Qwazii Posted January 1, 2014 ID:771450 Share Posted January 1, 2014 Since yesterday, my computer has had unknown ads and sometimes music playing in the desktop, regardless of the fact that there was no browser open at all. Under the sound mixer, I found "Name Not Available". I was able to mute this however it is still on my computer is definitely using my computer's resources more than usual. What can I do? DDS.txtDDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.45.2Run by Qwazi at 23:52:31 on 2013-12-31Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.16349.10610 [GMT -5:00].AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchE:\Programs\Advanced SystemCare 7\ASCService.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exeE:\Programs\Tribes Ascend\HiPatchService.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeE:\Programs\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Microsoft LifeCam\MSCamS64.exeC:\Windows\SysWOW64\PnkBstrA.exeE:\Programs\RadeonPro\RadeonProSupport.exeC:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeE:\Programs\TeamViewer\TeamViewer_Service.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEE:\Programs\Hamachi\hamachi-2.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeE:\Programs\Hamachi\LMIGuardianSvc.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Windows\vVX3000.exeC:\Program Files\Microsoft Mouse and Keyboard Center\itype.exeC:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exeC:\Windows\System32\TiltWheelMouse.exeE:\Programs\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exeE:\Programs\Office\Office14\MSOSYNC.EXEC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Users\Qwazi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Users\Qwazi\AppData\Local\FluxSoftware\Flux\flux.exeC:\Program Files (x86)\ooVoo\ooVoo.exeC:\Users\Qwazi\AppData\Roaming\Spotify\spotify.exeE:\Programs\LOLReplay\LOLRecorder.exeE:\Programs\PowerISO\PWRISOVM.EXEE:\Programs\Kies\KiesTrayAgent.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeE:\Programs\iTunes\iTunesHelper.exeC:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\iPod\bin\iPodService.exeC:\Users\Qwazi\AppData\Roaming\Spotify\Data\SpotifyHelper.exeC:\Users\Qwazi\AppData\Roaming\Spotify\Data\SpotifyHelper.exeC:\Users\Qwazi\AppData\Roaming\Spotify\Data\SpotifyHelper.exeC:\Windows\system32\taskeng.exeE:\Programs\MSI\Afterburner\MSIAfterburner.exeE:\Programs\Advanced SystemCare 7\Monitor.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Users\Qwazi\AppData\Roaming\Spotify\Data\SpotifyHelper.exeC:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exeE:\Programs\Steam\steam.exeC:\Program Files (x86)\Common Files\Steam\SteamService.exeC:\Users\Qwazi\AppData\Roaming\Spotify\Data\SpotifyHelper.exeC:\Users\Qwazi\AppData\Roaming\Spotify\Data\SpotifyHelper.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankmStart Page = about:blankmWinlogon: Userinit = userinit.exeBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - E:\Programs\Visual Studio\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: ͬ²½Ò»¼ü°²×°Ö§³Ö: {F72C8153-7140-4FEE-8F69-CA4579D71195} - E:\Programs\Tongbu\Addin\tbIEAddin.dllEB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} - uRun: [Facebook Update] "C:\Users\Qwazi\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserveruRun: [OfficeSyncProcess] "E:\Programs\Office\Office14\MSOSYNC.EXE"uRun: [KiesHelper] E:\Programs\Kies\KiesHelper.exe /suRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunuRun: [spotify Web Helper] "C:\Users\Qwazi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"uRun: [F.lux] "C:\Users\Qwazi\AppData\Local\FluxSoftware\Flux\flux.exe" /noshowuRun: [uTorrent] "C:\Users\Qwazi\AppData\Roaming\uTorrent\uTorrent.exe"uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimizeduRun: [Razer Comms] C:\Program Files (x86)\Razer\Core\RazerCore.exe /ChatAppletuRun: [spotify] "C:\Users\Qwazi\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostartuRun: [Advanced SystemCare 7] "E:\Programs\Advanced SystemCare 7\ASCTray.exe" /AutomRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbyloginmRun: [PWRISOVM.EXE] E:\Programs\PowerISO\PWRISOVM.EXEmRun: [KiesTrayAgent] E:\Programs\Kies\KiesTrayAgent.exemRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [iTunesHelper] "E:\Programs\iTunes\iTunesHelper.exe"mRun: [LogMeIn Hamachi Ui] "E:\Programs\Hamachi\hamachi-2-ui.exe" --auto-startmRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRunmRun: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostartmRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=truedRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRundRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunStartupFolder: C:\Users\Qwazi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LEAGUE~1.LNK - E:\Programs\LoL\lol.launcher.exeStartupFolder: C:\Users\Qwazi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - E:\Programs\Rainmeter\Rainmeter.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - E:\Programs\LOLReplay\LOLRecorder.exeuPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - E:\Programs\Office\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - E:\Programs\Office\Office14\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - TCP: Interfaces\{FC3C04DD-9BA5-460E-80FD-91A36D0214ED} : NameServer = 64.105.199.76Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dllSTS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dllSEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-mStart Page = about:blankx64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Programs\Office\Office14\GROOVEEX.DLLx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Programs\Office\Office14\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [VX3000] C:\Windows\vVX3000.exex64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"x64-Run: [intelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"x64-Run: [intelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"x64-Run: [bCSSync] "E:\Programs\Office\Office14\BCSSync.exe" /DelayServicesx64-Run: [MouseDriver] TiltWheelMouse.exex64-Run: [AdAwareTray] "E:\Programs\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exe"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\Programs\Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - E:\Programs\Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dllx64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dllx64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Programs\Office\Office14\GROOVEEX.DLL.============= SERVICES / DRIVERS ===============.R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-8-13 20464]R0 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2013-11-28 74432]R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-12-30 17720]R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2011-8-8 14136]R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;E:\Programs\Advanced SystemCare 7\ASCService.exe [2013-12-30 881440]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-3-24 101888]R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;E:\Programs\Hamachi\hamachi-2.exe -s --> E:\Programs\Hamachi\hamachi-2.exe -s [?]R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;E:\Programs\Tribes Ascend\HiPatchService.exe [2013-1-20 9216]R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-12-30 341824]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-12-4 128280]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-12-4 161560]R2 LavasoftAdAwareService11;Ad-Aware Service 11;E:\Programs\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe [2013-12-11 513736]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-4 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-4 701512]R2 RadeonPro Support Service;RadeonPro Support Service;E:\Programs\RadeonPro\RadeonProSupport.exe [2013-4-30 20608]R2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2013-12-10 32960]R2 TeamViewer8;TeamViewer 8;E:\Programs\TeamViewer\TeamViewer_Service.exe [2013-4-16 4308320]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-4 363800]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2009-7-13 281088]R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSIb.sys [2009-7-13 15360]R3 cbfs3;EldoS Callback File System driver v3;C:\Windows\System32\drivers\cbfs3.sys [2013-2-3 352144]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-8-13 358896]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-8-13 795632]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-4 25928]R3 RTCore64;RTCore64;E:\Programs\MSI\Afterburner\RTCore64.sys [2013-11-14 13480]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-12-4 425064]R3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2013-11-28 129472]R3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-12-30 2151200]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576]S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-3-3 137488]S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys [2010-6-19 17920]S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-12-30 89304]S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-12-20 121416]S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-12-30 34848]S3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;C:\Windows\System32\drivers\RzMaelstromVAD.sys [2013-5-17 40696]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-20 204568]S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-12-30 23016]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2012-12-19 106408]S4 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-12-30 23048].=============== Created Last 30 ================.2014-01-01 01:40:59 95232 ----a-w- C:\Windows\System32\drivers\bridge.sys.bak2014-01-01 01:15:10 -------- d-----w- C:\Windows\ERUNT2014-01-01 01:09:00 -------- d-----w- C:\AdwCleaner2013-12-31 21:20:44 -------- d-----w- C:\Users\Qwazi\AppData\Roaming\LavasoftStatistics2013-12-31 21:12:37 -------- d-----w- C:\Program Files\Common Files\Lavasoft2013-12-31 17:49:07 -------- d-sh--w- C:\$RECYCLE.BIN2013-12-31 17:43:58 98816 ----a-w- C:\Windows\sed.exe2013-12-31 17:43:58 256000 ----a-w- C:\Windows\PEV.exe2013-12-31 17:43:58 208896 ----a-w- C:\Windows\MBR.exe2013-12-31 16:25:48 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A2AB1E5C-8282-474B-88DD-276D522A77D7}\mpengine.dll2013-12-31 02:01:02 32600 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe2013-12-31 01:47:52 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys2013-12-31 01:46:03 27456 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe2013-12-31 01:40:27 -------- d-----w- C:\ProgramData\ProductData2013-12-31 01:40:26 -------- d-----w- C:\Program Files (x86)\IObit2013-12-31 01:40:21 -------- d-----w- C:\ProgramData\IObit2013-12-31 01:40:21 -------- d-----w- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}2013-12-31 01:39:55 -------- d-----w- C:\Users\Qwazi\AppData\Roaming\IObit2013-12-31 00:41:57 -------- d-----w- C:\Users\Qwazi\Doctor Web2013-12-31 00:41:57 -------- d-----w- C:\ProgramData\Doctor Web2013-12-30 23:58:05 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-12-30 23:48:55 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys2013-12-30 23:33:09 -------- d-----w- C:\TDSSKiller_Quarantine2013-12-26 21:21:15 -------- d-----w- C:\Users\Qwazi\.SquashOccurrences2013-12-23 16:29:08 396800 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\w\a\l\m\a\r\t\dll\ISSkinExW.dll2013-12-18 23:43:58 -------- d-----w- C:\Program Files (x86)\AMD AVT2013-12-18 23:43:03 -------- d-----w- C:\Program Files\AMD2013-12-16 22:50:54 -------- d-----w- C:\Users\Qwazi\AppData\Roaming\DogeCoin2013-12-06 22:08:46 157736 ----a-w- C:\Windows\System32\amdhcp64.dll2013-12-06 22:08:22 142304 ----a-w- C:\Windows\SysWow64\amdhcp32.dll2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\atimpc64.dll2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\amdpcom64.dll2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll2013-12-06 22:03:46 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll2013-12-06 21:59:50 8406024 ----a-w- C:\Windows\SysWow64\atidxx32.dll2013-12-06 21:52:14 13207552 ----a-w- C:\Windows\System32\drivers\atikmdag.sys2013-12-06 21:49:18 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll2013-12-06 21:44:26 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll2013-12-06 21:38:52 230912 ----a-w- C:\Windows\System32\clinfo.exe2013-12-06 21:38:34 99840 ----a-w- C:\Windows\System32\OpenVideo64.dll2013-12-06 21:38:28 83968 ----a-w- C:\Windows\SysWow64\OpenVideo.dll2013-12-06 21:38:22 86528 ----a-w- C:\Windows\System32\OVDecode64.dll2013-12-06 21:38:18 73728 ----a-w- C:\Windows\SysWow64\OVDecode.dll2013-12-06 21:37:58 29382144 ----a-w- C:\Windows\System32\amdocl64.dll2013-12-06 21:33:28 63488 ----a-w- C:\Windows\System32\OpenCL.dll2013-12-06 21:26:44 129536 ----a-w- C:\Windows\System32\coinst_13.251.dll2013-12-06 21:16:40 26352128 ----a-w- C:\Windows\System32\atio6axx.dll2013-12-06 21:13:02 368640 ----a-w- C:\Windows\System32\atiapfxx.exe2013-12-06 21:12:52 62464 ----a-w- C:\Windows\System32\aticalrt64.dll2013-12-06 21:12:50 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll2013-12-06 21:12:42 55808 ----a-w- C:\Windows\System32\aticalcl64.dll2013-12-06 21:12:40 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll2013-12-06 21:12:26 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll2013-12-06 21:09:18 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll2013-12-06 20:58:50 22157824 ----a-w- C:\Windows\SysWow64\atioglxx.dll2013-12-06 20:53:10 31232 ----a-w- C:\Windows\System32\atimuixx.dll2013-12-06 20:53:04 588288 ----a-w- C:\Windows\System32\atieclxx.exe2013-12-06 20:52:10 239616 ----a-w- C:\Windows\System32\atiesrxx.exe2013-12-06 20:50:36 190976 ----a-w- C:\Windows\System32\atitmm64.dll2013-12-06 20:22:54 96256 ----a-w- C:\Windows\System32\amdave64.dll2013-12-06 20:22:48 90112 ----a-w- C:\Windows\SysWow64\amdave32.dll2013-12-06 20:22:38 89088 ----a-w- C:\Windows\System32\atisamu64.dll2013-12-06 20:22:34 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll2013-12-06 20:22:12 74752 ----a-w- C:\Windows\System32\atig6pxx.dll2013-12-06 20:22:08 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll2013-12-06 20:22:08 69632 ----a-w- C:\Windows\System32\atiglpxx.dll2013-12-06 20:22:04 100352 ----a-w- C:\Windows\System32\atig6txx.dll2013-12-06 20:21:44 626176 ----a-w- C:\Windows\System32\drivers\atikmpag.sys2013-12-06 20:18:12 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll.==================== Find3M ====================.2013-12-30 19:35:56 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr2013-12-30 19:35:56 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe2013-12-18 22:55:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-18 22:55:10 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-12-06 22:04:10 143304 ----a-w- C:\Windows\System32\atiuxp64.dll2013-12-06 22:03:00 115512 ----a-w- C:\Windows\System32\atiu9p64.dll2013-12-06 22:02:38 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll2013-12-06 22:01:52 1318552 ----a-w- C:\Windows\System32\aticfx64.dll2013-12-06 22:01:04 1100216 ----a-w- C:\Windows\SysWow64\aticfx32.dll2013-12-06 22:00:16 9753752 ----a-w- C:\Windows\System32\atidxx64.dll2013-12-06 21:59:00 8287008 ----a-w- C:\Windows\SysWow64\atiumdva.dll2013-12-06 21:58:10 6630232 ----a-w- C:\Windows\SysWow64\atiumdag.dll2013-12-06 21:57:20 8927704 ----a-w- C:\Windows\System32\atiumd6a.dll2013-12-06 21:56:54 7751920 ----a-w- C:\Windows\System32\atiumd64.dll2013-12-06 21:35:36 24860160 ----a-w- C:\Windows\SysWow64\amdocl.dll2013-12-06 21:33:24 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll2013-12-06 20:53:18 442368 ----a-w- C:\Windows\System32\atidemgy.dll2013-12-06 20:22:42 1144320 ----a-w- C:\Windows\System32\atiadlxx.dll2013-12-06 20:22:28 825344 ----a-w- C:\Windows\SysWow64\atiadlxy.dll2013-12-06 20:21:54 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll2013-11-21 04:37:43 74432 ----a-w- C:\Windows\System32\drivers\RzFilter.sys2013-11-21 04:37:43 129472 ----a-w- C:\Windows\System32\drivers\RzDxgk.sys2013-11-19 08:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe2013-10-08 11:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll.============= FINISH: 23:52:39.32 =============== ATTACH.txt.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1Install Date: 12/4/2012 7:02:01 PMSystem Uptime: 12/31/2013 10:18:53 PM (1 hours ago).Motherboard: BIOSTAR Group | | TZ77BProcessor: Intel® Core i5-3570K CPU @ 3.40GHz | SOCKET 0 | 3401/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 112 GiB total, 15.276 GiB free.D: is CDROM ()E: is FIXED (NTFS) - 932 GiB total, 442.315 GiB free.F: is RemovableG: is CDROM ()H: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP269: 12/31/2013 11:25:40 AM - Windows UpdateRP270: 12/31/2013 4:12:14 PM - AA11.==== Installed Programs ======================. Tools for .Net 3.5µTorrent3DMark 114K Video Downloader 3.04K YouTube to MP3 2.57-Zip 9.20 (x64 edition)Accent RAR Password RecoveryAd-Aware AntivirusAdAwareInstallerAdAwareUpdaterAdobe AIRAdobe Creative CloudAdobe Flash Player 12 ActiveXAdobe Flash Player 12 PluginAdobe Help ManagerAdobe Reader XI (11.0.05)Adobe Shockwave Player 12.0Advanced SystemCare 7AMD Accelerated Video TranscodingAMD APP SDK RuntimeAMD Catalyst Control CenterAMD Catalyst Install ManagerAMD Drag and Drop TranscodingAMD Media Foundation DecodersAMD Wireless Display v3.0AntimalwareEngineApple Application SupportApple Mobile Device SupportApple Software UpdateApplication ProfilesAssassin's Creed® III v1.04BandicamBandisoft MPEG-1 DecoderBatman Arkham Origins, âåðñèÿ 1.0.0.0Battlefield 3™Battlelog Web PluginsBioShock InfiniteBitMinter ClientBlend for Visual Studio 2012Blend for Visual Studio 2012 ENU resourcesBonjourBOSSBurnout Paradise: The Ultimate BoxCamtasia Studio 8Castle CrashersCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCheat Engine 6.2CINEMA 4D 14.034CPUID CPU-Z 1.62.0D3DX10Darksiders IIDC Universe OnlineDC Universe Online LiveDefinition Update for Microsoft Office 2010 (KB982726) 64-Bit EditionDishonoredDota 2Dotfuscator and Analytics Community EditionEntity Framework Designer for Visual Studio 2012 - enuESN Sonarf.luxFacebook Video Calling 1.2.0.287Far Cry 3Far Cry 3 Blood DragonFaçadeFraps (remove only)Freemake Video Converter version 4.0.0Futuremark SystemInfoGame Dev Tycoon v1.3.2 © Greenheart Games version 1Geeks3D.com FurMark 1.9.2Google ChromeGoogle Update HelperGrand Theft Auto IVGTA IV Vehicle Mod Installer v1.3GTA San AndreasGuitar Pro 6Hammerfight 1.004Heaven Benchmark version 4.0Hi-Rez Studios Authenticate and Update ServiceIIS 8.0 ExpressIIS Express Application Compatibility Database for x64IIS Express Application Compatibility Database for x86Intel® Manageability Engine Firmware Recovery AgentIntel® Management Engine ComponentsIntel® Trusted Connect Service ClientIObit Malware FighteriTunesJava 7 Update 17 (64-bit)Java 7 Update 45Java Auto UpdaterKSP - Kerbal Space Program 0.20.2League of LegendsLocalESPCLocalESPCui for en-usLogMeIn HamachiLOLReplayMalwarebytes Anti-Malware version 1.75.0.1300Mass Effect™ 3Maxthon Cloud BrowserMetro Last Light Update 1.0.0.2Metro: Last Light © Deep Silver version 1Microsoft .NET Framework 4 Multi-Targeting PackMicrosoft .NET Framework 4.5Microsoft .NET Framework 4.5 Multi-Targeting PackMicrosoft .NET Framework 4.5 SDKMicrosoft Application Error ReportingMicrosoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)Microsoft CorporationMicrosoft Games for Windows - LIVE RedistributableMicrosoft Games for Windows MarketplaceMicrosoft Help Viewer 2.0Microsoft LifeCamMicrosoft LightSwitch for Visual Studio 2012 CoreMicrosoft LightSwitch for Visual Studio 2012 CoreRes - ENUMicrosoft Mouse and Keyboard CenterMicrosoft NuGet - Visual Studio 2012Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 32-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 32-bit MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft Portable Library Multi-Targeting PackMicrosoft Portable Library Multi-Targeting Pack Language Pack - enuMicrosoft Report Viewer Add-On for Visual Studio 2012Microsoft SilverlightMicrosoft Silverlight 4 SDKMicrosoft Silverlight 5 SDKMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft SQL Server 2012 Command Line Utilities Microsoft SQL Server 2012 Data-Tier App Framework Microsoft SQL Server 2012 Express LocalDB Microsoft SQL Server 2012 Management Objects Microsoft SQL Server 2012 Management Objects (x64)Microsoft SQL Server 2012 Native Client Microsoft SQL Server 2012 T-SQL Language Service Microsoft SQL Server 2012 Transact-SQL Compiler Service Microsoft SQL Server 2012 Transact-SQL ScriptDom Microsoft SQL Server Compact 4.0 SP1 x64 ENUMicrosoft SQL Server Data Tools - enu (11.1.20627.00)Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)Microsoft SQL Server System CLR TypesMicrosoft SQL Server System CLR Types (x64)Microsoft System CLR Types for SQL Server 2012Microsoft System CLR Types for SQL Server 2012 (x64)Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727Microsoft Visual C++ 2012 CompilersMicrosoft Visual C++ 2012 Compilers - ENU ResourcesMicrosoft Visual C++ 2012 Core LibrariesMicrosoft Visual C++ 2012 Extended LibrariesMicrosoft Visual C++ 2012 Microsoft Foundation Class LibrariesMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.50727Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106Microsoft Visual Studio 2010 Office Developer Tools (x64)Microsoft Visual Studio 2010 Tools for Office Runtime (x64)Microsoft Visual Studio 2012 DevenvMicrosoft Visual Studio 2012 Devenv ResourcesMicrosoft Visual Studio 2012 IntelliTrace Core amd64Microsoft Visual Studio 2012 IntelliTrace Core x86Microsoft Visual Studio 2012 IntelliTrace Front End x86Microsoft Visual Studio 2012 Performance Collection ToolsMicrosoft Visual Studio 2012 Performance Collection Tools - ENUMicrosoft Visual Studio 2012 PreparationMicrosoft Visual Studio 2012 Shell (Minimum)Microsoft Visual Studio 2012 Shell (Minimum) Interop AssembliesMicrosoft Visual Studio 2012 Shell (Minimum) ResourcesMicrosoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENUMicrosoft Visual Studio Premium 2012Microsoft Visual Studio Premium 2012 - ENUMicrosoft Visual Studio Professional 2012Microsoft Visual Studio Professional 2012 - ENUMicrosoft Visual Studio Team Foundation Server 2012 Object ModelMicrosoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENUMicrosoft Visual Studio Team Foundation Server 2012 StoryboardingMicrosoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENUMicrosoft Visual Studio Team Foundation Server 2012 Team ExplorerMicrosoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENUMicrosoft Visual Studio Ultimate 2012Microsoft Visual Studio Ultimate 2012 - ENUMicrosoft Visual Studio Ultimate 2012 XAML UI Designer CoreMicrosoft Visual Studio Ultimate 2012 XAML UI Designer enu ResourcesMicrosoft Web Deploy 3.0Microsoft Web Deploy dbSqlPackage Provider - enuMicrosoft Web Developer Tools - Visual Studio 2012Microsoft_VC80_CRT_x86Microsoft_VC90_CRT_x86Mirror's Edge™MotioninJoy Gamepad tool 0.7.1001Movie MakerMp3tag v2.57MSI Afterburner 3.0.0 Beta 17MSI Kombustor 2.5.0MSVCRTMSVCRT RedistsMSVCRT110MSVCRT110_amd64NBA 2K13Need for Speed Most WantedNeed for Speed™ ProStreetNexus Mod ManagerNo-IP DUCNotepad++NVIDIA PhysXooVooOpen Broadcaster SoftwareOpenALOracle VM VirtualBox 4.2.6OriginPCSX2 - Playstation 2 EmulatorPDF Combiner version 2.0PDF Settings CS6Photo CommonPhoto GalleryPortal 2PowerISOPreEmptive Analytics Visual Studio ComponentsPrerequisites for SSDT Prince of PersiaProject 64 version 2.0.0.14PunkBuster ServicesQuickTimeRadeonPro 1.0 (Build 1.1.1.0)RainmeterRapture3D 2.4.8 GameRazer CommsRazer CoreRealtek Ethernet Controller DriverRealtek High Definition Audio DriverRivaTuner Statistics Server 5.3.0Samsung KiesSAMSUNG USB Driver for Mobile PhonesSecurity Update for Microsoft Excel 2010 (KB2826033) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553284) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687423) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826023) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826035) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2850016) 64-Bit EditionSecurity Update for Microsoft Outlook 2010 (KB2837597) 64-Bit EditionService Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit EditionSizer 3.34Skype™ 6.0Smart Defrag 2SpeccySpotifySSDlife FreeSteamSuper Street Fighter IV: Arcade EditionSurfing ProtectionswMSMSystem Requirements Lab CYRISystem Requirements Lab for IntelTeam Fortress 2TeamViewer 8TombraiderTongbu Assistant 2.1.0.1TrackMania Nations ForeverTribes AscendTSEV Skyrim LEUberStrike HD version 4.3.10Update for (KB2504637)Update for Microsoft Access 2010 (KB2553446) 64-Bit EditionUpdate for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2589298) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2589352) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2589375) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2597087) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2760598) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2794737) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2825640) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2826026) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2850079) 64-Bit EditionUpdate for Microsoft OneNote 2010 (KB2810072) 64-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2553145) 64-Bit EditionUpdate for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit EditionUpdate for Microsoft Visual Studio 2012 (KB2781514)Update for Microsoft Word 2010 (KB2837593) 64-Bit EditionUplayVegas Pro 12.0 (64-bit)Ventrilo Client for Windows x64Ventrilo ServerVisual Studio 2012 PrerequisitesVisual Studio 2012 Prerequisites - ENU Language PackVisual Studio Extensions for Windows Library for JavaScriptWCF Data Services 5.0 (for OData v3) Primary ComponentsWCF Data Services Tools for Microsoft Visual Studio 2012WCF RIA Services V1.0 SP2Windows App Certification Kit Native ComponentsWindows App Certification Kit x64Windows Essentials Media Codec Pack 4.0 [64-Bit]Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Runtime Intellisense Content - en-usWindows Software Development KitWindows Software Development Kit DirectX x64 RemoteWindows Software Development Kit DirectX x86 RemoteWindows Software Development Kit for Windows Store Apps.==== Event Viewer Messages From Past Week ========.12/31/2013 10:29:38 PM, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).12/31/2013 10:19:11 PM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The WMI request could not be completed and should be retried.12/31/2013 10:17:21 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.12/31/2013 10:17:21 PM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.12/31/2013 10:17:21 PM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine..==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted January 1, 2014 ID:771510 Share Posted January 1, 2014 Welcome to the forum. Please download and run RogueKiller 32 Bit to your desktop. RogueKiller 64 Bit <---use this one for 64 bit systems Which system am I using? Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes and use the default font) General P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. MrC Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- (If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
Qwazii Posted January 1, 2014 Author ID:771562 Share Posted January 1, 2014 Thanks MrC, I ran RogueKiller x64 and it generated this log. RKreport[0]_S_01012014_111242.txtRogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7600 ) 64 bits versionStarted in : Normal modeUser : Qwazi [Admin rights]Mode : Scan -- Date : 01/01/2014 11:12:42| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 9 ¤¤¤[DNS][PUM] HKLM\[...]\CCSet\[...]\{FC3C04DD-9BA5-460E-80FD-91A36D0214ED} : NameServer (64.105.199.76 [uNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS001\[...]\{FC3C04DD-9BA5-460E-80FD-91A36D0214ED} : NameServer (64.105.199.76 [uNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS002\[...]\{FC3C04DD-9BA5-460E-80FD-91A36D0214ED} : NameServer (64.105.199.76 [uNITED STATES (US)]) -> FOUND[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Samsung SSD 840 Series ATA Device +++++--- User ---[MBR] 26b214c3db98efca16f2debde958c508[bSP] c7eb89b331c834a7ca35094a221d42ce : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST31000524AS ATA Device +++++--- User ---[MBR] 1f6eb2740d8f6eac2f2acd5efcb2c9fe[bSP] 3b1a1b5a685aaaf78cbcd09a95c4e774 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_01012014_111242.txt >> Link to post Share on other sites More sharing options...
MrCharlie Posted January 1, 2014 ID:771572 Share Posted January 1, 2014 Is this program something you recognize and trust???Tongbu Assistant 2.1.0.1If not...please uninstall it.-------------------------------------Then try this procedure:Lets clean out any adware/spyware now: (this will require a reboot so save all your work)Please download AdwCleaner by Xplode and save to your Desktop.Make sure you click on download buttons that look similar to this, not "sponsored ad links":Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then..................Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
Qwazii Posted January 1, 2014 Author ID:771597 Share Posted January 1, 2014 AdwCleaner[R0].txt# AdwCleaner v3.016 - Report created 31/12/2013 at 20:09:07# Updated 23/12/2013 by Xplode# Operating System : Windows 7 Ultimate (64 bits)# Username : Qwazi - INFINITY# Running from : E:\Downloads\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Qwazi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorageFile Found : C:\Users\Qwazi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorageFile Found : C:\Windows\System32\roboot64.exeFolder Found C:\ProgramData\BabylonFolder Found C:\ProgramData\boost_interprocessFolder Found C:\ProgramData\Tarma InstallerFolder Found C:\Users\Qwazi\AppData\Local\Bundled software uninstallerFolder Found C:\Users\Qwazi\AppData\Local\webplayerFolder Found C:\Users\Qwazi\AppData\Roaming\PerformerSoft ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\5f48ddee13bef46Key Found : HKCU\Software\APN PIPKey Found : HKCU\Software\Microsoft\BabylonKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}Key Found : HKCU\Software\performersoft llcKey Found : [x64] HKCU\Software\APN PIPKey Found : [x64] HKCU\Software\Microsoft\BabylonKey Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Found : [x64] HKCU\Software\performersoft llcKey Found : HKLM\SOFTWARE\5f48ddee13bef46Key Found : HKLM\Software\BabylonKey Found : HKLM\SOFTWARE\Classes\*\shell\filescoutKey Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLLKey Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Found : HKLM\SOFTWARE\Classes\Prod.capKey Found : HKLM\Software\ConduitKey Found : HKLM\Software\DataMngrKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcbKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefphKey Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancsKey Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancsKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstallerKey Found : HKLM\Software\PIPKey Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16476 -\\ Google Chrome v31.0.1650.63 [ File : C:\Users\Qwazi\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4056 octets] - [31/12/2013 20:09:07] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4116 octets] ########## AdwCleaner[s0].txt# AdwCleaner v3.016 - Report created 31/12/2013 at 20:10:30# Updated 23/12/2013 by Xplode# Operating System : Windows 7 Ultimate (64 bits)# Username : Qwazi - INFINITY# Running from : E:\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\BabylonFolder Deleted : C:\ProgramData\boost_interprocessFolder Deleted : C:\ProgramData\Tarma InstallerFolder Deleted : C:\Users\Qwazi\AppData\Local\Bundled software uninstallerFolder Deleted : C:\Users\Qwazi\AppData\Local\webplayerFolder Deleted : C:\Users\Qwazi\AppData\Roaming\PerformerSoftFile Deleted : C:\Windows\System32\roboot64.exeFile Deleted : C:\Users\Qwazi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorageFile Deleted : C:\Users\Qwazi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcbKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefphKey Deleted : HKLM\SOFTWARE\Classes\*\shell\filescoutKey Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLLKey Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancsKey Deleted : HKCU\Software\5f48ddee13bef46Key Deleted : HKLM\SOFTWARE\5f48ddee13bef46Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Deleted : HKCU\Software\APN PIPKey Deleted : HKCU\Software\Microsoft\BabylonKey Deleted : HKCU\Software\performersoft llcKey Deleted : HKLM\Software\BabylonKey Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\DataMngrKey Deleted : HKLM\Software\PIPKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16476 -\\ Google Chrome v31.0.1650.63 [ File : C:\Users\Qwazi\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4224 octets] - [31/12/2013 20:09:07]AdwCleaner[s0].txt - [3985 octets] - [31/12/2013 20:10:30] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4045 octets] ########## Thanks, here are the two logs. As for the scan, there was nothing malicious detected but the adware is definitely still there under the sound mixer. Here is the log. mbam-log-2014-01-01 (13-12-56).txtMalwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2014.01.01.04 Windows 7 x64 NTFSInternet Explorer 9.0.8112.16421Qwazi :: INFINITY [administrator] Protection: Enabled 1/1/2014 1:12:56 PMmbam-log-2014-01-01 (13-12-56).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 224327Time elapsed: 2 minute(s), 2 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
MrCharlie Posted January 1, 2014 ID:771621 Share Posted January 1, 2014 OK....Next: Please download and run ComboFix. The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop. Please visit this webpage for download links, and instructions for running ComboFix http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please make sure you click download buttons that look similar to this, not "sponsored ad links": Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Information on disabling your malware programs can be found Here. Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed. Please include the C:\ComboFix.txt in your next reply for further review. ---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed. MrC Link to post Share on other sites More sharing options...
Qwazii Posted January 1, 2014 Author ID:771733 Share Posted January 1, 2014 All right, I disabled all anti-virus programs and ran the ComboFix ComboFix.txtComboFix 14-01-01.01 - Qwazi 01/01/2014 17:03:17.2.4 - x64Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.16349.10367 [GMT -5:00]Running from: c:\users\Qwazi\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-12-01 to 2014-01-01 )))))))))))))))))))))))))))))))..2014-01-01 22:17 . 2014-01-01 22:17 -------- d-----w- c:\users\Default\AppData\Local\temp2014-01-01 01:40 . 2014-01-01 16:12 95232 ----a-w- c:\windows\system32\drivers\bridge.sys.bak2014-01-01 01:15 . 2014-01-01 01:15 -------- d-----w- c:\windows\ERUNT2014-01-01 01:09 . 2014-01-01 18:03 -------- d-----w- C:\AdwCleaner2013-12-31 21:20 . 2013-12-31 21:20 -------- d-----w- c:\users\Qwazi\AppData\Roaming\LavasoftStatistics2013-12-31 21:12 . 2013-12-31 21:12 -------- d-----w- c:\programdata\Lavasoft2013-12-31 16:25 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2AB1E5C-8282-474B-88DD-276D522A77D7}\mpengine.dll2013-12-31 02:01 . 2013-05-22 23:49 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe2013-12-31 01:47 . 2013-05-22 23:49 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys2013-12-31 01:46 . 2013-06-27 23:05 27456 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe2013-12-31 01:40 . 2013-12-31 16:22 -------- d-----w- c:\programdata\ProductData2013-12-31 01:40 . 2013-12-31 16:22 -------- d-----w- c:\program files (x86)\IObit2013-12-31 01:40 . 2013-12-31 01:47 -------- d-----w- c:\programdata\IObit2013-12-31 01:40 . 2013-12-31 01:40 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}2013-12-31 01:39 . 2013-12-31 01:47 -------- d-----w- c:\users\Qwazi\AppData\Roaming\IObit2013-12-31 00:41 . 2013-12-31 00:42 -------- d-----w- c:\users\Qwazi\Doctor Web2013-12-31 00:41 . 2013-12-31 00:41 -------- d-----w- c:\programdata\Doctor Web2013-12-30 23:58 . 2013-12-31 00:02 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-12-30 23:48 . 2013-12-30 23:48 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-12-30 23:33 . 2013-12-31 00:30 -------- d-----w- C:\TDSSKiller_Quarantine2013-12-26 21:21 . 2013-12-26 21:21 -------- d-----w- c:\users\Qwazi\.SquashOccurrences2013-12-23 16:29 . 2013-04-28 19:56 396800 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\DAO\w\a\l\m\a\r\t\dll\ISSkinExW.dll2013-12-18 23:43 . 2013-12-18 23:43 -------- d-----w- c:\program files (x86)\AMD AVT2013-12-18 23:43 . 2013-12-18 23:43 -------- d-----w- c:\programdata\ATI2013-12-18 23:43 . 2013-12-18 23:43 -------- d-----w- c:\program files\AMD2013-12-16 22:50 . 2013-12-30 04:07 -------- d-----w- c:\users\Qwazi\AppData\Roaming\DogeCoin2013-12-06 22:08 . 2013-12-06 22:08 157736 ----a-w- c:\windows\system32\amdhcp64.dll2013-12-06 22:08 . 2013-12-06 22:08 142304 ----a-w- c:\windows\SysWow64\amdhcp32.dll2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\atimpc64.dll2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\amdpcom64.dll2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll2013-12-06 22:03 . 2013-12-06 22:03 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll2013-12-06 21:59 . 2013-12-06 21:59 8406024 ----a-w- c:\windows\SysWow64\atidxx32.dll2013-12-06 21:52 . 2013-12-06 21:52 13207552 ----a-w- c:\windows\system32\drivers\atikmdag.sys2013-12-06 21:49 . 2013-12-06 21:49 51200 ----a-w- c:\windows\system32\kdbsdk64.dll2013-12-06 21:44 . 2013-12-06 21:44 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll2013-12-06 21:38 . 2013-12-06 21:38 230912 ----a-w- c:\windows\system32\clinfo.exe2013-12-06 21:38 . 2013-12-06 21:38 99840 ----a-w- c:\windows\system32\OpenVideo64.dll2013-12-06 21:38 . 2013-12-06 21:38 83968 ----a-w- c:\windows\SysWow64\OpenVideo.dll2013-12-06 21:38 . 2013-12-06 21:38 86528 ----a-w- c:\windows\system32\OVDecode64.dll2013-12-06 21:38 . 2013-12-06 21:38 73728 ----a-w- c:\windows\SysWow64\OVDecode.dll2013-12-06 21:37 . 2013-12-06 21:37 29382144 ----a-w- c:\windows\system32\amdocl64.dll2013-12-06 21:33 . 2013-12-06 21:33 63488 ----a-w- c:\windows\system32\OpenCL.dll2013-12-06 21:26 . 2013-12-06 21:26 129536 ----a-w- c:\windows\system32\coinst_13.251.dll2013-12-06 21:16 . 2013-12-06 21:16 26352128 ----a-w- c:\windows\system32\atio6axx.dll2013-12-06 21:13 . 2013-12-06 21:13 368640 ----a-w- c:\windows\system32\atiapfxx.exe2013-12-06 21:12 . 2013-12-06 21:12 62464 ----a-w- c:\windows\system32\aticalrt64.dll2013-12-06 21:12 . 2013-12-06 21:12 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll2013-12-06 21:12 . 2013-12-06 21:12 55808 ----a-w- c:\windows\system32\aticalcl64.dll2013-12-06 21:12 . 2013-12-06 21:12 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll2013-12-06 21:12 . 2013-12-06 21:12 15716352 ----a-w- c:\windows\system32\aticaldd64.dll2013-12-06 21:09 . 2013-12-06 21:09 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll2013-12-06 20:58 . 2013-12-06 20:58 22157824 ----a-w- c:\windows\SysWow64\atioglxx.dll2013-12-06 20:53 . 2013-12-06 20:53 31232 ----a-w- c:\windows\system32\atimuixx.dll2013-12-06 20:53 . 2013-12-06 20:53 588288 ----a-w- c:\windows\system32\atieclxx.exe2013-12-06 20:52 . 2013-12-06 20:52 239616 ----a-w- c:\windows\system32\atiesrxx.exe2013-12-06 20:50 . 2013-12-06 20:50 190976 ----a-w- c:\windows\system32\atitmm64.dll2013-12-06 20:22 . 2013-12-06 20:22 96256 ----a-w- c:\windows\system32\amdave64.dll2013-12-06 20:22 . 2013-12-06 20:22 90112 ----a-w- c:\windows\SysWow64\amdave32.dll2013-12-06 20:22 . 2013-12-06 20:22 89088 ----a-w- c:\windows\system32\atisamu64.dll2013-12-06 20:22 . 2013-12-06 20:22 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll2013-12-06 20:22 . 2013-12-06 20:22 74752 ----a-w- c:\windows\system32\atig6pxx.dll2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\system32\atiglpxx.dll2013-12-06 20:22 . 2013-12-06 20:22 100352 ----a-w- c:\windows\system32\atig6txx.dll2013-12-06 20:21 . 2013-12-06 20:21 626176 ----a-w- c:\windows\system32\drivers\atikmpag.sys2013-12-06 20:18 . 2013-12-06 20:18 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-12-30 19:35 . 2012-12-15 21:58 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2013-12-30 19:35 . 2012-12-07 20:39 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2013-12-18 22:55 . 2012-12-05 01:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-18 22:55 . 2012-12-05 01:46 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-12-14 04:35 . 2012-12-05 01:36 90708896 ----a-w- c:\windows\system32\MRT.exe2013-12-06 22:04 . 2012-12-02 07:11 143304 ----a-w- c:\windows\system32\atiuxp64.dll2013-12-06 22:03 . 2013-07-24 00:39 115512 ----a-w- c:\windows\system32\atiu9p64.dll2013-12-06 22:02 . 2012-12-02 07:11 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll2013-12-06 22:01 . 2012-12-02 07:48 1318552 ----a-w- c:\windows\system32\aticfx64.dll2013-12-06 22:01 . 2012-12-02 07:50 1100216 ----a-w- c:\windows\SysWow64\aticfx32.dll2013-12-06 22:00 . 2012-12-02 07:29 9753752 ----a-w- c:\windows\system32\atidxx64.dll2013-12-06 21:59 . 2012-12-02 07:29 8287008 ----a-w- c:\windows\SysWow64\atiumdva.dll2013-12-06 21:58 . 2012-12-02 08:31 6630232 ----a-w- c:\windows\SysWow64\atiumdag.dll2013-12-06 21:57 . 2013-07-24 00:38 8927704 ----a-w- c:\windows\system32\atiumd6a.dll2013-12-06 21:56 . 2013-07-24 00:38 7751920 ----a-w- c:\windows\system32\atiumd64.dll2013-12-06 21:35 . 2013-07-24 00:16 24860160 ----a-w- c:\windows\SysWow64\amdocl.dll2013-12-06 21:33 . 2013-07-24 00:14 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll2013-12-06 20:53 . 2013-07-23 23:42 442368 ----a-w- c:\windows\system32\atidemgy.dll2013-12-06 20:22 . 2013-07-23 23:11 1144320 ----a-w- c:\windows\system32\atiadlxx.dll2013-12-06 20:22 . 2013-07-23 23:11 825344 ----a-w- c:\windows\SysWow64\atiadlxy.dll2013-12-06 20:21 . 2013-07-23 23:10 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll2013-11-21 04:37 . 2013-11-28 18:11 74432 ----a-w- c:\windows\system32\drivers\RzFilter.sys2013-11-21 04:37 . 2013-11-28 18:11 129472 ----a-w- c:\windows\system32\drivers\RzDxgk.sys2013-11-19 08:33 . 2012-12-05 00:55 267936 ------w- c:\windows\system32\MpSigStub.exe2013-10-08 11:50 . 2013-06-24 17:08 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..[7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll[-] 2009-07-14 . 10E11A02FE18613DCB7A915C02E71011 . 510464 . . [6.1.7600.16385] .. c:\windows\system32\rpcss.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F72C8153-7140-4FEE-8F69-CA4579D71195}]2013-04-01 02:22 73728 ----a-w- e:\programs\Tongbu\Addin\tbIEAddin.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]2012-04-09 21:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Facebook Update"="c:\users\Qwazi\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-13 138096]"OfficeSyncProcess"="e:\programs\Office\Office14\MSOSYNC.EXE" [2013-04-22 911040]"KiesHelper"="e:\programs\Kies\KiesHelper.exe" [2012-06-08 958392]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17879216]"Spotify Web Helper"="c:\users\Qwazi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-12-04 1168896]"F.lux"="c:\users\Qwazi\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2013-12-18 36125760]"Razer Comms"="c:\program files (x86)\Razer\Core\RazerCore.exe" [2013-12-11 1094848]"Spotify"="c:\users\Qwazi\AppData\Roaming\Spotify\spotify.exe" [2013-12-04 5951488]"Advanced SystemCare 7"="e:\programs\Advanced SystemCare 7\ASCTray.exe" [2013-12-09 2285344].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]"PWRISOVM.EXE"="e:\programs\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]"KiesTrayAgent"="e:\programs\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"iTunesHelper"="e:\programs\iTunes\iTunesHelper.exe" [2013-11-02 152392]"LogMeIn Hamachi Ui"="e:\programs\Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2013-12-13 1573184]"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-12-19 2239376].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17879216].c:\users\Qwazi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\League of Legends.lnk - e:\programs\LoL\lol.launcher.exe [2013-5-7 97856]Rainmeter.lnk - e:\programs\Rainmeter\Rainmeter.exe [2012-11-4 41160].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk - e:\programs\LOLReplay\LOLRecorder.exe -minimize [2013-12-10 526848].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]@="Service".R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R3 cpuz135;cpuz135;c:\users\Qwazi\AppData\Local\Temp\cpuz135\cpuz135_x64.sys;c:\users\Qwazi\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]S0 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys;c:\windows\SYSNATIVE\drivers\BIOS64.sys [x]S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;e:\programs\Advanced SystemCare 7\ASCService.exe;e:\programs\Advanced SystemCare 7\ASCService.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\programs\Hamachi\hamachi-2.exe;e:\programs\Hamachi\hamachi-2.exe [x]S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;e:\programs\Tribes Ascend\HiPatchService.exe;e:\programs\Tribes Ascend\HiPatchService.exe [x]S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 RadeonPro Support Service;RadeonPro Support Service;e:\programs\RadeonPro\RadeonProSupport.exe;e:\programs\RadeonPro\RadeonProSupport.exe [x]S2 RzOvlMon;Razer Overlay Subsystem Emergency Service;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe [x]S2 TeamViewer8;TeamViewer 8;e:\programs\TeamViewer\TeamViewer_Service.exe;e:\programs\TeamViewer\TeamViewer_Service.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\cbfs3.sys [x]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]S3 RTCore64;RTCore64;e:\programs\MSI\Afterburner\RTCore64.sys;e:\programs\MSI\Afterburner\RTCore64.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 RzDxgk;RzDxgk;c:\windows\system32\drivers\RzDxgk.sys;c:\windows\SYSNATIVE\drivers\RzDxgk.sys [x]S3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-12-05 02:15 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-05 22:55].2014-01-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2423923305-1205973390-3724056878-1000Core.job- c:\users\Qwazi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-13 21:50].2014-01-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2423923305-1205973390-3724056878-1000UA.job- c:\users\Qwazi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-13 21:50].2014-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-05 00:39].2014-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-05 00:39].2014-01-01 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 18:41].2013-12-31 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 18:41]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]2013-12-13 17:20 3359600 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]2013-12-13 17:20 3359600 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]2013-12-13 17:20 3359600 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]2012-04-09 21:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-12-10 472984]"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]"BCSSync"="e:\programs\Office\Office14\BCSSync.exe" [2012-11-05 108144]"MouseDriver"="TiltWheelMouse.exe" [2012-12-19 241152].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - e:\programs\Office\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - e:\programs\Office\Office14\ONBttnIE.dll/105Trusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: Interfaces\{FC3C04DD-9BA5-460E-80FD-91A36D0214ED}: NameServer = 64.105.199.76..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2423923305-1205973390-3724056878-1000\Software\SecuROM\License information*]"datasecu"=hex:cc,34,fc,7f,6b,77,e4,2c,f1,1c,da,2a,52,9a,16,28,97,a2,d7,90,60, 04,8a,f0,8a,ee,36,37,29,f4,70,8c,21,2f,b4,f3,f3,81,48,a8,47,00,75,8d,6b,6a,\"rkeysecu"=hex:87,f2,cb,60,f1,41,7d,b6,f0,80,49,f3,8e,e2,a8,85.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_39_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_39_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_75_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_75_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_39_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_39_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_75_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_75_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_39.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_39.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_39.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_39.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-01-01 17:58:55ComboFix-quarantined-files.txt 2014-01-01 22:58ComboFix2.txt 2013-12-31 17:51.Pre-Run: 18,233,946,112 bytes freePost-Run: 19,979,374,592 bytes free.- - End Of File - - 3316E4ED4C84804346D584C3C55BCA56A36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
MrCharlie Posted January 2, 2014 ID:771775 Share Posted January 2, 2014 Any difference???Can you upload these files to VirusTotal for a free scan and let me know the results...just copy back the URLhttp://www.virustotal.com/c:\program files (x86)\Common Files\Microsoft Shared\DAO\w\a\l\m\a\r\t\dll\ISSkinExW.dllc:\windows\system32\rpcss.dllLet me know.....MrC Link to post Share on other sites More sharing options...
Qwazii Posted January 2, 2014 Author ID:771807 Share Posted January 2, 2014 Umm, yeah albeit minor. Under my sound mixer, the "Name Not Available" has changed in name to "Host Process for Windows Services" And here's the ISSkinExW.dllhttps://www.virustotal.com/en/file/9e89cced14d1e9c2845ab96983119be81e79da11008b117f087a05a8cf76e2ee/analysis/ rpcss.dllhttps://www.virustotal.com/en/file/c06962fb3184fba638d731b18a9619056b6ba293d17af233d6e4a5f271d03ba4/analysis/1388625446/ thanks Link to post Share on other sites More sharing options...
MrCharlie Posted January 2, 2014 ID:772001 Share Posted January 2, 2014 Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?) Please make sure you click download buttons that look similar to this, not "sponsored ad links": Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.If the logs are large, you can attach them: To attach a log: Bottom right corner of this page. New window that comes up. MrC Link to post Share on other sites More sharing options...
Qwazii Posted January 2, 2014 Author ID:772298 Share Posted January 2, 2014 Alright, I ran the FRST64 and here are the two logs thanksAddition.txtFRST.txt Link to post Share on other sites More sharing options...
MrCharlie Posted January 2, 2014 ID:772328 Share Posted January 2, 2014 Download the attached fixlist.txt to the same folder as FRST. Run FRST.exe and click Fix only once and wait The tool will create a log (Fixlog.txt) in the folder, please post it to your reply. Then...... Run another scan with ComboFix and post the new log MrC Link to post Share on other sites More sharing options...
Qwazii Posted January 2, 2014 Author ID:772438 Share Posted January 2, 2014 Here you go, thanks Fixlog.txtFix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-01-2014Ran by Qwazi at 2014-01-02 17:27:16 Run:1Running from C:\Users\Qwazi\Desktop\FRSTBoot Mode: Normal============================================== Content of fixlist:*****************Replace: c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll c:\windows\system32\rpcss.dll***************** c:\windows\system32\rpcss.dll => Moved successfully.c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll copied successfully to c:\windows\system32\rpcss.dll ==== End of Fixlog ==== Combofix.txtComboFix 14-01-01.01 - Qwazi 01/02/2014 17:36:17.3.4 - x64Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.16349.11588 [GMT -5:00]Running from: c:\users\Qwazi\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-12-02 to 2014-01-02 )))))))))))))))))))))))))))))))..2014-01-02 22:51 . 2014-01-02 22:51 -------- d-----w- c:\users\Default\AppData\Local\temp2014-01-02 20:42 . 2014-01-02 22:27 -------- d-----w- C:\FRST2014-01-02 00:35 . 2014-01-02 00:35 -------- d-----w- c:\program files (x86)\Common Files\Skype2014-01-02 00:35 . 2014-01-02 00:35 -------- d-----r- c:\program files (x86)\Skype2014-01-01 01:40 . 2014-01-01 16:12 95232 ----a-w- c:\windows\system32\drivers\bridge.sys.bak2014-01-01 01:15 . 2014-01-01 01:15 -------- d-----w- c:\windows\ERUNT2014-01-01 01:09 . 2014-01-01 18:03 -------- d-----w- C:\AdwCleaner2013-12-31 21:20 . 2013-12-31 21:20 -------- d-----w- c:\users\Qwazi\AppData\Roaming\LavasoftStatistics2013-12-31 21:12 . 2013-12-31 21:12 -------- d-----w- c:\programdata\Lavasoft2013-12-31 16:25 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2AB1E5C-8282-474B-88DD-276D522A77D7}\mpengine.dll2013-12-31 02:01 . 2013-05-22 23:49 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe2013-12-31 01:47 . 2013-05-22 23:49 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys2013-12-31 01:46 . 2013-06-27 23:05 27456 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe2013-12-31 01:40 . 2013-12-31 16:22 -------- d-----w- c:\programdata\ProductData2013-12-31 01:40 . 2013-12-31 16:22 -------- d-----w- c:\program files (x86)\IObit2013-12-31 01:40 . 2013-12-31 01:47 -------- d-----w- c:\programdata\IObit2013-12-31 01:40 . 2013-12-31 01:40 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}2013-12-31 01:39 . 2013-12-31 01:47 -------- d-----w- c:\users\Qwazi\AppData\Roaming\IObit2013-12-31 00:41 . 2013-12-31 00:42 -------- d-----w- c:\users\Qwazi\Doctor Web2013-12-31 00:41 . 2013-12-31 00:41 -------- d-----w- c:\programdata\Doctor Web2013-12-30 23:58 . 2013-12-31 00:02 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-12-30 23:48 . 2013-12-30 23:48 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-12-30 23:33 . 2013-12-31 00:30 -------- d-----w- C:\TDSSKiller_Quarantine2013-12-26 21:21 . 2013-12-26 21:21 -------- d-----w- c:\users\Qwazi\.SquashOccurrences2013-12-23 16:29 . 2013-04-28 19:56 396800 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\DAO\w\a\l\m\a\r\t\dll\ISSkinExW.dll2013-12-18 23:43 . 2013-12-18 23:43 -------- d-----w- c:\program files (x86)\AMD AVT2013-12-18 23:43 . 2013-12-18 23:43 -------- d-----w- c:\programdata\ATI2013-12-18 23:43 . 2013-12-18 23:43 -------- d-----w- c:\program files\AMD2013-12-16 22:50 . 2013-12-30 04:07 -------- d-----w- c:\users\Qwazi\AppData\Roaming\DogeCoin2013-12-06 22:08 . 2013-12-06 22:08 157736 ----a-w- c:\windows\system32\amdhcp64.dll2013-12-06 22:08 . 2013-12-06 22:08 142304 ----a-w- c:\windows\SysWow64\amdhcp32.dll2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\atimpc64.dll2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\amdpcom64.dll2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll2013-12-06 22:03 . 2013-12-06 22:03 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll2013-12-06 21:59 . 2013-12-06 21:59 8406024 ----a-w- c:\windows\SysWow64\atidxx32.dll2013-12-06 21:52 . 2013-12-06 21:52 13207552 ----a-w- c:\windows\system32\drivers\atikmdag.sys2013-12-06 21:49 . 2013-12-06 21:49 51200 ----a-w- c:\windows\system32\kdbsdk64.dll2013-12-06 21:44 . 2013-12-06 21:44 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll2013-12-06 21:38 . 2013-12-06 21:38 230912 ----a-w- c:\windows\system32\clinfo.exe2013-12-06 21:38 . 2013-12-06 21:38 99840 ----a-w- c:\windows\system32\OpenVideo64.dll2013-12-06 21:38 . 2013-12-06 21:38 83968 ----a-w- c:\windows\SysWow64\OpenVideo.dll2013-12-06 21:38 . 2013-12-06 21:38 86528 ----a-w- c:\windows\system32\OVDecode64.dll2013-12-06 21:38 . 2013-12-06 21:38 73728 ----a-w- c:\windows\SysWow64\OVDecode.dll2013-12-06 21:37 . 2013-12-06 21:37 29382144 ----a-w- c:\windows\system32\amdocl64.dll2013-12-06 21:33 . 2013-12-06 21:33 63488 ----a-w- c:\windows\system32\OpenCL.dll2013-12-06 21:26 . 2013-12-06 21:26 129536 ----a-w- c:\windows\system32\coinst_13.251.dll2013-12-06 21:16 . 2013-12-06 21:16 26352128 ----a-w- c:\windows\system32\atio6axx.dll2013-12-06 21:13 . 2013-12-06 21:13 368640 ----a-w- c:\windows\system32\atiapfxx.exe2013-12-06 21:12 . 2013-12-06 21:12 62464 ----a-w- c:\windows\system32\aticalrt64.dll2013-12-06 21:12 . 2013-12-06 21:12 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll2013-12-06 21:12 . 2013-12-06 21:12 55808 ----a-w- c:\windows\system32\aticalcl64.dll2013-12-06 21:12 . 2013-12-06 21:12 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll2013-12-06 21:12 . 2013-12-06 21:12 15716352 ----a-w- c:\windows\system32\aticaldd64.dll2013-12-06 21:09 . 2013-12-06 21:09 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll2013-12-06 20:58 . 2013-12-06 20:58 22157824 ----a-w- c:\windows\SysWow64\atioglxx.dll2013-12-06 20:53 . 2013-12-06 20:53 31232 ----a-w- c:\windows\system32\atimuixx.dll2013-12-06 20:53 . 2013-12-06 20:53 588288 ----a-w- c:\windows\system32\atieclxx.exe2013-12-06 20:52 . 2013-12-06 20:52 239616 ----a-w- c:\windows\system32\atiesrxx.exe2013-12-06 20:50 . 2013-12-06 20:50 190976 ----a-w- c:\windows\system32\atitmm64.dll2013-12-06 20:22 . 2013-12-06 20:22 96256 ----a-w- c:\windows\system32\amdave64.dll2013-12-06 20:22 . 2013-12-06 20:22 90112 ----a-w- c:\windows\SysWow64\amdave32.dll2013-12-06 20:22 . 2013-12-06 20:22 89088 ----a-w- c:\windows\system32\atisamu64.dll2013-12-06 20:22 . 2013-12-06 20:22 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll2013-12-06 20:22 . 2013-12-06 20:22 74752 ----a-w- c:\windows\system32\atig6pxx.dll2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\system32\atiglpxx.dll2013-12-06 20:22 . 2013-12-06 20:22 100352 ----a-w- c:\windows\system32\atig6txx.dll2013-12-06 20:21 . 2013-12-06 20:21 626176 ----a-w- c:\windows\system32\drivers\atikmpag.sys2013-12-06 20:18 . 2013-12-06 20:18 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-12-30 19:35 . 2012-12-15 21:58 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2013-12-30 19:35 . 2012-12-07 20:39 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2013-12-18 22:55 . 2012-12-05 01:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-18 22:55 . 2012-12-05 01:46 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-12-14 04:35 . 2012-12-05 01:36 90708896 ----a-w- c:\windows\system32\MRT.exe2013-12-06 22:04 . 2012-12-02 07:11 143304 ----a-w- c:\windows\system32\atiuxp64.dll2013-12-06 22:03 . 2013-07-24 00:39 115512 ----a-w- c:\windows\system32\atiu9p64.dll2013-12-06 22:02 . 2012-12-02 07:11 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll2013-12-06 22:01 . 2012-12-02 07:48 1318552 ----a-w- c:\windows\system32\aticfx64.dll2013-12-06 22:01 . 2012-12-02 07:50 1100216 ----a-w- c:\windows\SysWow64\aticfx32.dll2013-12-06 22:00 . 2012-12-02 07:29 9753752 ----a-w- c:\windows\system32\atidxx64.dll2013-12-06 21:59 . 2012-12-02 07:29 8287008 ----a-w- c:\windows\SysWow64\atiumdva.dll2013-12-06 21:58 . 2012-12-02 08:31 6630232 ----a-w- c:\windows\SysWow64\atiumdag.dll2013-12-06 21:57 . 2013-07-24 00:38 8927704 ----a-w- c:\windows\system32\atiumd6a.dll2013-12-06 21:56 . 2013-07-24 00:38 7751920 ----a-w- c:\windows\system32\atiumd64.dll2013-12-06 21:35 . 2013-07-24 00:16 24860160 ----a-w- c:\windows\SysWow64\amdocl.dll2013-12-06 21:33 . 2013-07-24 00:14 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll2013-12-06 20:53 . 2013-07-23 23:42 442368 ----a-w- c:\windows\system32\atidemgy.dll2013-12-06 20:22 . 2013-07-23 23:11 1144320 ----a-w- c:\windows\system32\atiadlxx.dll2013-12-06 20:22 . 2013-07-23 23:11 825344 ----a-w- c:\windows\SysWow64\atiadlxy.dll2013-12-06 20:21 . 2013-07-23 23:10 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll2013-11-21 04:37 . 2013-11-28 18:11 74432 ----a-w- c:\windows\system32\drivers\RzFilter.sys2013-11-21 04:37 . 2013-11-28 18:11 129472 ----a-w- c:\windows\system32\drivers\RzDxgk.sys2013-11-19 08:33 . 2012-12-05 00:55 267936 ------w- c:\windows\system32\MpSigStub.exe2013-10-08 11:50 . 2013-06-24 17:08 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F72C8153-7140-4FEE-8F69-CA4579D71195}]2013-04-01 02:22 73728 ----a-w- e:\programs\Tongbu\Addin\tbIEAddin.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]2012-04-09 21:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Facebook Update"="c:\users\Qwazi\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-13 138096]"OfficeSyncProcess"="e:\programs\Office\Office14\MSOSYNC.EXE" [2013-04-22 911040]"KiesHelper"="e:\programs\Kies\KiesHelper.exe" [2012-06-08 958392]"Spotify Web Helper"="c:\users\Qwazi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-12-04 1168896]"F.lux"="c:\users\Qwazi\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2013-12-18 36125760]"Razer Comms"="c:\program files (x86)\Razer\Core\RazerCore.exe" [2013-12-11 1094848]"Spotify"="c:\users\Qwazi\AppData\Roaming\Spotify\spotify.exe" [2013-12-04 5951488]"Advanced SystemCare 7"="e:\programs\Advanced SystemCare 7\ASCTray.exe" [2013-12-09 2285344]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]"PWRISOVM.EXE"="e:\programs\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]"KiesTrayAgent"="e:\programs\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"iTunesHelper"="e:\programs\iTunes\iTunesHelper.exe" [2013-11-02 152392]"LogMeIn Hamachi Ui"="e:\programs\Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2013-12-13 1573184]"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-12-19 2239376].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608].c:\users\Qwazi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\League of Legends.lnk - e:\programs\LoL\lol.launcher.exe [2013-5-7 97856]Rainmeter.lnk - e:\programs\Rainmeter\Rainmeter.exe [2012-11-4 41160].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk - e:\programs\LOLReplay\LOLRecorder.exe -minimize [2013-12-10 526848].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]@="Service".R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 cpuz135;cpuz135;c:\users\Qwazi\AppData\Local\Temp\cpuz135\cpuz135_x64.sys;c:\users\Qwazi\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]S0 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys;c:\windows\SYSNATIVE\drivers\BIOS64.sys [x]S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;e:\programs\Advanced SystemCare 7\ASCService.exe;e:\programs\Advanced SystemCare 7\ASCService.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\programs\Hamachi\hamachi-2.exe;e:\programs\Hamachi\hamachi-2.exe [x]S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;e:\programs\Tribes Ascend\HiPatchService.exe;e:\programs\Tribes Ascend\HiPatchService.exe [x]S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 RadeonPro Support Service;RadeonPro Support Service;e:\programs\RadeonPro\RadeonProSupport.exe;e:\programs\RadeonPro\RadeonProSupport.exe [x]S2 RzOvlMon;Razer Overlay Subsystem Emergency Service;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe [x]S2 TeamViewer8;TeamViewer 8;e:\programs\TeamViewer\TeamViewer_Service.exe;e:\programs\TeamViewer\TeamViewer_Service.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\cbfs3.sys [x]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 RTCore64;RTCore64;e:\programs\MSI\Afterburner\RTCore64.sys;e:\programs\MSI\Afterburner\RTCore64.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 RzDxgk;RzDxgk;c:\windows\system32\drivers\RzDxgk.sys;c:\windows\SYSNATIVE\drivers\RzDxgk.sys [x]S3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-12-05 02:15 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-05 22:55].2014-01-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2423923305-1205973390-3724056878-1000Core.job- c:\users\Qwazi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-13 21:50].2014-01-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2423923305-1205973390-3724056878-1000UA.job- c:\users\Qwazi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-13 21:50].2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-05 00:39].2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-05 00:39].2014-01-02 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 18:41].2013-12-31 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 18:41]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]2013-12-13 17:20 3359600 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]2013-12-13 17:20 3359600 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]2013-12-13 17:20 3359600 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]2012-04-09 21:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-12-10 472984]"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]"BCSSync"="e:\programs\Office\Office14\BCSSync.exe" [2012-11-05 108144]"MouseDriver"="TiltWheelMouse.exe" [2012-12-19 241152].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - e:\programs\Office\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - e:\programs\Office\Office14\ONBttnIE.dll/105Trusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: Interfaces\{FC3C04DD-9BA5-460E-80FD-91A36D0214ED}: NameServer = 64.105.199.76..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2423923305-1205973390-3724056878-1000\Software\SecuROM\License information*]"datasecu"=hex:cc,34,fc,7f,6b,77,e4,2c,f1,1c,da,2a,52,9a,16,28,97,a2,d7,90,60, 04,8a,f0,8a,ee,36,37,29,f4,70,8c,21,2f,b4,f3,f3,81,48,a8,47,00,75,8d,6b,6a,\"rkeysecu"=hex:87,f2,cb,60,f1,41,7d,b6,f0,80,49,f3,8e,e2,a8,85.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_39_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_39_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_75_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_75_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_39_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_39_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_75_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_75_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_39.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_39.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_39.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_39.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-01-02 18:32:00ComboFix-quarantined-files.txt 2014-01-02 23:31ComboFix2.txt 2014-01-01 22:59ComboFix3.txt 2013-12-31 17:51.Pre-Run: 18,211,188,736 bytes freePost-Run: 18,499,309,568 bytes free.- - End Of File - - F019B42060BA217C8EBB7780BC70607BA36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
MrCharlie Posted January 3, 2014 ID:772464 Share Posted January 3, 2014 Any difference??? MrC Link to post Share on other sites More sharing options...
Qwazii Posted January 3, 2014 Author ID:772466 Share Posted January 3, 2014 I'm gonna reboot and get back to you. thanks Link to post Share on other sites More sharing options...
MrCharlie Posted January 3, 2014 ID:772467 Share Posted January 3, 2014 OK......MrC Link to post Share on other sites More sharing options...
Qwazii Posted January 3, 2014 Author ID:772471 Share Posted January 3, 2014 Holy MrCharlie, that did the trick!!Thank you so much! Link to post Share on other sites More sharing options...
MrCharlie Posted January 3, 2014 ID:772482 Share Posted January 3, 2014 Good....... Lets check your computers security before you go and we have a little cleanup to do also: Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.If you get Unsupported operating system. Aborting now, just reboot and try again.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
Qwazii Posted January 3, 2014 Author ID:772490 Share Posted January 3, 2014 Alrighty, here's the log checkup.txt Results of screen317's Security Check version 0.99.78 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 45 Visual Studio Extensions for Windows Library for JavaScript Adobe Flash Player 12.0.0.39 Flash Player out of Date! Adobe Reader XI Google Chrome 31.0.1650.57 Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
MrCharlie Posted January 3, 2014 ID:772498 Share Posted January 3, 2014 Out dated programs on the system are vulnerable to malware.Please update or uninstall them:-----------------------------------------Windows 7 x64 (UAC is enabled)Out of date service pack!! <----please visit Windows Update for this---------------------------------------Adobe Flash Player 12.0.0.39 Flash Player out of Date! <---please check for an update if availablehttp://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html <---flash player infoCheck for an update if available~~~~~~~~~~~~~~~~~~~~~A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)---------------------------------Please download OTC to your desktop. (This will clean up most of the tools and logs)http://oldtimer.geekstogo.com/OTC.exeDouble-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")Click on the CleanUp! button and follow the prompts.(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)You will be asked to reboot the machine to finish the Cleanup process, choose Yes.After the reboot all the tools we used should be gone.Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.Any other programs or logs you can manually delete. (right click.....Delete)IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.Note:If you used FRST and can't delete the quarantine folder:Download the fixlist.txt to the same folder as FRST.exe.Run FRST.exe and click Fix only once and waitThat will delete the quarantine folder created by FRST.The rest you can manually delete.-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
Qwazii Posted January 3, 2014 Author ID:772829 Share Posted January 3, 2014 Alright, I've done all of those things and was able to delete FRST, thanks. And I'll be sure to read your post, thanks again. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 3, 2014 Root Admin ID:772845 Share Posted January 3, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts