

2013-09-11 03:02:59   20312 ----a-w-     C:\Windows\System32\roboot64.exe

2013-09-11 02:48:23   --------   d-----w-     C:\Users\Scott\AppData\Local\Blizzard Entertainment

2013-09-04 02:28:34   --------   d-----w-   C:\Program Files (x86)\AMD AVT

2013-08-14 14:02:05   --------   d-----w-   C:\Windows\System32\MRT

.

==================== Find3M  ====================

.

2013-09-11 03:17:22   71048 ----a-w-     C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-11 03:17:22   692616     ----a-w-     C:\Windows\SysWow64\FlashPlayerApp.exe

2013-08-10 05:22:18   2241024    ----a-w-     C:\Windows\System32\wininet.dll

2013-08-10 05:20:59   3959296    ----a-w-     C:\Windows\System32\jscript9.dll

2013-08-10 05:20:55   67072 ----a-w-     C:\Windows\System32\iesetup.dll

2013-08-10 05:20:55   136704     ----a-w-     C:\Windows\System32\iesysprep.dll

2013-08-10 03:59:10   1767936    ----a-w-     C:\Windows\SysWow64\wininet.dll

2013-08-10 03:58:09   2876928    ----a-w-     C:\Windows\SysWow64\jscript9.dll

2013-08-10 03:58:06   61440 ----a-w-     C:\Windows\SysWow64\iesetup.dll

2013-08-10 03:58:06   109056     ----a-w-     C:\Windows\SysWow64\iesysprep.dll

2013-08-10 03:17:38   2706432    ----a-w-     C:\Windows\System32\mshtml.tlb

2013-08-10 03:07:50   2706432    ----a-w-     C:\Windows\SysWow64\mshtml.tlb

2013-08-10 02:27:59   89600 ----a-w-     C:\Windows\System32\RegisterIEPKEYs.exe

2013-08-10 02:17:19   71680 ----a-w-     C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-08-08 01:20:43   3155456    ----a-w-     C:\Windows\System32\win32k.sys

2013-08-05 02:25:45   155584     ----a-w-     C:\Windows\System32\drivers\ataport.sys

2013-08-02 02:23:53   5550528    ----a-w-     C:\Windows\System32\ntoskrnl.exe

2013-08-02 02:15:44   1732032    ----a-w-     C:\Windows\System32\ntdll.dll

2013-08-02 02:15:03   362496     ----a-w-     C:\Windows\System32\wow64win.dll

2013-08-02 02:15:03   243712     ----a-w-     C:\Windows\System32\wow64.dll

2013-08-02 02:15:03   13312 ----a-w-     C:\Windows\System32\wow64cpu.dll

2013-08-02 02:14:57   215040     ----a-w-     C:\Windows\System32\winsrv.dll

2013-08-02 02:14:11   16384 ----a-w-     C:\Windows\System32\ntvdm64.dll

2013-08-02 02:13:34   424448     ----a-w-     C:\Windows\System32\KernelBase.dll

2013-08-02 01:59:30   3968960    ----a-w-     C:\Windows\SysWow64\ntkrnlpa.exe

2013-08-02 01:59:30   3913664    ----a-w-     C:\Windows\SysWow64\ntoskrnl.exe

2013-08-02 01:51:23   1292192    ----a-w-     C:\Windows\SysWow64\ntdll.dll

2013-08-02 01:50:42   5120 ----a-w-   C:\Windows\SysWow64\wow32.dll

2013-08-02 01:50:42   274944     ----a-w-     C:\Windows\SysWow64\KernelBase.dll

2013-08-02 01:09:17   338432     ----a-w-     C:\Windows\System32\conhost.exe

2013-08-02 00:59:09   112640     ----a-w-     C:\Windows\System32\smss.exe

2013-08-02 00:45:37   25600 ----a-w-     C:\Windows\SysWow64\setup16.exe

2013-08-02 00:45:36   14336 ----a-w-     C:\Windows\SysWow64\ntvdm64.dll

2013-08-02 00:45:35   7680 ----a-w-     C:\Windows\SysWow64\instnm.exe

2013-08-02 00:45:34   2048 ----a-w-   C:\Windows\SysWow64\user.exe

2013-08-02 00:43:05   6144 ---ha-w-   C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2013-08-02 00:43:05   4608 ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2013-08-02 00:43:05   3584 ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2013-08-02 00:43:05   3072 ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2013-07-25 09:25:54   1888768    ----a-w-     C:\Windows\System32\WMVDECOD.DLL

2013-07-25 08:57:27   1620992    ----a-w-     C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-19 01:58:42   2048 ----a-w-   C:\Windows\System32\tzres.dll

2013-07-19 01:41:01   2048 ----a-w-   C:\Windows\SysWow64\tzres.dll

2013-07-09 05:52:52   224256     ----a-w-     C:\Windows\System32\wintrust.dll

2013-07-09 05:51:16   1217024    ----a-w-     C:\Windows\System32\rpcrt4.dll

2013-07-09 05:46:20   184320     ----a-w-     C:\Windows\System32\cryptsvc.dll

2013-07-09 05:46:20   1472512    ----a-w-     C:\Windows\System32\crypt32.dll

2013-07-09 05:46:20   139776     ----a-w-     C:\Windows\System32\cryptnet.dll

2013-07-09 04:52:33   663552     ----a-w-     C:\Windows\SysWow64\rpcrt4.dll

2013-07-09 04:52:10   175104     ----a-w-     C:\Windows\SysWow64\wintrust.dll

2013-07-09 04:46:31   140288     ----a-w-     C:\Windows\SysWow64\cryptsvc.dll

2013-07-09 04:46:31   1166848    ----a-w-     C:\Windows\SysWow64\crypt32.dll

2013-07-09 04:46:31   103936     ----a-w-     C:\Windows\SysWow64\cryptnet.dll

2013-07-06 06:03:53   1910208    ----a-w-     C:\Windows\System32\drivers\tcpip.sys

2013-06-18 14:00:02   177312     ----a-w-     C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2013-06-15 04:32:16   39936 ----a-w-     C:\Windows\System32\drivers\tssecsrv.sys

.

============= FINISH: 21:16:24.99 ===============

Link to post
Share on other sites

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/9/2010 8:54:45 PM
System Uptime: 9/12/2013 7:26:18 PM (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | M4A79XTD EVO
Processor: AMD Phenom II X4 955 Processor | AM3 | 2080/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 779.988 GiB free.
D: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
J: is FIXED (NTFS) - 1397 GiB total, 422.237 GiB free.
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: High Definition Audio Controller
Device ID: PCI\VEN_1002&DEV_AA58&SUBSYS_AA58174B&REV_00\4&31D4D47F&0&0118
Manufacturer: Microsoft
Name: High Definition Audio Controller
PNP Device ID: PCI\VEN_1002&DEV_AA58&SUBSYS_AA58174B&REV_00\4&31D4D47F&0&0118
Service: HDAudBus
.
==== System Restore Points ===================
.
RP290: 9/8/2013 7:00:22 PM - Windows Backup
RP291: 9/10/2013 11:12:30 PM - Windows Update
RP292: 9/10/2013 11:55:44 PM - Installed HiJackThis
RP293: 9/11/2013 10:00:44 AM - Windows Update
RP294: 9/11/2013 1:07:44 PM - DCInstallRestorePoint
RP295: 9/11/2013 1:10:57 PM - Windows Update
RP296: 9/11/2013 1:22:24 PM - Installed Platform
RP297: 9/11/2013 3:48:19 PM - Windows Update
RP298: 9/11/2013 9:27:23 PM - Configured Platform
RP299: 9/12/2013 7:33:24 PM - Windows Update
RP300: 9/12/2013 8:38:27 PM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
7-zip v9.20
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX 64-bit
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Advertising Center
Akamai NetSession Interface
All-Pro League Scheduler
Amazon MP3 Downloader 1.0.17
Amazon MP3 Uploader
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD OverDrive
AMD VISION Engine Control Center
AMD Wireless Display v3.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
ATI AVIVO64 Codecs
ATI Catalyst Registration
AVSDK5
Banner Design Studio v5.1
Bonjour
Brother MFL-Pro Suite MFC-495CW
Call of Juarez - Bound in Blood
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PowerShot SX130 IS Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco WebEx Meetings
CPUID CPU-Z 1.56
Curse Client
D3DX10
Define Ext
Fallout 3
File Opener Pro
FUJIFILM MyFinePix Studio 3.1
Garmin Lifetime Updater
Garmin Training Center
Garmin USB Drivers
Google Chrome
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.4.0.1083
HiJackThis
HydraVision
iLinc 11 Client
ImagXpress
iTunes
Java Auto Updater
Java 6 Update 30
Junk Mail filter update
LightScribe System Software
Malwarebytes Anti-Malware version 1.75.0.1300
Menu Templates - Starter Kit
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Games for Windows Marketplace
Microsoft Lync 2010 Attendee
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Movie Templates - Starter Kit
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero Express Help
Nero InfoTool
Nero Installer
Nero Online Upgrade
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
Nero Vision
Nero Vision Help
NeroExpress
neroxml
NOOK for PC
Norton Internet Security
OverDrive Media Console
PaperPort Image Printer 64-bit
Platform
QuickTime
SAFARI Montage Media Player
ScanSoft PaperPort 11
Seagate DiscWizard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition
SlimDrivers
SpeedFan (remove only)
Spybot - Search & Destroy
The Lord of the Rings FREE Trial
Tournament Scheduler
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wmaiper
TurboTax 2012 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Ventrilo Client for Windows x64
VIA Platform Device Manager
Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices  (07/07/2009 1.12.2)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World of Warcraft
Yahoo! BrowserPlus 2.9.8
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
9/9/2013 11:21:29 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user Scott-PC\Scott SID (S-1-5-21-1460900790-2142905647-562707629-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/9/2013 11:21:29 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user Scott-PC\Scott SID (S-1-5-21-1460900790-2142905647-562707629-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/7/2013 2:55:23 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
9/7/2013 2:55:23 PM, Error: Service Control Manager [7000]  - The SBSD Security Center Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
9/12/2013 7:28:56 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/12/2013 7:27:04 PM, Error: volmgr [46]  - Crash dump initialization failed!
9/12/2013 6:12:55 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error:  An instance of the service is already running.
9/12/2013 6:10:55 AM, Error: Service Control Manager [7034]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 3 time(s).
9/12/2013 6:10:55 AM, Error: Service Control Manager [7034]  - The User Profile Service service terminated unexpectedly.  It has done this 3 time(s).
9/12/2013 6:10:55 AM, Error: Service Control Manager [7034]  - The Themes service terminated unexpectedly.  It has done this 3 time(s).
9/12/2013 6:10:55 AM, Error: Service Control Manager [7034]  - The Task Scheduler service terminated unexpectedly.  It has done this 3 time(s).
9/12/2013 6:10:55 AM, Error: Service Control Manager [7034]  - The System Event Notification Service service terminated unexpectedly.  It has done this 3 time(s).
9/12/2013 6:10:55 AM, Error: Service Control Manager [7034]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 3 time(s).
9/12/2013 6:10:55 AM, Error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 3 time(s).
9/12/2013 6:10:55 AM, Error: Service Control Manager [7034]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 3 time(s).
9/12/2013 6:10:55 AM, Error: Service Control Manager [7034]  - The IP Helper service terminated unexpectedly.  It has done this 3 time(s).
9/12/2013 6:10:55 AM, Error: Service Control Manager [7034]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 3 time(s).
9/12/2013 6:10:55 AM, Error: Service Control Manager [7034]  - The Group Policy Client service terminated unexpectedly.  It has done this 3 time(s).
9/12/2013 6:10:55 AM, Error: Service Control Manager [7034]  - The Application Experience service terminated unexpectedly.  It has done this 3 time(s).
9/12/2013 6:10:55 AM, Error: Service Control Manager [7031]  - The Computer Browser service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/12/2013 5:24:41 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
9/12/2013 5:24:41 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:  An instance of the service is already running.
9/12/2013 5:24:41 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error:  An instance of the service is already running.
9/12/2013 5:21:41 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:  An instance of the service is already running.
9/12/2013 5:20:41 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error:  An instance of the service is already running.
9/12/2013 5:19:41 AM, Error: Service Control Manager [7034]  - The Windows Update service terminated unexpectedly.  It has done this 2 time(s).
9/12/2013 5:19:41 AM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
9/12/2013 5:19:41 AM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
9/12/2013 5:19:41 AM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/12/2013 5:19:41 AM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/12/2013 5:19:41 AM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
9/12/2013 5:19:41 AM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/12/2013 5:19:41 AM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/12/2013 5:19:41 AM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
9/12/2013 5:19:41 AM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
9/12/2013 5:19:41 AM, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
9/12/2013 5:19:41 AM, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
9/12/2013 5:19:41 AM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/12/2013 4:33:32 AM, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 1 time(s).
9/12/2013 4:33:32 AM, Error: Service Control Manager [7031]  - The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/12/2013 4:33:32 AM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/12/2013 4:33:32 AM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/12/2013 4:33:32 AM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/12/2013 4:33:32 AM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/12/2013 4:33:32 AM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/12/2013 4:33:32 AM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/12/2013 4:33:32 AM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/12/2013 4:33:32 AM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/12/2013 4:33:32 AM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/12/2013 4:33:32 AM, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/12/2013 4:33:32 AM, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/12/2013 4:33:32 AM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/11/2013 9:15:45 PM, Error: Service Control Manager [7034]  - The vToolbarUpdater15.4.0 service terminated unexpectedly.  It has done this 1 time(s).
9/11/2013 5:12:39 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
9/11/2013 5:12:09 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
9/11/2013 5:12:09 PM, Error: Service Control Manager [7000]  - The Application Experience service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
9/10/2013 11:41:58 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
9/10/2013 11:41:58 PM, Error: Service Control Manager [7000]  - The Computer Backup (MyPC Backup) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
9/10/2013 11:33:13 PM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================
 

Link to post
Share on other sites

RogueKiller V8.6.11 _x64_ [sep 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Scott [Admin rights]
Mode : Scan -- Date : 09/12/2013 21:25:36
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] CurseClient.exe -- C:\Users\Scott\AppData\Local\Apps\2.0\6RKDTTMO.QGN\GWOD2Q2Q.1E1\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe [-] -> KILLED [TermThr]

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][sUSP PATH] HKCR\[...]\InprocServer32 :  (C:\Users\Scott\AppData\Local\Temp\systmbp\spcaabv\wow64.dll [x]) -> FOUND

¤¤¤ Scheduled tasks : 5 ¤¤¤
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1460900790-2142905647-562707629-1001UA.job : C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1460900790-2142905647-562707629-1001Core.job : C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][ROGUE ST] 4706 : wscript.exe - C:\Users\Scott\AppData\Local\Temp\launchie.vbs //B -> FOUND
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1460900790-2142905647-562707629-1001Core : C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1460900790-2142905647-562707629-1001UA : C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000528AS ATA Device +++++
--- User ---
[MBR] 8d552ee3909876a78b924fa3cd1e2c28
[bSP] f7ced6783cd5bca2e39d891f692b7aad : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] d2a3a2c23705990b5b123b6b54cccbe8
[bSP] 27f38b639fc66a141986e50345136de8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

+++++ PhysicalDrive1: ST31000528AS ATA Device +++++
--- User ---
[MBR] 2dfbc0a8c5934a350127410c2b51da75
[bSP] 7bb9b1cd91d831770b321f48606d628b : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430796 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_09122013_212536.txt >>

 

 

Link to post
Share on other sites

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these and uncheck the rest: (if found)
 

[HJ INPROC][sUSP PATH] HKCR\[...]\InprocServer32 : (C:\Users\Scott\AppData\Local\Temp\systmbp\spcaabv\wow64.dll [x]) -> FOUND
[V2][ROGUE ST] 4706 : wscript.exe - C:\Users\Scott\AppData\Local\Temp\launchie.vbs //B -> FOUND


Now click Delete on the right hand column under Options

-------------

Next........

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.


MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.