Jump to content

Host Process for Windows Services playing music.

russianspd
 Share

Recommended Posts

russianspd

russianspd

Posted
Posted

I have had this issue where my laptop is playing random music and audio ads. I have silenced the sound by muting the Host Process for Windows Services slider in the volume mixer. I have tried other removal guides and have been unsuccessful. I have also been getting a DcomLauncher and Plug and Play crashes.

 

Thanks!! Looking forward to fixing this issue.

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites
russianspd

russianspd

Posted
  • Author
Posted

Here are the results of my DDS and Attach texts:

 

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 10.45.2
Run by David at 14:37:54 on 2014-01-02
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.7934.4867 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mStart Page = about:blank
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: FLVBlaster.FLVBlasterIEAddon: {807ca0aa-7cb3-4f03-bd61-076f618cc82d} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [F.lux] "C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
dRunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download with FLV Blaster - C:\Users\David\AppData\Roaming\FLV2PC\Internet Explorer\script.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{B8686BC9-9341-409F-8A4F-B1B3F95A003E} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{BB49B9A6-E013-4CA4-BCCF-6D2196993197} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{BB49B9A6-E013-4CA4-BCCF-6D2196993197}\2375942554731373 : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [OODefragTray] C:\Program Files (x86)\OO Software\Defrag\oodtray.exe
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fbt0rhae.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2014-01-01 12:34; PrivDog@AdTrustMedia.com; C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fbt0rhae.default\extensions\PrivDog@AdTrustMedia.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2013-7-17 770432]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-7 378472]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-16 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-16 701512]
S3 esgiguard;esgiguard;C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-10-10 44928]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-16 25928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-10-10 29696]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 OODefragAgent;O&O Defrag;C:\Program Files (x86)\OO Software\Defrag\oodag.exe [2012-11-1 2555760]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-7-13 31800]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
S3 Ser2rs;Radioshack USB to Serial Driver;C:\Windows\System32\drivers\ser2rs64.sys [2013-2-2 90112]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2010-8-3 30720]
S3 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-8 5341536]
S3 tenCapture;tenCapture;C:\Windows\System32\drivers\tenCapture.sys [2013-2-6 23736]
S3 Tileproxy;Tileproxy;C:\Windows\System32\drivers\tileproxy.sys [2008-2-18 34816]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== File Associations ===============
.
FileExt: .reg: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2014-01-02 07:18:56    117464    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-01-02 07:01:14    --------    d-----w-    C:\ProgramData\NVIDIA Corporation
2014-01-02 06:08:05    --------    d-----w-    C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
2014-01-02 03:30:14    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CF91B7B8-9095-4ACB-9BC5-5DF6E24135B3}\mpengine.dll
2014-01-02 01:46:30    12872    ----a-w-    C:\Windows\System32\bootdelete.exe
2014-01-02 01:40:06    --------    d-----w-    C:\Program Files\HitmanPro
2014-01-02 01:39:35    --------    d-----w-    C:\ProgramData\HitmanPro
2014-01-02 01:31:42    134944    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys.bak
2014-01-02 01:31:28    248240    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys.bak
2014-01-01 19:20:41    --------    d-----w-    C:\Users\David\AppData\Roaming\LavasoftStatistics
2014-01-01 18:42:01    --------    d-----w-    C:\Program Files\COMODO
2014-01-01 18:42:01    --------    d-----w-    C:\Program Files (x86)\Common Files\COMODO
2014-01-01 18:39:10    348160    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2014-01-01 18:39:10    1700352    ----a-w-    C:\Windows\SysWow64\gdiplus.dll
2014-01-01 18:39:10    1060864    ----a-w-    C:\Windows\SysWow64\mfc71.dll
2014-01-01 18:34:57    --------    d-----w-    C:\ProgramData\Comodo
2014-01-01 18:34:54    --------    d-----w-    C:\Program Files\AdTrustMedia
2014-01-01 18:33:59    --------    d-----w-    C:\Program Files (x86)\Comodo
2014-01-01 17:57:44    --------    d-----w-    C:\Users\David\AppData\Local\Avg2013
2014-01-01 17:32:10    --------    d-----w-    C:\Users\David\AppData\Roaming\AVG
2014-01-01 17:28:40    --------    d-----w-    C:\ProgramData\AVG
2014-01-01 17:28:30    --------    d-sh--w-    C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-01-01 17:08:54    --------    d-----w-    C:\Users\David\AppData\Roaming\TuneUp Software
2014-01-01 07:24:58    --------    d--h--w-    C:\ProgramData\Common Files
2014-01-01 07:24:58    --------    d-----w-    C:\Users\David\AppData\Local\MFAData
2014-01-01 07:24:58    --------    d-----w-    C:\ProgramData\MFAData
2014-01-01 06:39:09    --------    d-----w-    C:\sh4ldr
2014-01-01 06:39:09    --------    d-----w-    C:\Program Files (x86)\Enigma Software Group
2014-01-01 06:38:07    --------    d-----w-    C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2014-01-01 06:06:47    --------    d-----w-    C:\Windows\ERUNT
2014-01-01 05:57:46    --------    d-----w-    C:\Program Files\Enigma Software Group
2014-01-01 05:57:01    --------    d-----w-    C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-01 05:56:59    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-01-01 01:58:32    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-01 01:50:00    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-01-01 01:39:59    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2014-01-01 01:39:42    --------    d-----w-    C:\Program Files\Microsoft Security Client
2014-01-01 00:38:59    93184    ----a-w-    C:\Windows\System32\drivers\smb.sys.bak
2014-01-01 00:37:59    500224    ----a-w-    C:\Windows\System32\drivers\afd.sys.bak
2014-01-01 00:37:59    339536    ----a-w-    C:\Windows\System32\drivers\adpahci.sys.bak
2014-01-01 00:37:59    182864    ----a-w-    C:\Windows\System32\drivers\adpu320.sys.bak
2014-01-01 00:37:58    491088    ----a-w-    C:\Windows\System32\drivers\adp94xx.sys.bak
2014-01-01 00:37:58    334416    ----a-w-    C:\Windows\System32\drivers\acpi.sys.bak
2014-01-01 00:37:58    227840    ----a-w-    C:\Windows\System32\drivers\1394ohci.sys.bak
2014-01-01 00:37:58    12288    ----a-w-    C:\Windows\System32\drivers\acpipmi.sys.bak
2014-01-01 00:37:53    68096    ----a-w-    C:\Windows\System32\drivers\1394bus.sys.bak
2014-01-01 00:16:26    0    ----a-w-    C:\Windows\SysWow64\winlogon.exe
2014-01-01 00:16:07    0    ----a-w-    C:\Windows\SysWow64\smss.exe
2014-01-01 00:16:07    0    ----a-w-    C:\Windows\SysWow64\services.exe
2014-01-01 00:16:07    0    ----a-w-    C:\Windows\SysWow64\lsass.exe
2014-01-01 00:16:07    0    ----a-w-    C:\Windows\SysWow64\csrss.exe
2013-12-31 23:56:36    10315576    ------w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8F759746-0A88-4AB1-94C9-324CC9D14909}\mpengine.dll
2013-12-31 23:50:06    129872    ----a-w-    C:\Windows\SysWow64\MSSTDFMT.DLL
2013-12-31 22:20:46    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-31 22:17:44    89304    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-31 16:57:24    98816    ----a-w-    C:\Windows\sed.exe
2013-12-31 16:57:24    256000    ----a-w-    C:\Windows\PEV.exe
2013-12-31 16:57:24    208896    ----a-w-    C:\Windows\MBR.exe
2013-12-31 03:36:40    --------    d-----w-    C:\REX Essential Plus
2013-12-27 04:02:32    --------    d-----w-    C:\Users\David\AppData\Local\GMap.NET
2013-12-25 06:00:47    --------    d-----w-    C:\REX Texture Direct
2013-12-25 05:59:16    --------    d-----w-    C:\Program Files\Microsoft SQL Server
2013-12-25 05:59:16    --------    d-----w-    C:\Program Files (x86)\Microsoft SQL Server
2013-12-23 20:34:31    --------    d-----w-    C:\Windows\System32\MRT
2013-12-21 03:01:48    --------    d-----w-    C:\Users\David\AppData\Local\Downloaded Installations
2013-12-21 00:42:21    --------    d-----w-    C:\Users\David\AppData\Roaming\ICE AI Traffic Group
.
==================== Find3M  ====================
.
2013-12-31 15:55:48    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-31 15:55:48    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-19 10:32:04    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-10-19 16:47:41    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 14:40:09.04 ===============
 

 

Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/30/2012 6:38:11 PM
System Uptime: 1/2/2014 12:39:32 PM (2 hours ago)
.
Motherboard: Alienware |  |       
Processor: Intel® Core2 Duo CPU     T9800  @ 2.93GHz | Socket 479 | 2934/133mhz
.
==== Disk Partitions =========================
.
A: is FIXED (NTFS) - 100 GiB total, 93.297 GiB free.
C: is FIXED (NTFS) - 352 GiB total, 44.802 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Coprocessor
Device ID: PCI\VEN_10DE&DEV_0AA3&SUBSYS_CB7910DE&REV_B1\3&2411E6FE&1&1D
Manufacturer:
Name: Coprocessor
PNP Device ID: PCI\VEN_10DE&DEV_0AA3&SUBSYS_CB7910DE&REV_B1\3&2411E6FE&1&1D
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02A11028&REV_12\4&32BC2D1C&0&3B48
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02A11028&REV_12\4&32BC2D1C&0&3B48
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02A11028&REV_12\4&32BC2D1C&0&3A48
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02A11028&REV_12\4&32BC2D1C&0&3A48
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_02A11028&REV_12\4&32BC2D1C&0&3C48
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_02A11028&REV_12\4&32BC2D1C&0&3C48
Service:
.
Class GUID:
Description:
Device ID: ACPI\ITE8708\1
Manufacturer:
Name:
PNP Device ID: ACPI\ITE8708\1
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Active Sky Evolution
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Aerosoft's - Aerosoft Launcher
AivlaSoft EFB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BC_VUP3
Bonjour
CCleaner
Dropbox
EditVoicepack
EditVoicepack X
f.lux
FlightBeam Phoenix Sky Harbor FSX/P3D 1.1
FlightBeam San Francisco International FS9 2.0.1
FlightBeam San Francisco International FSX 2.0.1
FreeSCAN
FSDreamTeam GSX 1.7.9.8
FSDreamTeam Las Vegas McCarran FS9 1.1
FSDreamTeam Las Vegas McCarran FSX/P3D 1.2
FSDreamTeam Los Angeles International FS9 1.3
FSDreamTeam Los Angeles International FSX/P3D 1.4.3
Google Chrome
Google Earth
Google Update Helper
Grand Theft Auto IV
ICE AI Traffic Para FSX
inSSIDer 3
iTunes
Java 7 Update 45
Java Auto Updater
KATL Atlanta
LUVCARS 3
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5
Microsoft Excel 2010
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Flight Simulator 2004 Terrain SDK
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X Service Pack 2
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Excel 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2012 Express LocalDB
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Word 2010
Mozilla Firefox 26.0 (x86 en-US)
MSXML 4.0 SP2 Parser and SDK
NOOK Study
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 270.61
NVIDIA 3D Vision Driver 270.61
NVIDIA Control Panel 270.61
NVIDIA Drivers
NVIDIA Graphics Driver 270.61
NVIDIA Install Application
NVIDIA Performance
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.1.34
NVIDIA Update Components
O&O Defrag Professional
OpusFSX for FSX and Prepar3D Flight Simulators
PeerBlock 1.1 (r518)
PMDG 737 6700 NGX RTM
PMDG 737 8900 NGX
PowerISO
Professional Flight Planner X
RadioShack USB to Serial Driver
RAR File Open Knife - Free Opener
Real Environment Xtreme FS2004
Revo Uninstaller Pro 3.0.5
REX 4 - Texture Direct
REX Essential Plus
SkyTracker
SpeedFan (remove only)
Spybot - Search & Destroy
SpyHunter
SquawkBox
Synchro-Soft 737NG V2 Soundset (FS2004)
TeamSpeak 3 Client
TeamViewer 9
TOPCAT 2.73 - Take-Off and Landing Performance Calculation Tool
Unlocker 1.9.1
VAT-Spy
Vista Services Optimizer
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.4
VSO ConvertXToDVD
vUACARS 2.0
vZTL VRC
WinAVI All-in-One Converter
Windows Live ID Sign-in Assistant
.
==== Event Viewer Messages From Past Week ========
.
1/2/2014 12:40:35 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/2/2014 12:40:04 PM, Error: Service Control Manager [7023]  - The Power service terminated with the following error:  The WMI request could not be completed and should be retried.
1/2/2014 12:17:08 AM, Error: Service Control Manager [7001]  - The Media Center Extender Service service depends on the Remote Desktop Services service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/2/2014 1:38:05 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error:  A system shutdown has already been scheduled.
1/2/2014 1:38:05 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error:  A system shutdown has already been scheduled.
1/2/2014 1:38:05 AM, Error: Service Control Manager [7031]  - The Power service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/2/2014 1:38:05 AM, Error: Service Control Manager [7031]  - The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/2/2014 1:38:05 AM, Error: Service Control Manager [7031]  - The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/1/2014 9:40:08 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.      New Engine Version:       Previous Engine Version:       Engine Type: Network Inspection System      User: NT AUTHORITY\NETWORK SERVICE      Error Code: 0x8007042c      Error description: The dependency service or group failed to start.
1/1/2014 9:40:08 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 0.0.0.0      Update Source: Microsoft Malware Protection Center      Update Stage: Install      Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094      Signature Type: Network Inspection System      Update Type: Full      User: NT AUTHORITY\NETWORK SERVICE      Current Engine Version:       Previous Engine Version: 0.0.0.0      Error code: 0x8007042c      Error description: The dependency service or group failed to start.
1/1/2014 9:40:08 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version:       Update Source: User      Update Stage: Install      Source Path:       Signature Type: Network Inspection System      Update Type: Full      User: NT AUTHORITY\NETWORK SERVICE      Current Engine Version:       Previous Engine Version:       Error code: 0x8007042c      Error description: The dependency service or group failed to start.
1/1/2014 9:30:21 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.      New Engine Version:       Previous Engine Version:       Engine Type: Network Inspection System      User: NT AUTHORITY\SYSTEM      Error Code: 0x8007042c      Error description: The dependency service or group failed to start.
1/1/2014 9:30:21 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version:       Update Source: User      Update Stage: Install      Source Path:       Signature Type: Network Inspection System      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version:       Error code: 0x8007042c      Error description: The dependency service or group failed to start.
1/1/2014 9:30:21 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001]  - The ICS_IPV6 failed to configure IPv6 stack.
1/1/2014 9:30:18 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version:       Update Source: User      Update Stage: Install      Source Path:       Signature Type:       Update Type:       User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version:       Error code: 0x80070652      Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
1/1/2014 9:30:05 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.165.948.0      Update Source: Microsoft Update Server      Update Stage: Install      Source Path: http://www.microsoft.com      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.10201.0      Error code: 0x8024001e      Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/1/2014 11:57:50 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
1/1/2014 11:57:50 PM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
1/1/2014 11:33:18 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/1/2014 11:32:48 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
1/1/2014 11:32:12 PM, Error: Service Control Manager [7022]  - The Diagnostic Service Host service hung on starting.
1/1/2014 11:29:31 PM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  The data is invalid.
1/1/2014 11:29:31 PM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  A system shutdown is in progress.
1/1/2014 11:29:31 PM, Error: BROWSER [8017]  - The browser has failed to start because the dependent service LanmanWorkstation had invalid service status 4294967295. Status             Meaning   1              Service Stopped    2              Start Pending    3              Stop Pending    4              Running    5              Continue Pending    6              Pause Pending    7              Paused
1/1/2014 11:29:22 PM, Error: Service Control Manager [7022]  - The Diagnostic System Host service hung on starting.
1/1/2014 11:25:15 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error:  A system shutdown has already been scheduled.
1/1/2014 11:15:17 PM, Error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================
 

 

Link to post
Share on other sites
russianspd

russianspd

Posted
  • Author
Posted

Here are the results of my DDS and Attach texts:

 

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 10.45.2
Run by David at 14:37:54 on 2014-01-02
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.7934.4867 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mStart Page = about:blank
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: FLVBlaster.FLVBlasterIEAddon: {807ca0aa-7cb3-4f03-bd61-076f618cc82d} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [F.lux] "C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
dRunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download with FLV Blaster - C:\Users\David\AppData\Roaming\FLV2PC\Internet Explorer\script.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{B8686BC9-9341-409F-8A4F-B1B3F95A003E} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{BB49B9A6-E013-4CA4-BCCF-6D2196993197} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{BB49B9A6-E013-4CA4-BCCF-6D2196993197}\2375942554731373 : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [OODefragTray] C:\Program Files (x86)\OO Software\Defrag\oodtray.exe
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fbt0rhae.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2014-01-01 12:34; PrivDog@AdTrustMedia.com; C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fbt0rhae.default\extensions\PrivDog@AdTrustMedia.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2013-7-17 770432]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-7 378472]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-16 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-16 701512]
S3 esgiguard;esgiguard;C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-10-10 44928]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-16 25928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-10-10 29696]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 OODefragAgent;O&O Defrag;C:\Program Files (x86)\OO Software\Defrag\oodag.exe [2012-11-1 2555760]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-7-13 31800]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
S3 Ser2rs;Radioshack USB to Serial Driver;C:\Windows\System32\drivers\ser2rs64.sys [2013-2-2 90112]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2010-8-3 30720]
S3 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-8 5341536]
S3 tenCapture;tenCapture;C:\Windows\System32\drivers\tenCapture.sys [2013-2-6 23736]
S3 Tileproxy;Tileproxy;C:\Windows\System32\drivers\tileproxy.sys [2008-2-18 34816]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== File Associations ===============
.
FileExt: .reg: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2014-01-02 07:18:56    117464    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-01-02 07:01:14    --------    d-----w-    C:\ProgramData\NVIDIA Corporation
2014-01-02 06:08:05    --------    d-----w-    C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
2014-01-02 03:30:14    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CF91B7B8-9095-4ACB-9BC5-5DF6E24135B3}\mpengine.dll
2014-01-02 01:46:30    12872    ----a-w-    C:\Windows\System32\bootdelete.exe
2014-01-02 01:40:06    --------    d-----w-    C:\Program Files\HitmanPro
2014-01-02 01:39:35    --------    d-----w-    C:\ProgramData\HitmanPro
2014-01-02 01:31:42    134944    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys.bak
2014-01-02 01:31:28    248240    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys.bak
2014-01-01 19:20:41    --------    d-----w-    C:\Users\David\AppData\Roaming\LavasoftStatistics
2014-01-01 18:42:01    --------    d-----w-    C:\Program Files\COMODO
2014-01-01 18:42:01    --------    d-----w-    C:\Program Files (x86)\Common Files\COMODO
2014-01-01 18:39:10    348160    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2014-01-01 18:39:10    1700352    ----a-w-    C:\Windows\SysWow64\gdiplus.dll
2014-01-01 18:39:10    1060864    ----a-w-    C:\Windows\SysWow64\mfc71.dll
2014-01-01 18:34:57    --------    d-----w-    C:\ProgramData\Comodo
2014-01-01 18:34:54    --------    d-----w-    C:\Program Files\AdTrustMedia
2014-01-01 18:33:59    --------    d-----w-    C:\Program Files (x86)\Comodo
2014-01-01 17:57:44    --------    d-----w-    C:\Users\David\AppData\Local\Avg2013
2014-01-01 17:32:10    --------    d-----w-    C:\Users\David\AppData\Roaming\AVG
2014-01-01 17:28:40    --------    d-----w-    C:\ProgramData\AVG
2014-01-01 17:28:30    --------    d-sh--w-    C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-01-01 17:08:54    --------    d-----w-    C:\Users\David\AppData\Roaming\TuneUp Software
2014-01-01 07:24:58    --------    d--h--w-    C:\ProgramData\Common Files
2014-01-01 07:24:58    --------    d-----w-    C:\Users\David\AppData\Local\MFAData
2014-01-01 07:24:58    --------    d-----w-    C:\ProgramData\MFAData
2014-01-01 06:39:09    --------    d-----w-    C:\sh4ldr
2014-01-01 06:39:09    --------    d-----w-    C:\Program Files (x86)\Enigma Software Group
2014-01-01 06:38:07    --------    d-----w-    C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2014-01-01 06:06:47    --------    d-----w-    C:\Windows\ERUNT
2014-01-01 05:57:46    --------    d-----w-    C:\Program Files\Enigma Software Group
2014-01-01 05:57:01    --------    d-----w-    C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-01 05:56:59    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-01-01 01:58:32    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-01 01:50:00    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-01-01 01:39:59    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2014-01-01 01:39:42    --------    d-----w-    C:\Program Files\Microsoft Security Client
2014-01-01 00:38:59    93184    ----a-w-    C:\Windows\System32\drivers\smb.sys.bak
2014-01-01 00:37:59    500224    ----a-w-    C:\Windows\System32\drivers\afd.sys.bak
2014-01-01 00:37:59    339536    ----a-w-    C:\Windows\System32\drivers\adpahci.sys.bak
2014-01-01 00:37:59    182864    ----a-w-    C:\Windows\System32\drivers\adpu320.sys.bak
2014-01-01 00:37:58    491088    ----a-w-    C:\Windows\System32\drivers\adp94xx.sys.bak
2014-01-01 00:37:58    334416    ----a-w-    C:\Windows\System32\drivers\acpi.sys.bak
2014-01-01 00:37:58    227840    ----a-w-    C:\Windows\System32\drivers\1394ohci.sys.bak
2014-01-01 00:37:58    12288    ----a-w-    C:\Windows\System32\drivers\acpipmi.sys.bak
2014-01-01 00:37:53    68096    ----a-w-    C:\Windows\System32\drivers\1394bus.sys.bak
2014-01-01 00:16:26    0    ----a-w-    C:\Windows\SysWow64\winlogon.exe
2014-01-01 00:16:07    0    ----a-w-    C:\Windows\SysWow64\smss.exe
2014-01-01 00:16:07    0    ----a-w-    C:\Windows\SysWow64\services.exe
2014-01-01 00:16:07    0    ----a-w-    C:\Windows\SysWow64\lsass.exe
2014-01-01 00:16:07    0    ----a-w-    C:\Windows\SysWow64\csrss.exe
2013-12-31 23:56:36    10315576    ------w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8F759746-0A88-4AB1-94C9-324CC9D14909}\mpengine.dll
2013-12-31 23:50:06    129872    ----a-w-    C:\Windows\SysWow64\MSSTDFMT.DLL
2013-12-31 22:20:46    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-31 22:17:44    89304    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-31 16:57:24    98816    ----a-w-    C:\Windows\sed.exe
2013-12-31 16:57:24    256000    ----a-w-    C:\Windows\PEV.exe
2013-12-31 16:57:24    208896    ----a-w-    C:\Windows\MBR.exe
2013-12-31 03:36:40    --------    d-----w-    C:\REX Essential Plus
2013-12-27 04:02:32    --------    d-----w-    C:\Users\David\AppData\Local\GMap.NET
2013-12-25 06:00:47    --------    d-----w-    C:\REX Texture Direct
2013-12-25 05:59:16    --------    d-----w-    C:\Program Files\Microsoft SQL Server
2013-12-25 05:59:16    --------    d-----w-    C:\Program Files (x86)\Microsoft SQL Server
2013-12-23 20:34:31    --------    d-----w-    C:\Windows\System32\MRT
2013-12-21 03:01:48    --------    d-----w-    C:\Users\David\AppData\Local\Downloaded Installations
2013-12-21 00:42:21    --------    d-----w-    C:\Users\David\AppData\Roaming\ICE AI Traffic Group
.
==================== Find3M  ====================
.
2013-12-31 15:55:48    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-31 15:55:48    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-19 10:32:04    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-10-19 16:47:41    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 14:40:09.04 ===============
 

 

Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/30/2012 6:38:11 PM
System Uptime: 1/2/2014 12:39:32 PM (2 hours ago)
.
Motherboard: Alienware |  |       
Processor: Intel® Core™2 Duo CPU     T9800  @ 2.93GHz | Socket 479 | 2934/133mhz
.
==== Disk Partitions =========================
.
A: is FIXED (NTFS) - 100 GiB total, 93.297 GiB free.
C: is FIXED (NTFS) - 352 GiB total, 44.802 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Coprocessor
Device ID: PCI\VEN_10DE&DEV_0AA3&SUBSYS_CB7910DE&REV_B1\3&2411E6FE&1&1D
Manufacturer:
Name: Coprocessor
PNP Device ID: PCI\VEN_10DE&DEV_0AA3&SUBSYS_CB7910DE&REV_B1\3&2411E6FE&1&1D
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02A11028&REV_12\4&32BC2D1C&0&3B48
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02A11028&REV_12\4&32BC2D1C&0&3B48
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02A11028&REV_12\4&32BC2D1C&0&3A48
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02A11028&REV_12\4&32BC2D1C&0&3A48
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_02A11028&REV_12\4&32BC2D1C&0&3C48
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_02A11028&REV_12\4&32BC2D1C&0&3C48
Service:
.
Class GUID:
Description:
Device ID: ACPI\ITE8708\1
Manufacturer:
Name:
PNP Device ID: ACPI\ITE8708\1
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Active Sky Evolution
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Aerosoft's - Aerosoft Launcher
AivlaSoft EFB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BC_VUP3
Bonjour
CCleaner
Dropbox
EditVoicepack
EditVoicepack X
f.lux
FlightBeam Phoenix Sky Harbor FSX/P3D 1.1
FlightBeam San Francisco International FS9 2.0.1
FlightBeam San Francisco International FSX 2.0.1
FreeSCAN
FSDreamTeam GSX 1.7.9.8
FSDreamTeam Las Vegas McCarran FS9 1.1
FSDreamTeam Las Vegas McCarran FSX/P3D 1.2
FSDreamTeam Los Angeles International FS9 1.3
FSDreamTeam Los Angeles International FSX/P3D 1.4.3
Google Chrome
Google Earth
Google Update Helper
Grand Theft Auto IV
ICE AI Traffic Para FSX
inSSIDer 3
iTunes
Java 7 Update 45
Java Auto Updater
KATL Atlanta
LUVCARS 3
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5
Microsoft Excel 2010
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Flight Simulator 2004 Terrain SDK
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X Service Pack 2
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Excel 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2012 Express LocalDB
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Word 2010
Mozilla Firefox 26.0 (x86 en-US)
MSXML 4.0 SP2 Parser and SDK
NOOK Study
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 270.61
NVIDIA 3D Vision Driver 270.61
NVIDIA Control Panel 270.61
NVIDIA Drivers
NVIDIA Graphics Driver 270.61
NVIDIA Install Application
NVIDIA Performance
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.1.34
NVIDIA Update Components
O&O Defrag Professional
OpusFSX for FSX and Prepar3D Flight Simulators
PeerBlock 1.1 (r518)
PMDG 737 6700 NGX RTM
PMDG 737 8900 NGX
PowerISO
Professional Flight Planner X
RadioShack USB to Serial Driver
RAR File Open Knife - Free Opener
Real Environment Xtreme FS2004
Revo Uninstaller Pro 3.0.5
REX 4 - Texture Direct
REX Essential Plus
SkyTracker
SpeedFan (remove only)
Spybot - Search & Destroy
SpyHunter
SquawkBox
Synchro-Soft 737NG V2 Soundset (FS2004)
TeamSpeak 3 Client
TeamViewer 9
TOPCAT 2.73 - Take-Off and Landing Performance Calculation Tool
Unlocker 1.9.1
VAT-Spy
Vista Services Optimizer
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.4
VSO ConvertXToDVD
vUACARS 2.0
vZTL VRC
WinAVI All-in-One Converter
Windows Live ID Sign-in Assistant
.
==== Event Viewer Messages From Past Week ========
.
1/2/2014 12:40:35 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/2/2014 12:40:04 PM, Error: Service Control Manager [7023]  - The Power service terminated with the following error:  The WMI request could not be completed and should be retried.
1/2/2014 12:17:08 AM, Error: Service Control Manager [7001]  - The Media Center Extender Service service depends on the Remote Desktop Services service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/2/2014 1:38:05 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error:  A system shutdown has already been scheduled.
1/2/2014 1:38:05 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error:  A system shutdown has already been scheduled.
1/2/2014 1:38:05 AM, Error: Service Control Manager [7031]  - The Power service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/2/2014 1:38:05 AM, Error: Service Control Manager [7031]  - The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/2/2014 1:38:05 AM, Error: Service Control Manager [7031]  - The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/1/2014 9:40:08 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.      New Engine Version:       Previous Engine Version:       Engine Type: Network Inspection System      User: NT AUTHORITY\NETWORK SERVICE      Error Code: 0x8007042c      Error description: The dependency service or group failed to start.
1/1/2014 9:40:08 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 0.0.0.0      Update Source: Microsoft Malware Protection Center      Update Stage: Install      Source Path: http://go.microsoft....5D-99752CCA7094      Signature Type: Network Inspection System      Update Type: Full      User: NT AUTHORITY\NETWORK SERVICE      Current Engine Version:       Previous Engine Version: 0.0.0.0      Error code: 0x8007042c      Error description: The dependency service or group failed to start.
1/1/2014 9:40:08 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version:       Update Source: User      Update Stage: Install      Source Path:       Signature Type: Network Inspection System      Update Type: Full      User: NT AUTHORITY\NETWORK SERVICE      Current Engine Version:       Previous Engine Version:       Error code: 0x8007042c      Error description: The dependency service or group failed to start.
1/1/2014 9:30:21 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.      New Engine Version:       Previous Engine Version:       Engine Type: Network Inspection System      User: NT AUTHORITY\SYSTEM      Error Code: 0x8007042c      Error description: The dependency service or group failed to start.
1/1/2014 9:30:21 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version:       Update Source: User      Update Stage: Install      Source Path:       Signature Type: Network Inspection System      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version:       Error code: 0x8007042c      Error description: The dependency service or group failed to start.
1/1/2014 9:30:21 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001]  - The ICS_IPV6 failed to configure IPv6 stack.
1/1/2014 9:30:18 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version:       Update Source: User      Update Stage: Install      Source Path:       Signature Type:       Update Type:       User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version:       Error code: 0x80070652      Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
1/1/2014 9:30:05 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.165.948.0      Update Source: Microsoft Update Server      Update Stage: Install      Source Path: http://www.microsoft.com      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.10201.0      Error code: 0x8024001e      Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/1/2014 11:57:50 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
1/1/2014 11:57:50 PM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
1/1/2014 11:33:18 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/1/2014 11:32:48 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
1/1/2014 11:32:12 PM, Error: Service Control Manager [7022]  - The Diagnostic Service Host service hung on starting.
1/1/2014 11:29:31 PM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  The data is invalid.
1/1/2014 11:29:31 PM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  A system shutdown is in progress.
1/1/2014 11:29:31 PM, Error: BROWSER [8017]  - The browser has failed to start because the dependent service LanmanWorkstation had invalid service status 4294967295. Status             Meaning   1              Service Stopped    2              Start Pending    3              Stop Pending    4              Running    5              Continue Pending    6              Pause Pending    7              Paused
1/1/2014 11:29:22 PM, Error: Service Control Manager [7022]  - The Diagnostic System Host service hung on starting.
1/1/2014 11:25:15 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error:  A system shutdown has already been scheduled.
1/1/2014 11:15:17 PM, Error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================

Link to post
Share on other sites
russianspd

russianspd

Posted
  • Author
Posted

RogueKiller report:

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : David [Admin rights]
Mode : Scan -- Date : 01/02/2014 15:09:47
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{B8686BC9-9341-409F-8A4F-B1B3F95A003E} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [uNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - PHILIPPINES (PH) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{B8686BC9-9341-409F-8A4F-B1B3F95A003E} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [uNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - PHILIPPINES (PH) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{B8686BC9-9341-409F-8A4F-B1B3F95A003E} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [uNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - PHILIPPINES (PH) - UNITED STATES (US)]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500420ASG ATA Device +++++
--- User ---
[MBR] 95d83e0fa6f8d7c566b2570d9ab175b6
[bSP] f6446e245f14268ff4feed79bcab79b0 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 360610 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 738736128 | Size: 102401 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 948453376 | Size: 13825 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01022014_150947.txt >>



 

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites
russianspd

russianspd

Posted
  • Author
Posted

ComboFix report:

 

ComboFix 14-01-01.01 - David 01/02/2014  15:33:42.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.7934.5765 [GMT -6:00]
Running from: c:\users\David\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-02 to 2014-01-02  )))))))))))))))))))))))))))))))
.
.
2014-01-02 21:42 . 2014-01-02 21:42    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-02 21:42 . 2014-01-02 21:42    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2014-01-02 07:18 . 2014-01-02 07:18    117464    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-02 07:02 . 2014-01-02 21:06    --------    d-----w-    c:\users\UpdatusUser
2014-01-02 07:01 . 2014-01-02 07:01    --------    d-----w-    c:\programdata\NVIDIA Corporation
2014-01-02 06:17 . 2014-01-02 06:17    8646    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2014-01-02 06:08 . 2014-01-02 06:08    --------    d-----w-    c:\users\David\AppData\Roaming\SUPERAntiSpyware.com
2014-01-02 03:30 . 2013-12-04 01:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF91B7B8-9095-4ACB-9BC5-5DF6E24135B3}\mpengine.dll
2014-01-02 01:46 . 2014-01-02 01:46    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2014-01-02 01:40 . 2014-01-02 03:30    --------    d-----w-    c:\program files\HitmanPro
2014-01-02 01:39 . 2014-01-02 01:46    --------    d-----w-    c:\programdata\HitmanPro
2014-01-02 01:31 . 2014-01-02 21:09    134944    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys.bak
2014-01-02 01:31 . 2014-01-02 21:09    248240    ----a-w-    c:\windows\system32\drivers\MpFilter.sys.bak
2014-01-01 19:20 . 2014-01-01 19:20    --------    d-----w-    c:\users\David\AppData\Roaming\LavasoftStatistics
2014-01-01 18:59 . 2014-01-01 18:59    --------    d-----w-    c:\programdata\Lavasoft
2014-01-01 18:42 . 2014-01-01 23:28    --------    d-----w-    c:\program files\COMODO
2014-01-01 18:42 . 2014-01-01 18:42    --------    d-----w-    c:\program files (x86)\Common Files\COMODO
2014-01-01 18:39 . 2014-01-01 18:39    348160    ----a-w-    c:\windows\SysWow64\msvcr71.dll
2014-01-01 18:39 . 2014-01-01 18:39    1700352    ----a-w-    c:\windows\SysWow64\gdiplus.dll
2014-01-01 18:39 . 2014-01-01 18:39    1060864    ----a-w-    c:\windows\SysWow64\mfc71.dll
2014-01-01 18:34 . 2014-01-01 23:28    --------    d-----w-    c:\programdata\Comodo
2014-01-01 18:34 . 2014-01-01 18:34    --------    d-----w-    c:\program files\AdTrustMedia
2014-01-01 18:33 . 2014-01-01 18:33    --------    d-----w-    c:\program files (x86)\Comodo
2014-01-01 17:57 . 2014-01-01 18:00    --------    d-----w-    c:\users\David\AppData\Local\Avg2013
2014-01-01 17:32 . 2014-01-01 17:32    --------    d-----w-    c:\users\David\AppData\Roaming\AVG
2014-01-01 17:28 . 2014-01-01 17:34    --------    d-----w-    c:\programdata\AVG
2014-01-01 17:28 . 2014-01-01 17:47    --------    d-sh--w-    c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-01-01 17:08 . 2014-01-01 17:08    --------    d-----w-    c:\users\David\AppData\Roaming\TuneUp Software
2014-01-01 07:24 . 2014-01-01 18:00    --------    d-----w-    c:\programdata\MFAData
2014-01-01 07:24 . 2014-01-01 07:24    --------    d--h--w-    c:\programdata\Common Files
2014-01-01 07:24 . 2014-01-01 07:24    --------    d-----w-    c:\users\David\AppData\Local\MFAData
2014-01-01 06:39 . 2014-01-01 06:39    110080    ----a-r-    c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{DB847E94-446B-49E0-AC5D-C5627EC8B0C0}\IconF7A21AF7.exe
2014-01-01 06:39 . 2014-01-01 06:39    110080    ----a-r-    c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{DB847E94-446B-49E0-AC5D-C5627EC8B0C0}\IconD7F16134.exe
2014-01-01 06:39 . 2014-01-01 06:39    110080    ----a-r-    c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{DB847E94-446B-49E0-AC5D-C5627EC8B0C0}\IconCF33A0CE.exe
2014-01-01 06:39 . 2014-01-01 06:39    --------    d-----w-    C:\sh4ldr
2014-01-01 06:39 . 2014-01-01 06:39    --------    d-----w-    c:\program files (x86)\Enigma Software Group
2014-01-01 06:38 . 2014-01-01 06:39    --------    d-----w-    c:\windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2014-01-01 06:34 . 2014-01-01 06:37    --------    d-----w-    c:\users\Administrator\AppData\Roaming\uTorrent
2014-01-01 06:16 . 2014-01-01 06:16    --------    d-----w-    c:\users\Administrator\AppData\Roaming\Malwarebytes
2014-01-01 06:06 . 2014-01-01 06:06    --------    d-----w-    c:\windows\ERUNT
2014-01-01 05:57 . 2014-01-01 05:57    --------    d-----w-    c:\program files\Enigma Software Group
2014-01-01 05:57 . 2014-01-02 01:46    --------    d-----w-    c:\windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-01 05:56 . 2014-01-01 06:38    --------    d-----w-    c:\program files (x86)\Common Files\Wise Installation Wizard
2014-01-01 01:58 . 2013-12-04 01:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-01 01:39 . 2014-01-01 01:40    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2014-01-01 01:39 . 2014-01-01 01:40    --------    d-----w-    c:\program files\Microsoft Security Client
2014-01-01 00:38 . 2014-01-02 21:09    93184    ----a-w-    c:\windows\system32\drivers\smb.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    500224    ----a-w-    c:\windows\system32\drivers\afd.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    339536    ----a-w-    c:\windows\system32\drivers\adpahci.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    182864    ----a-w-    c:\windows\system32\drivers\adpu320.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    491088    ----a-w-    c:\windows\system32\drivers\adp94xx.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    334416    ----a-w-    c:\windows\system32\drivers\acpi.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    227840    ----a-w-    c:\windows\system32\drivers\1394ohci.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    12288    ----a-w-    c:\windows\system32\drivers\acpipmi.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    68096    ----a-w-    c:\windows\system32\drivers\1394bus.sys.bak
2014-01-01 00:16 . 2014-01-01 00:16    0    ----a-w-    c:\windows\SysWow64\winlogon.exe
2014-01-01 00:16 . 2014-01-01 00:16    0    ----a-w-    c:\windows\SysWow64\smss.exe
2014-01-01 00:16 . 2014-01-01 00:16    0    ----a-w-    c:\windows\SysWow64\services.exe
2014-01-01 00:16 . 2014-01-01 00:16    0    ----a-w-    c:\windows\SysWow64\lsass.exe
2013-12-31 23:56 . 2013-12-16 07:54    10315576    ------w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F759746-0A88-4AB1-94C9-324CC9D14909}\mpengine.dll
2013-12-31 23:50 . 2009-03-24 18:52    129872    ----a-w-    c:\windows\SysWow64\MSSTDFMT.DLL
2013-12-31 22:20 . 2014-01-02 07:30    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-31 22:17 . 2014-01-02 07:18    89304    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-31 17:33 . 2013-12-31 17:33    --------    d-----w-    c:\users\Administrator\AppData\Local\VS Revo Group
2013-12-31 03:36 . 2014-01-02 19:08    --------    d-----w-    C:\REX Essential Plus
2013-12-27 04:02 . 2013-12-27 04:03    --------    d-----w-    c:\users\David\AppData\Local\GMap.NET
2013-12-25 06:00 . 2013-12-25 06:34    --------    d-----w-    C:\REX Texture Direct
2013-12-25 05:59 . 2013-12-25 05:59    --------    d-----w-    c:\program files\Microsoft SQL Server
2013-12-25 05:59 . 2013-12-25 05:59    --------    d-----w-    c:\program files (x86)\Microsoft SQL Server
2013-12-23 20:34 . 2013-12-23 20:35    --------    d-----w-    c:\windows\system32\MRT
2013-12-23 19:17 . 2013-12-23 19:17    --------    d-----w-    c:\users\Administrator\AppData\Local\Smart_PC_Utilities,_Ltd
2013-12-23 06:54 . 2013-12-23 06:54    --------    d-----w-    c:\users\Administrator\AppData\Local\O&O
2013-12-23 06:47 . 2013-12-23 06:47    --------    d-----w-    c:\users\Administrator\AppData\Local\Google
2013-12-23 02:47 . 2013-12-23 02:47    --------    d-----w-    c:\users\Public\Last.Man.Standing.US.S03E01.HDTV
2013-12-23 02:40 . 2013-12-23 02:40    --------    d-----w-    c:\users\Public\Frosty the Snowman
2013-12-23 02:25 . 2013-12-23 19:15    --------    d-----w-    c:\users\Administrator\AppData\Local\ElevatedDiagnostics
2013-12-21 03:01 . 2014-01-01 17:47    --------    d-----w-    c:\users\David\AppData\Local\Downloaded Installations
2013-12-21 00:42 . 2013-12-21 00:42    --------    d-----w-    c:\users\David\AppData\Roaming\ICE AI Traffic Group
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-31 15:55 . 2012-12-01 08:35    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-31 15:55 . 2012-12-01 08:35    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-19 10:32 . 2012-12-01 02:48    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-10-19 16:47 . 2013-10-19 16:47    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . EFEB9A87591249D8C2288266BEE3A275 . 510464 . . [6.1.7600.16385] .. c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{807ca0aa-7cb3-4f03-bd61-076f618cc82d}]
2009-11-25 19:47    297808    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\David\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 OODefragAgent;O&O Defrag;c:\program files (x86)\OO Software\Defrag\oodag.exe;c:\program files (x86)\OO Software\Defrag\oodag.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 Ser2rs;Radioshack USB to Serial Driver;c:\windows\system32\DRIVERS\ser2rs64.sys;c:\windows\SYSNATIVE\DRIVERS\ser2rs64.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
R3 tenCapture;tenCapture;c:\windows\system32\DRIVERS\tenCapture.sys;c:\windows\SYSNATIVE\DRIVERS\tenCapture.sys [x]
R3 Tileproxy;Tileproxy;c:\windows\system32\DRIVERS\tileproxy.sys;c:\windows\SYSNATIVE\DRIVERS\tileproxy.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys;c:\windows\SYSNATIVE\DRIVERS\nvoclk64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 07:44    1210320    ----a-w-    c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-29 19:36]
.
2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-29 19:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\program files (x86)\OO Software\Defrag\oodtray.exe" [2012-11-01 7061360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with FLV Blaster - c:\users\David\AppData\Roaming\FLV2PC\Internet Explorer\script.htm
IE: Download with FLV Blaster\Contexts - 1 (0x1)
IE: Download with FLV Blaster\Flags - 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B8686BC9-9341-409F-8A4F-B1B3F95A003E}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fbt0rhae.default\
FF - ExtSQL: 2014-01-01 12:34; PrivDog@AdTrustMedia.com; c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fbt0rhae.default\extensions\PrivDog@AdTrustMedia.com.xpi
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,60,91,b4,69,9b,08,4a,b7,bc,e9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,60,91,b4,69,9b,08,4a,b7,bc,e9,\
.
[HKEY_USERS\S-1-5-21-1858855655-1216912795-4258052306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*¾o]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1858855655-1216912795-4258052306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*¾o\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG16.00.00.01PROFESSIONAL"="00CD7F61C9C92524BF0CDC42DDF5425A28272FF6F00041C75677E2DC0814766034FCB5E92472D2C861A7F6F5F9D02E05B05B53C935981B7730DDB608456A4F28C6FDB660487C99E357971413F2BDE8AD076349461D50E16F7B1726A9CF540492BE59816B657AE3D623FCF4FEC0F46FFDC313B0AD8C26C3C988CDD07C103214C947B055E38F52A1F4E70C1CCEBFFE4198A3D4EC724867F0944EBF1D73D5B9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DC038D530D6EB3452C038D530D6EB3452ADB916CE8803D43C5EEDA795381832413877D4848E276A22BF03EB3CFED38DC77656B406D5D2C65AEE163973CD0F6B8BF34A9ED1C61EA42CC03E926800051A1544AE4488E74DBB60F941ECF078668FF3D0D5EFF9AA5F9357A021FD1CED65B55AAE1AD7B8BC9E519449331142B8C742A568ECECA7D8B00853E82B4E9628F7F97052E6A90C14268813A72A9534CD108E22D6D7621BB20BB328A9D0C52ED07263014DD6950BF2F7474CE6CF91A2BC4F63BD3FD0BDA5DE9DAF2EF4784D49D03F500A439C1E549F5B57835BC840814FC992A1C6861331C7497614E07F7165D1FD87DEDC636697274BE4D05D2AFC5693F8D3C9969D19B61B2267DA09B56112447FB02746C6B81B5B78819EC9FDCB3CD808BF88DB2BAA46CB7346D88A5FEF74D9CCD7DCAE5900384E45242E024351E0B559D501C93B46040F3A3AB709B317430B9DED4E471F4FDB58C92413E9E95885027EF82D16CB0F25DF28CE742CDEF1CB13E2C61FCB115B8696D141356ADA4E025CC26DD7F8D1CBF77B2273E19D82BE6EEF3D1BC6759B7BCFE75C1ACEEE6D4540A4A16025B0B267D8E442FA250BB1E39FE505070E83A12F5EF19C3672EA71F23E01CBDE07FECA70BC61559DB8A8F26867FAC20C943CF694F09C7BFE815028318EDA26DA482A681B2AFBDDF5E92D44F7E17B360DCDE36571D8929340B49948FDD6DDC7AA83FACDBC3D029005D9D194E2BE75D25300C8A7AEF9C5B32D9742FA7BD27B7F0A2A3FB2522486572C80D5491C433D3C8B46B871DACEE860590BCADDEECEEA4C960348C2F7A25F50B4257DB73CC768CFC40F096724E57551BF403904C22E226252256D1C7310264CC7660CAE8038D39BF41D90A0E1DDA771BC4295F305E6612A247C85D1A8583A5077B5506D46159E60F2862AAC0BEDFDE0126A6B2668042842D74B716BA5F93C1734DA95A712712A96FCB7B68B3E5DBCF265694D8940A2BA7998268FE31688938D58ECAF850EF69F68B2ED99313A0CED2E4042CD8088F524D4FA74C8A950AAE9559DDA752203616833183D3A086669DCCE0F4E87DF5FC3310C74F50420C89C2D43A3E6C18FE281358A948B846C4A7B194525B795728467F18C6138309E"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Completion time: 2014-01-02  15:53:51 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-02 21:53
.
Pre-Run: 48,135,696,384 bytes free
Post-Run: 50,359,541,760 bytes free
.
- - End Of File - - 330854CD4773B3F50E469C3EC6C32282
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Please download SystemLook from the link below and save it to your Desktop.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :Filefindrpcss.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Link to post
Share on other sites
russianspd

russianspd

Posted
  • Author
Posted

SystemLook Report:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 16:03 on 02/01/2014 by David
Administrator - Elevation successful

========== Filefind ==========

Searching for "rpcss.dll"
C:\Windows\System32\rpcss.dll    --a---- 510464 bytes    [00:00 14/07/2009]    [01:41 14/07/2009] EFEB9A87591249D8C2288266BEE3A275
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll    --a---- 509440 bytes    [00:00 14/07/2009]    [01:41 14/07/2009] 7266972E86890E2B30C0C322E906B027

-= EOF =-

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Using ComboFix......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt, place it next to ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites
russianspd

russianspd

Posted
  • Author
Posted

ComboFix using CFScript:

 

ComboFix 14-01-01.01 - David 01/02/2014  16:27:04.4.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.7934.5296 [GMT -6:00]
Running from: c:\users\David\Desktop\ComboFix.exe
Command switches used :: c:\users\David\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll --> c:\windows\System32\rpcss.dll
.
(((((((((((((((((((((((((   Files Created from 2013-12-02 to 2014-01-02  )))))))))))))))))))))))))))))))
.
.
2014-01-02 22:31 . 2014-01-02 22:31    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-02 22:31 . 2014-01-02 22:31    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2014-01-02 07:18 . 2014-01-02 07:18    117464    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-02 07:02 . 2014-01-02 21:06    --------    d-----w-    c:\users\UpdatusUser
2014-01-02 07:01 . 2014-01-02 07:01    --------    d-----w-    c:\programdata\NVIDIA Corporation
2014-01-02 06:17 . 2014-01-02 06:17    8646    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2014-01-02 06:08 . 2014-01-02 06:08    --------    d-----w-    c:\users\David\AppData\Roaming\SUPERAntiSpyware.com
2014-01-02 03:30 . 2013-12-04 01:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF91B7B8-9095-4ACB-9BC5-5DF6E24135B3}\mpengine.dll
2014-01-02 01:46 . 2014-01-02 01:46    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2014-01-02 01:40 . 2014-01-02 03:30    --------    d-----w-    c:\program files\HitmanPro
2014-01-02 01:39 . 2014-01-02 01:46    --------    d-----w-    c:\programdata\HitmanPro
2014-01-02 01:31 . 2014-01-02 21:09    134944    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys.bak
2014-01-02 01:31 . 2014-01-02 21:09    248240    ----a-w-    c:\windows\system32\drivers\MpFilter.sys.bak
2014-01-01 19:20 . 2014-01-01 19:20    --------    d-----w-    c:\users\David\AppData\Roaming\LavasoftStatistics
2014-01-01 18:59 . 2014-01-01 18:59    --------    d-----w-    c:\programdata\Lavasoft
2014-01-01 18:42 . 2014-01-01 23:28    --------    d-----w-    c:\program files\COMODO
2014-01-01 18:42 . 2014-01-01 18:42    --------    d-----w-    c:\program files (x86)\Common Files\COMODO
2014-01-01 18:39 . 2014-01-01 18:39    348160    ----a-w-    c:\windows\SysWow64\msvcr71.dll
2014-01-01 18:39 . 2014-01-01 18:39    1700352    ----a-w-    c:\windows\SysWow64\gdiplus.dll
2014-01-01 18:39 . 2014-01-01 18:39    1060864    ----a-w-    c:\windows\SysWow64\mfc71.dll
2014-01-01 18:34 . 2014-01-01 23:28    --------    d-----w-    c:\programdata\Comodo
2014-01-01 18:34 . 2014-01-01 18:34    --------    d-----w-    c:\program files\AdTrustMedia
2014-01-01 18:33 . 2014-01-01 18:33    --------    d-----w-    c:\program files (x86)\Comodo
2014-01-01 17:57 . 2014-01-01 18:00    --------    d-----w-    c:\users\David\AppData\Local\Avg2013
2014-01-01 17:32 . 2014-01-01 17:32    --------    d-----w-    c:\users\David\AppData\Roaming\AVG
2014-01-01 17:28 . 2014-01-01 17:34    --------    d-----w-    c:\programdata\AVG
2014-01-01 17:28 . 2014-01-01 17:47    --------    d-sh--w-    c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-01-01 17:08 . 2014-01-01 17:08    --------    d-----w-    c:\users\David\AppData\Roaming\TuneUp Software
2014-01-01 07:24 . 2014-01-01 18:00    --------    d-----w-    c:\programdata\MFAData
2014-01-01 07:24 . 2014-01-01 07:24    --------    d--h--w-    c:\programdata\Common Files
2014-01-01 07:24 . 2014-01-01 07:24    --------    d-----w-    c:\users\David\AppData\Local\MFAData
2014-01-01 06:39 . 2014-01-01 06:39    110080    ----a-r-    c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{DB847E94-446B-49E0-AC5D-C5627EC8B0C0}\IconF7A21AF7.exe
2014-01-01 06:39 . 2014-01-01 06:39    110080    ----a-r-    c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{DB847E94-446B-49E0-AC5D-C5627EC8B0C0}\IconD7F16134.exe
2014-01-01 06:39 . 2014-01-01 06:39    110080    ----a-r-    c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{DB847E94-446B-49E0-AC5D-C5627EC8B0C0}\IconCF33A0CE.exe
2014-01-01 06:39 . 2014-01-01 06:39    --------    d-----w-    C:\sh4ldr
2014-01-01 06:39 . 2014-01-01 06:39    --------    d-----w-    c:\program files (x86)\Enigma Software Group
2014-01-01 06:38 . 2014-01-01 06:39    --------    d-----w-    c:\windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2014-01-01 06:34 . 2014-01-01 06:37    --------    d-----w-    c:\users\Administrator\AppData\Roaming\uTorrent
2014-01-01 06:16 . 2014-01-01 06:16    --------    d-----w-    c:\users\Administrator\AppData\Roaming\Malwarebytes
2014-01-01 06:06 . 2014-01-01 06:06    --------    d-----w-    c:\windows\ERUNT
2014-01-01 05:57 . 2014-01-01 05:57    --------    d-----w-    c:\program files\Enigma Software Group
2014-01-01 05:57 . 2014-01-02 01:46    --------    d-----w-    c:\windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-01 05:56 . 2014-01-01 06:38    --------    d-----w-    c:\program files (x86)\Common Files\Wise Installation Wizard
2014-01-01 01:58 . 2013-12-04 01:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-01 01:39 . 2014-01-01 01:40    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2014-01-01 01:39 . 2014-01-01 01:40    --------    d-----w-    c:\program files\Microsoft Security Client
2014-01-01 00:38 . 2014-01-02 21:09    93184    ----a-w-    c:\windows\system32\drivers\smb.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    500224    ----a-w-    c:\windows\system32\drivers\afd.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    339536    ----a-w-    c:\windows\system32\drivers\adpahci.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    182864    ----a-w-    c:\windows\system32\drivers\adpu320.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    491088    ----a-w-    c:\windows\system32\drivers\adp94xx.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    334416    ----a-w-    c:\windows\system32\drivers\acpi.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    227840    ----a-w-    c:\windows\system32\drivers\1394ohci.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    12288    ----a-w-    c:\windows\system32\drivers\acpipmi.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    68096    ----a-w-    c:\windows\system32\drivers\1394bus.sys.bak
2014-01-01 00:16 . 2014-01-01 00:16    0    ----a-w-    c:\windows\SysWow64\winlogon.exe
2014-01-01 00:16 . 2014-01-01 00:16    0    ----a-w-    c:\windows\SysWow64\smss.exe
2014-01-01 00:16 . 2014-01-01 00:16    0    ----a-w-    c:\windows\SysWow64\services.exe
2014-01-01 00:16 . 2014-01-01 00:16    0    ----a-w-    c:\windows\SysWow64\lsass.exe
2013-12-31 23:56 . 2013-12-16 07:54    10315576    ------w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F759746-0A88-4AB1-94C9-324CC9D14909}\mpengine.dll
2013-12-31 23:50 . 2009-03-24 18:52    129872    ----a-w-    c:\windows\SysWow64\MSSTDFMT.DLL
2013-12-31 22:20 . 2014-01-02 07:30    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-31 22:17 . 2014-01-02 07:18    89304    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-31 17:33 . 2013-12-31 17:33    --------    d-----w-    c:\users\Administrator\AppData\Local\VS Revo Group
2013-12-31 03:36 . 2014-01-02 19:08    --------    d-----w-    C:\REX Essential Plus
2013-12-27 04:02 . 2013-12-27 04:03    --------    d-----w-    c:\users\David\AppData\Local\GMap.NET
2013-12-25 06:00 . 2013-12-25 06:34    --------    d-----w-    C:\REX Texture Direct
2013-12-25 05:59 . 2013-12-25 05:59    --------    d-----w-    c:\program files\Microsoft SQL Server
2013-12-25 05:59 . 2013-12-25 05:59    --------    d-----w-    c:\program files (x86)\Microsoft SQL Server
2013-12-23 20:34 . 2013-12-23 20:35    --------    d-----w-    c:\windows\system32\MRT
2013-12-23 19:17 . 2013-12-23 19:17    --------    d-----w-    c:\users\Administrator\AppData\Local\Smart_PC_Utilities,_Ltd
2013-12-23 06:54 . 2013-12-23 06:54    --------    d-----w-    c:\users\Administrator\AppData\Local\O&O
2013-12-23 06:47 . 2013-12-23 06:47    --------    d-----w-    c:\users\Administrator\AppData\Local\Google
2013-12-23 02:47 . 2013-12-23 02:47    --------    d-----w-    c:\users\Public\Last.Man.Standing.US.S03E01.HDTV
2013-12-23 02:40 . 2013-12-23 02:40    --------    d-----w-    c:\users\Public\Frosty the Snowman
2013-12-23 02:25 . 2013-12-23 19:15    --------    d-----w-    c:\users\Administrator\AppData\Local\ElevatedDiagnostics
2013-12-21 03:01 . 2014-01-01 17:47    --------    d-----w-    c:\users\David\AppData\Local\Downloaded Installations
2013-12-21 00:42 . 2013-12-21 00:42    --------    d-----w-    c:\users\David\AppData\Roaming\ICE AI Traffic Group
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-31 15:55 . 2012-12-01 08:35    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-31 15:55 . 2012-12-01 08:35    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-19 10:32 . 2012-12-01 02:48    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-10-19 16:47 . 2013-10-19 16:47    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{807ca0aa-7cb3-4f03-bd61-076f618cc82d}]
2009-11-25 19:47    297808    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\David\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 OODefragAgent;O&O Defrag;c:\program files (x86)\OO Software\Defrag\oodag.exe;c:\program files (x86)\OO Software\Defrag\oodag.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 Ser2rs;Radioshack USB to Serial Driver;c:\windows\system32\DRIVERS\ser2rs64.sys;c:\windows\SYSNATIVE\DRIVERS\ser2rs64.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
R3 tenCapture;tenCapture;c:\windows\system32\DRIVERS\tenCapture.sys;c:\windows\SYSNATIVE\DRIVERS\tenCapture.sys [x]
R3 Tileproxy;Tileproxy;c:\windows\system32\DRIVERS\tileproxy.sys;c:\windows\SYSNATIVE\DRIVERS\tileproxy.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys;c:\windows\SYSNATIVE\DRIVERS\nvoclk64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 07:44    1210320    ----a-w-    c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-29 19:36]
.
2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-29 19:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\program files (x86)\OO Software\Defrag\oodtray.exe" [2012-11-01 7061360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with FLV Blaster - c:\users\David\AppData\Roaming\FLV2PC\Internet Explorer\script.htm
IE: Download with FLV Blaster\Contexts - 1 (0x1)
IE: Download with FLV Blaster\Flags - 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B8686BC9-9341-409F-8A4F-B1B3F95A003E}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fbt0rhae.default\
FF - ExtSQL: 2014-01-01 12:34; PrivDog@AdTrustMedia.com; c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fbt0rhae.default\extensions\PrivDog@AdTrustMedia.com.xpi
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,60,91,b4,69,9b,08,4a,b7,bc,e9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,60,91,b4,69,9b,08,4a,b7,bc,e9,\
.
[HKEY_USERS\S-1-5-21-1858855655-1216912795-4258052306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*¾o]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1858855655-1216912795-4258052306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*¾o\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG16.00.00.01PROFESSIONAL"="00CD7F61C9C92524BF0CDC42DDF5425A28272FF6F00041C75677E2DC0814766034FCB5E92472D2C861A7F6F5F9D02E05B05B53C935981B7730DDB608456A4F28C6FDB660487C99E357971413F2BDE8AD076349461D50E16F7B1726A9CF540492BE59816B657AE3D623FCF4FEC0F46FFDC313B0AD8C26C3C988CDD07C103214C947B055E38F52A1F4E70C1CCEBFFE4198A3D4EC724867F0944EBF1D73D5B9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DC038D530D6EB3452C038D530D6EB3452ADB916CE8803D43C5EEDA795381832413877D4848E276A22BF03EB3CFED38DC77656B406D5D2C65AEE163973CD0F6B8BF34A9ED1C61EA42CC03E926800051A1544AE4488E74DBB60F941ECF078668FF3D0D5EFF9AA5F9357A021FD1CED65B55AAE1AD7B8BC9E519449331142B8C742A568ECECA7D8B00853E82B4E9628F7F97052E6A90C14268813A72A9534CD108E22D6D7621BB20BB328A9D0C52ED07263014DD6950BF2F7474CE6CF91A2BC4F63BD3FD0BDA5DE9DAF2EF4784D49D03F500A439C1E549F5B57835BC840814FC992A1C6861331C7497614E07F7165D1FD87DEDC636697274BE4D05D2AFC5693F8D3C9969D19B61B2267DA09B56112447FB02746C6B81B5B78819EC9FDCB3CD808BF88DB2BAA46CB7346D88A5FEF74D9CCD7DCAE5900384E45242E024351E0B559D501C93B46040F3A3AB709B317430B9DED4E471F4FDB58C92413E9E95885027EF82D16CB0F25DF28CE742CDEF1CB13E2C61FCB115B8696D141356ADA4E025CC26DD7F8D1CBF77B2273E19D82BE6EEF3D1BC6759B7BCFE75C1ACEEE6D4540A4A16025B0B267D8E442FA250BB1E39FE505070E83A12F5EF19C3672EA71F23E01CBDE07FECA70BC61559DB8A8F26867FAC20C943CF694F09C7BFE815028318EDA26DA482A681B2AFBDDF5E92D44F7E17B360DCDE36571D8929340B49948FDD6DDC7AA83FACDBC3D029005D9D194E2BE75D25300C8A7AEF9C5B32D9742FA7BD27B7F0A2A3FB2522486572C80D5491C433D3C8B46B871DACEE860590BCADDEECEEA4C960348C2F7A25F50B4257DB73CC768CFC40F096724E57551BF403904C22E226252256D1C7310264CC7660CAE8038D39BF41D90A0E1DDA771BC4295F305E6612A247C85D1A8583A5077B5506D46159E60F2862AAC0BEDFDE0126A6B2668042842D74B716BA5F93C1734DA95A712712A96FCB7B68B3E5DBCF265694D8940A2BA7998268FE31688938D58ECAF850EF69F68B2ED99313A0CED2E4042CD8088F524D4FA74C8A950AAE9559DDA752203616833183D3A086669DCCE0F4E87DF5FC3310C74F50420C89C2D43A3E6C18FE281358A948B846C4A7B194525B795728467F18C6138309E"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-02  16:33:31
ComboFix-quarantined-files.txt  2014-01-02 22:33
ComboFix2.txt  2014-01-02 21:53
.
Pre-Run: 49,999,421,440 bytes free
Post-Run: 49,718,632,448 bytes free
.
- - End Of File - - D362EF84F4919C044B7C6C1ECD02C9A1
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites
russianspd

russianspd

Posted
  • Author
Posted

ComboFix Results:

 

ComboFix 14-01-01.01 - David 01/02/2014  17:04:15.5.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.7934.4996 [GMT -6:00]
Running from: c:\users\David\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-02 to 2014-01-02  )))))))))))))))))))))))))))))))
.
.
2014-01-02 23:08 . 2014-01-02 23:08    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-02 23:08 . 2014-01-02 23:08    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2014-01-02 07:18 . 2014-01-02 07:18    117464    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-02 07:02 . 2014-01-02 21:06    --------    d-----w-    c:\users\UpdatusUser
2014-01-02 07:01 . 2014-01-02 07:01    --------    d-----w-    c:\programdata\NVIDIA Corporation
2014-01-02 06:17 . 2014-01-02 06:17    8646    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2014-01-02 06:08 . 2014-01-02 06:08    --------    d-----w-    c:\users\David\AppData\Roaming\SUPERAntiSpyware.com
2014-01-02 03:30 . 2013-12-04 01:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF91B7B8-9095-4ACB-9BC5-5DF6E24135B3}\mpengine.dll
2014-01-02 01:46 . 2014-01-02 01:46    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2014-01-02 01:40 . 2014-01-02 03:30    --------    d-----w-    c:\program files\HitmanPro
2014-01-02 01:39 . 2014-01-02 01:46    --------    d-----w-    c:\programdata\HitmanPro
2014-01-02 01:31 . 2014-01-02 21:09    134944    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys.bak
2014-01-02 01:31 . 2014-01-02 21:09    248240    ----a-w-    c:\windows\system32\drivers\MpFilter.sys.bak
2014-01-01 19:20 . 2014-01-01 19:20    --------    d-----w-    c:\users\David\AppData\Roaming\LavasoftStatistics
2014-01-01 18:59 . 2014-01-01 18:59    --------    d-----w-    c:\programdata\Lavasoft
2014-01-01 18:42 . 2014-01-01 23:28    --------    d-----w-    c:\program files\COMODO
2014-01-01 18:42 . 2014-01-01 18:42    --------    d-----w-    c:\program files (x86)\Common Files\COMODO
2014-01-01 18:39 . 2014-01-01 18:39    348160    ----a-w-    c:\windows\SysWow64\msvcr71.dll
2014-01-01 18:39 . 2014-01-01 18:39    1700352    ----a-w-    c:\windows\SysWow64\gdiplus.dll
2014-01-01 18:39 . 2014-01-01 18:39    1060864    ----a-w-    c:\windows\SysWow64\mfc71.dll
2014-01-01 18:34 . 2014-01-01 23:28    --------    d-----w-    c:\programdata\Comodo
2014-01-01 18:34 . 2014-01-01 18:34    --------    d-----w-    c:\program files\AdTrustMedia
2014-01-01 18:33 . 2014-01-01 18:33    --------    d-----w-    c:\program files (x86)\Comodo
2014-01-01 17:57 . 2014-01-01 18:00    --------    d-----w-    c:\users\David\AppData\Local\Avg2013
2014-01-01 17:32 . 2014-01-01 17:32    --------    d-----w-    c:\users\David\AppData\Roaming\AVG
2014-01-01 17:28 . 2014-01-01 17:34    --------    d-----w-    c:\programdata\AVG
2014-01-01 17:28 . 2014-01-01 17:47    --------    d-sh--w-    c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-01-01 17:08 . 2014-01-01 17:08    --------    d-----w-    c:\users\David\AppData\Roaming\TuneUp Software
2014-01-01 07:24 . 2014-01-01 18:00    --------    d-----w-    c:\programdata\MFAData
2014-01-01 07:24 . 2014-01-01 07:24    --------    d--h--w-    c:\programdata\Common Files
2014-01-01 07:24 . 2014-01-01 07:24    --------    d-----w-    c:\users\David\AppData\Local\MFAData
2014-01-01 06:39 . 2014-01-01 06:39    110080    ----a-r-    c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{DB847E94-446B-49E0-AC5D-C5627EC8B0C0}\IconF7A21AF7.exe
2014-01-01 06:39 . 2014-01-01 06:39    110080    ----a-r-    c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{DB847E94-446B-49E0-AC5D-C5627EC8B0C0}\IconD7F16134.exe
2014-01-01 06:39 . 2014-01-01 06:39    110080    ----a-r-    c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{DB847E94-446B-49E0-AC5D-C5627EC8B0C0}\IconCF33A0CE.exe
2014-01-01 06:39 . 2014-01-01 06:39    --------    d-----w-    C:\sh4ldr
2014-01-01 06:39 . 2014-01-01 06:39    --------    d-----w-    c:\program files (x86)\Enigma Software Group
2014-01-01 06:38 . 2014-01-01 06:39    --------    d-----w-    c:\windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2014-01-01 06:34 . 2014-01-01 06:37    --------    d-----w-    c:\users\Administrator\AppData\Roaming\uTorrent
2014-01-01 06:16 . 2014-01-01 06:16    --------    d-----w-    c:\users\Administrator\AppData\Roaming\Malwarebytes
2014-01-01 06:06 . 2014-01-01 06:06    --------    d-----w-    c:\windows\ERUNT
2014-01-01 05:57 . 2014-01-01 05:57    --------    d-----w-    c:\program files\Enigma Software Group
2014-01-01 05:57 . 2014-01-02 01:46    --------    d-----w-    c:\windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-01 05:56 . 2014-01-01 06:38    --------    d-----w-    c:\program files (x86)\Common Files\Wise Installation Wizard
2014-01-01 01:58 . 2013-12-04 01:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-01 01:39 . 2014-01-01 01:40    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2014-01-01 01:39 . 2014-01-01 01:40    --------    d-----w-    c:\program files\Microsoft Security Client
2014-01-01 00:38 . 2014-01-02 21:09    93184    ----a-w-    c:\windows\system32\drivers\smb.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    500224    ----a-w-    c:\windows\system32\drivers\afd.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    339536    ----a-w-    c:\windows\system32\drivers\adpahci.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    182864    ----a-w-    c:\windows\system32\drivers\adpu320.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    491088    ----a-w-    c:\windows\system32\drivers\adp94xx.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    334416    ----a-w-    c:\windows\system32\drivers\acpi.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    227840    ----a-w-    c:\windows\system32\drivers\1394ohci.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    12288    ----a-w-    c:\windows\system32\drivers\acpipmi.sys.bak
2014-01-01 00:37 . 2014-01-02 21:08    68096    ----a-w-    c:\windows\system32\drivers\1394bus.sys.bak
2014-01-01 00:16 . 2014-01-01 00:16    0    ----a-w-    c:\windows\SysWow64\winlogon.exe
2014-01-01 00:16 . 2014-01-01 00:16    0    ----a-w-    c:\windows\SysWow64\smss.exe
2014-01-01 00:16 . 2014-01-01 00:16    0    ----a-w-    c:\windows\SysWow64\services.exe
2014-01-01 00:16 . 2014-01-01 00:16    0    ----a-w-    c:\windows\SysWow64\lsass.exe
2013-12-31 23:56 . 2013-12-16 07:54    10315576    ------w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F759746-0A88-4AB1-94C9-324CC9D14909}\mpengine.dll
2013-12-31 23:50 . 2009-03-24 18:52    129872    ----a-w-    c:\windows\SysWow64\MSSTDFMT.DLL
2013-12-31 22:20 . 2014-01-02 07:30    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-31 22:17 . 2014-01-02 07:18    89304    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-31 17:33 . 2013-12-31 17:33    --------    d-----w-    c:\users\Administrator\AppData\Local\VS Revo Group
2013-12-31 03:36 . 2014-01-02 19:08    --------    d-----w-    C:\REX Essential Plus
2013-12-27 04:02 . 2013-12-27 04:03    --------    d-----w-    c:\users\David\AppData\Local\GMap.NET
2013-12-25 06:00 . 2013-12-25 06:34    --------    d-----w-    C:\REX Texture Direct
2013-12-25 05:59 . 2013-12-25 05:59    --------    d-----w-    c:\program files\Microsoft SQL Server
2013-12-25 05:59 . 2013-12-25 05:59    --------    d-----w-    c:\program files (x86)\Microsoft SQL Server
2013-12-23 20:34 . 2013-12-23 20:35    --------    d-----w-    c:\windows\system32\MRT
2013-12-23 19:17 . 2013-12-23 19:17    --------    d-----w-    c:\users\Administrator\AppData\Local\Smart_PC_Utilities,_Ltd
2013-12-23 06:54 . 2013-12-23 06:54    --------    d-----w-    c:\users\Administrator\AppData\Local\O&O
2013-12-23 06:47 . 2013-12-23 06:47    --------    d-----w-    c:\users\Administrator\AppData\Local\Google
2013-12-23 02:47 . 2013-12-23 02:47    --------    d-----w-    c:\users\Public\Last.Man.Standing.US.S03E01.HDTV
2013-12-23 02:40 . 2013-12-23 02:40    --------    d-----w-    c:\users\Public\Frosty the Snowman
2013-12-23 02:25 . 2013-12-23 19:15    --------    d-----w-    c:\users\Administrator\AppData\Local\ElevatedDiagnostics
2013-12-21 03:01 . 2014-01-01 17:47    --------    d-----w-    c:\users\David\AppData\Local\Downloaded Installations
2013-12-21 00:42 . 2013-12-21 00:42    --------    d-----w-    c:\users\David\AppData\Roaming\ICE AI Traffic Group
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-31 15:55 . 2012-12-01 08:35    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-31 15:55 . 2012-12-01 08:35    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-19 10:32 . 2012-12-01 02:48    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-10-19 16:47 . 2013-10-19 16:47    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{807ca0aa-7cb3-4f03-bd61-076f618cc82d}]
2009-11-25 19:47    297808    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\David\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 OODefragAgent;O&O Defrag;c:\program files (x86)\OO Software\Defrag\oodag.exe;c:\program files (x86)\OO Software\Defrag\oodag.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 Ser2rs;Radioshack USB to Serial Driver;c:\windows\system32\DRIVERS\ser2rs64.sys;c:\windows\SYSNATIVE\DRIVERS\ser2rs64.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
R3 tenCapture;tenCapture;c:\windows\system32\DRIVERS\tenCapture.sys;c:\windows\SYSNATIVE\DRIVERS\tenCapture.sys [x]
R3 Tileproxy;Tileproxy;c:\windows\system32\DRIVERS\tileproxy.sys;c:\windows\SYSNATIVE\DRIVERS\tileproxy.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys;c:\windows\SYSNATIVE\DRIVERS\nvoclk64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 07:44    1210320    ----a-w-    c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-29 19:36]
.
2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-29 19:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\program files (x86)\OO Software\Defrag\oodtray.exe" [2012-11-01 7061360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with FLV Blaster - c:\users\David\AppData\Roaming\FLV2PC\Internet Explorer\script.htm
IE: Download with FLV Blaster\Contexts - 1 (0x1)
IE: Download with FLV Blaster\Flags - 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B8686BC9-9341-409F-8A4F-B1B3F95A003E}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fbt0rhae.default\
FF - ExtSQL: 2014-01-01 12:34; PrivDog@AdTrustMedia.com; c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fbt0rhae.default\extensions\PrivDog@AdTrustMedia.com.xpi
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,60,91,b4,69,9b,08,4a,b7,bc,e9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,60,91,b4,69,9b,08,4a,b7,bc,e9,\
.
[HKEY_USERS\S-1-5-21-1858855655-1216912795-4258052306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*¾o]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1858855655-1216912795-4258052306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*¾o\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG16.00.00.01PROFESSIONAL"="00CD7F61C9C92524BF0CDC42DDF5425A28272FF6F00041C75677E2DC0814766034FCB5E92472D2C861A7F6F5F9D02E05B05B53C935981B7730DDB608456A4F28C6FDB660487C99E357971413F2BDE8AD076349461D50E16F7B1726A9CF540492BE59816B657AE3D623FCF4FEC0F46FFDC313B0AD8C26C3C988CDD07C103214C947B055E38F52A1F4E70C1CCEBFFE4198A3D4EC724867F0944EBF1D73D5B9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DC038D530D6EB3452C038D530D6EB3452ADB916CE8803D43C5EEDA795381832413877D4848E276A22BF03EB3CFED38DC77656B406D5D2C65AEE163973CD0F6B8BF34A9ED1C61EA42CC03E926800051A1544AE4488E74DBB60F941ECF078668FF3D0D5EFF9AA5F9357A021FD1CED65B55AAE1AD7B8BC9E519449331142B8C742A568ECECA7D8B00853E82B4E9628F7F97052E6A90C14268813A72A9534CD108E22D6D7621BB20BB328A9D0C52ED07263014DD6950BF2F7474CE6CF91A2BC4F63BD3FD0BDA5DE9DAF2EF4784D49D03F500A439C1E549F5B57835BC840814FC992A1C6861331C7497614E07F7165D1FD87DEDC636697274BE4D05D2AFC5693F8D3C9969D19B61B2267DA09B56112447FB02746C6B81B5B78819EC9FDCB3CD808BF88DB2BAA46CB7346D88A5FEF74D9CCD7DCAE5900384E45242E024351E0B559D501C93B46040F3A3AB709B317430B9DED4E471F4FDB58C92413E9E95885027EF82D16CB0F25DF28CE742CDEF1CB13E2C61FCB115B8696D141356ADA4E025CC26DD7F8D1CBF77B2273E19D82BE6EEF3D1BC6759B7BCFE75C1ACEEE6D4540A4A16025B0B267D8E442FA250BB1E39FE505070E83A12F5EF19C3672EA71F23E01CBDE07FECA70BC61559DB8A8F26867FAC20C943CF694F09C7BFE815028318EDA26DA482A681B2AFBDDF5E92D44F7E17B360DCDE36571D8929340B49948FDD6DDC7AA83FACDBC3D029005D9D194E2BE75D25300C8A7AEF9C5B32D9742FA7BD27B7F0A2A3FB2522486572C80D5491C433D3C8B46B871DACEE860590BCADDEECEEA4C960348C2F7A25F50B4257DB73CC768CFC40F096724E57551BF403904C22E226252256D1C7310264CC7660CAE8038D39BF41D90A0E1DDA771BC4295F305E6612A247C85D1A8583A5077B5506D46159E60F2862AAC0BEDFDE0126A6B2668042842D74B716BA5F93C1734DA95A712712A96FCB7B68B3E5DBCF265694D8940A2BA7998268FE31688938D58ECAF850EF69F68B2ED99313A0CED2E4042CD8088F524D4FA74C8A950AAE9559DDA752203616833183D3A086669DCCE0F4E87DF5FC3310C74F50420C89C2D43A3E6C18FE281358A948B846C4A7B194525B795728467F18C6138309E"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-02  17:10:51
ComboFix-quarantined-files.txt  2014-01-02 23:10
ComboFix2.txt  2014-01-02 22:33
ComboFix3.txt  2014-01-02 21:53
.
Pre-Run: 49,568,804,864 bytes free
Post-Run: 49,246,224,384 bytes free
.
- - End Of File - - 3ED3707FFA2A21DD4A8CAAA26C1EB909
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Please do this:

 

Clean out any adware/spyware : (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites
russianspd

russianspd

Posted
  • Author
Posted

AdwCeaner Report:

 

# AdwCleaner v3.016 - Report created 02/01/2014 at 19:18:41
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : David - DAVID-PC
# Running from : C:\Users\David\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\fbt0rhae.default\prefs.js ]


*************************

AdwCleaner[R2].txt - [756 octets] - [02/01/2014 19:17:46]
AdwCleaner[s2].txt - [678 octets] - [02/01/2014 19:18:41]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [737 octets] ##########
 

Link to post
Share on other sites
russianspd

russianspd

Posted
  • Author
Posted

Malwarebytes Full Scan log:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.02.04

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
David :: DAVID-PC [administrator]

Protection: Enabled

1/2/2014 7:23:25 PM
mbam-log-2014-01-02 (19-23-25).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 613271
Time elapsed: 1 hour(s), 13 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.