Audio ads and music playing from Host process for windows services

[whatzitooya123]

Also it happened during the last scan So I had to open the cmd console and stop the pc from shutting down. So I'm not absolutely sure if the problem is still present. I will do another scan though.

[MrCharlie]

OK..regular scan , MrC

[whatzitooya123]

ComboFix 14-01-04.03 - Travis 4/2014 Sat  15:38:17.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.932.81.1033.18.8119.6303 [GMT -6:00]
Running from: c:\users\Travis\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-04 to 2014-01-04  )))))))))))))))))))))))))))))))
.
.
2014-01-04 21:50 . 2014-01-04 21:50    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-01-04 21:50 . 2014-01-04 21:50    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2014-01-04 21:50 . 2014-01-04 21:50    --------    d-----w-    c:\users\UpdatusUser.momisboss-PC\AppData\Local\temp
2014-01-04 21:50 . 2014-01-04 21:50    --------    d-----w-    c:\users\mom is boss\AppData\Local\temp
2014-01-04 21:50 . 2014-01-04 21:50    --------    d-----w-    c:\users\hedev\AppData\Local\temp
2014-01-04 21:50 . 2014-01-04 21:50    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-04 21:04 . 2014-01-04 21:04    --------    d-----w-    c:\users\Travis\AppData\Roaming\AVG 1213b Campaign
2014-01-04 21:04 . 2014-01-04 21:04    --------    d-----w-    c:\programdata\AVG 1213b Campaign
2014-01-04 20:42 . 2014-01-04 20:42    --------    d-----w-    c:\windows\system32\SPReview
2014-01-04 20:33 . 2014-01-04 20:42    --------    d-----w-    c:\windows\system32\MRT
2014-01-04 00:58 . 2014-01-04 01:05    --------    d-----w-    C:\AdwCleaner
2014-01-04 00:20 . 2014-01-04 00:23    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-04 00:20 . 2014-01-04 00:23    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-03 21:26 . 2014-01-04 00:09    72832    ----a-w-    c:\windows\system32\drivers\ohci1394.sys.bak
2014-01-03 21:04 . 2014-01-03 21:04    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2014-01-03 17:39 . 2014-01-04 08:35    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2014-01-03 17:39 . 2014-01-04 08:58    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy 2
2014-01-03 07:59 . 2014-01-03 21:23    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-03 07:58 . 2014-01-03 17:07    89304    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-01-03 06:58 . 2014-01-03 16:48    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-12-09 18:22 . 2013-12-10 19:39    --------    d-----w-    c:\programdata\WarThunder
2013-12-09 18:22 . 2013-12-09 18:22    --------    d-----w-    c:\users\Travis\AppData\Local\WarThunder
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-01 20:42 . 2010-12-02 16:13    90708896    ----a-w-    c:\windows\system32\MRT.exe
2013-11-11 02:06 . 2012-10-03 18:56    46368    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-11-08 20:47 . 2013-11-06 22:15    1064224    ----a-w-    c:\windows\system32\nvspcap64.dll
2013-11-08 20:47 . 2013-11-06 22:15    955168    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2013-11-06 03:55 . 2013-11-06 03:55    150808    ----a-w-    c:\windows\system32\drivers\avgdiska.sys
2013-11-05 03:52 . 2013-11-05 03:52    240920    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2013-11-01 05:00 . 2013-11-01 05:00    212280    ----a-w-    c:\windows\system32\drivers\avgldx64.sys
2013-11-01 04:49 . 2013-11-01 04:49    294712    ----a-w-    c:\windows\system32\drivers\avgloga.sys
2013-10-25 06:54 . 2013-10-25 06:54    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-25 04:25 . 2013-10-25 04:25    194872    ----a-w-    c:\windows\system32\drivers\avgidsha.sys
2013-10-23 10:30 . 2013-11-06 22:11    1884448    ----a-w-    c:\windows\system32\nvdispco6433165.dll
2013-10-23 10:30 . 2013-11-06 22:11    1511712    ----a-w-    c:\windows\system32\nvdispgenco6433165.dll
2013-10-23 10:30 . 2013-11-06 22:11    9524088    ----a-w-    c:\windows\SysWow64\nvcuda.dll
2013-10-23 10:30 . 2013-11-06 22:11    9480328    ----a-w-    c:\windows\SysWow64\nvopencl.dll
2013-10-23 10:30 . 2013-11-06 22:11    696096    ----a-w-    c:\windows\system32\NvFBC64.dll
2013-10-23 10:30 . 2013-11-06 22:11    655136    ----a-w-    c:\windows\system32\NvIFR64.dll
2013-10-23 10:30 . 2013-11-06 22:11    599840    ----a-w-    c:\windows\SysWow64\NvFBC.dll
2013-10-23 10:30 . 2013-11-06 22:11    560416    ----a-w-    c:\windows\SysWow64\NvIFR.dll
2013-10-23 10:30 . 2013-11-06 22:11    3131680    ----a-w-    c:\windows\system32\nvcuvid.dll
2013-10-23 10:30 . 2013-11-06 22:11    3124512    ----a-w-    c:\windows\system32\nvcuvenc.dll
2013-10-23 10:30 . 2013-11-06 22:11    30344480    ----a-w-    c:\windows\system32\nvoglv64.dll
2013-10-23 10:30 . 2013-11-06 22:11    2946848    ----a-w-    c:\windows\SysWow64\nvcuvid.dll
2013-10-23 10:30 . 2013-11-06 22:11    2747168    ----a-w-    c:\windows\SysWow64\nvcuvenc.dll
2013-10-23 10:30 . 2013-11-06 22:11    25257248    ----a-w-    c:\windows\system32\nvcompiler.dll
2013-10-23 10:30 . 2013-11-06 22:11    22933792    ----a-w-    c:\windows\SysWow64\nvoglv32.dll
2013-10-23 10:30 . 2013-11-06 22:11    18199872    ----a-w-    c:\windows\system32\nvd3dumx.dll
2013-10-23 10:30 . 2013-11-06 22:11    17560352    ----a-w-    c:\windows\SysWow64\nvcompiler.dll
2013-10-23 10:30 . 2013-11-06 22:11    12572960    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
2013-10-23 10:30 . 2013-11-06 22:11    11426568    ----a-w-    c:\windows\system32\nvcuda.dll
2013-10-23 10:30 . 2013-11-06 22:11    11374520    ----a-w-    c:\windows\system32\nvopencl.dll
2013-10-23 10:30 . 2011-12-23 18:41    15855568    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2013-10-23 10:30 . 2010-11-10 18:53    18286416    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-10-23 10:30 . 2010-11-10 18:53    15212336    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2013-10-23 10:30 . 2010-11-10 18:53    3067560    ----a-w-    c:\windows\system32\nvapi64.dll
2013-10-23 10:30 . 2010-11-10 18:53    2695200    ----a-w-    c:\windows\SysWow64\nvapi.dll
2013-10-23 09:02 . 2013-10-23 09:02    589600    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2013-10-23 08:20 . 2011-12-23 18:42    6669600    ----a-w-    c:\windows\system32\nvcpl.dll
2013-10-23 08:20 . 2011-12-23 18:42    3489568    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-10-23 08:20 . 2011-12-23 18:42    922912    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-10-23 08:20 . 2011-12-23 18:42    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-10-23 08:20 . 2011-12-23 18:42    219424    ----a-w-    c:\windows\system32\nvmctray.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2013-04-01 1500440]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-12-11 1823656]
"Akamai NetSession Interface"="c:\users\Travis\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"AVG-Secure-Search-Update_1213b"="c:\users\Travis\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe" [2013-12-05 2548248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-02-11 1308]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-08 4956176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\users\mom is boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]
.
c:\users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameRanger.lnk - c:\users\Travis\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe /autostart [2013-6-19 1824928]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SessionLauncher;SessionLauncher; [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]
R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\SEGA\PHANTASYSTARONLINE2\pso2_bin\GameGuard\dump_wmimmc.sys;c:\program files (x86)\SEGA\PHANTASYSTARONLINE2\pso2_bin\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys;c:\aeriagames\EdenEternal\sjcs64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R3 X6va003;X6va003;c:\users\Travis\AppData\Local\Temp\00392D3.tmp;c:\users\Travis\AppData\Local\Temp\00392D3.tmp [x]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [x]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [x]
S2 DAZContentManagementService;DAZ Content Management Service;c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe ;c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe  [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys;c:\windows\SYSNATIVE\DRIVERS\sxuptp.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-04 00:23]
.
2014-01-04 c:\windows\Tasks\AVG_SYS_TASK.job
- c:\programdata\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe [2014-01-04 18:06]
.
2014-01-04 c:\windows\Tasks\AVG_SYS_TASK_DELETE.job
- c:\programdata\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe [2014-01-04 18:06]
.
2011-08-16 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2011-08-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 23:47]
.
2011-08-17 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 23:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-08 1064224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm


uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 24.159.64.23 24.217.201.67 24.177.176.38
FF - ProfilePath - c:\users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\2h32hi3a.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{8232785C-5C98-4A6E-B7B4-911FFBED7582} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-GetSavin - c:\users\Travis\AppData\Local\getsavin\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Travis\AppData\Local\Temp\00392D3.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1737241711-4109531914-1981917735-1001\Software\KISS\000・・003*D*]
"InstallPath"="c:\\KISS\\CustomMaid3D"
.
[HKEY_USERS\S-1-5-21-1737241711-4109531914-1981917735-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2866E6E9-E538-4CCA-24F4-E8ADBC21FFDC}*]
"iachfliiaaccegggoo"=hex:6a,61,68,6d,69,69,64,63,6a,6c,6d,67,69,66,6e,69,61,6d,
   62,68,00,01
"hamjlphkioinfiik"=hex:6a,61,68,6d,69,69,64,63,6a,6c,6d,67,69,66,6e,69,61,6d,
   62,68,00,fe
.
[HKEY_USERS\S-1-5-21-1737241711-4109531914-1981917735-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2EA59845-CA17-23B0-9C44-FABF7B5D7DB9}*]
"iagidefolcckddmgej"=hex:6a,61,63,64,70,61,6e,62,6d,63,6a,67,65,63,61,6b,6c,69,
   62,6b,00,01
"hamijfdkphianpkk"=hex:6a,61,63,64,70,61,6e,62,6d,63,6a,67,65,63,61,6b,6c,69,
   62,6b,00,fe
.
[HKEY_USERS\S-1-5-21-1737241711-4109531914-1981917735-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{37C04182-77AC-72CC-18A9-1A76EC11D2F6}*]
"iakkkeihcdjhgddifa"=hex:6a,61,67,70,67,6c,65,66,66,63,6a,61,65,61,70,66,66,6c,
   6e,6e,00,01
"haammjpdiepmmcah"=hex:6a,61,67,70,67,6c,65,66,66,63,6a,61,65,61,70,66,66,6c,
   6e,6e,00,fe
.
[HKEY_USERS\S-1-5-21-1737241711-4109531914-1981917735-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FF5A9FD-ABBC-7DE5-9FDD-0A71F344E06B}*]
"iagecefhklnafogmfo"=hex:6a,61,6e,66,63,66,64,6b,6c,63,6c,6e,64,70,70,68,6e,61,
   6d,6d,00,01
"haafeeoiiaahpaec"=hex:6a,61,6e,66,63,66,64,6b,6c,63,6c,6e,64,70,70,68,6e,61,
   6d,6d,00,01
.
[HKEY_USERS\S-1-5-21-1737241711-4109531914-1981917735-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{86E422D9-568A-0339-A845-1FC6D98B10DB}*]
"hagoihocnebinfol"=hex:6a,61,70,62,6d,69,6f,6d,64,67,68,6c,70,62,69,69,65,6f,
   6a,65,00,01
"iamnobdbobljhglbbh"=hex:69,61,6f,61,63,6a,66,68,68,61,6d,6b,69,61,6b,6e,6f,70,
   00,00
"hahggajlegkiagkb"=hex:70,62,68,62,6e,6d,61,64,65,69,6b,65,6b,69,6d,61,6a,67,
   6b,6e,66,69,6d,61,68,6b,6b,63,6a,6b,63,6d,6a,66,61,62,70,6f,61,6a,6c,63,70,\
.
[HKEY_USERS\S-1-5-21-1737241711-4109531914-1981917735-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A221D5A5-81D1-3EAC-4B46-DAAAC8BAD6D6}*]
"iafckdkgakalciimed"=hex:6a,61,62,70,65,62,6f,6b,6f,6f,61,62,64,70,6f,70,6f,69,
   65,6c,00,01
"hapamjnkifgiaddd"=hex:6a,61,62,70,65,62,6f,6b,6f,6f,61,62,64,70,6f,70,6f,69,
   65,6c,00,fe
.
[HKEY_USERS\S-1-5-21-1737241711-4109531914-1981917735-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BF00B639-DD59-9AF0-E15C-5AA4F0EBE69A}*]
"iancllbicbmlfbeego"=hex:6a,61,6a,6e,6f,66,64,66,70,67,6c,6e,64,64,6e,66,6b,64,
   62,6c,00,01
"haddfidjaiakkdjj"=hex:6a,61,6a,6e,6f,66,64,66,70,67,6c,6e,64,64,6e,66,6b,64,
   62,6c,00,01
.
[HKEY_USERS\S-1-5-21-1737241711-4109531914-1981917735-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"?慴"=hex:bd,28,3a,2c,cc,65,3c,59,b2,5e,be,46,a6,4e,4a,d8,6c,71,9d,3d,b7,74,b2,
   dd,ea,52,c7,8f,f3,ed,de,a8,52,cd,83,90,89,91,d3,43,86,c0,5d,d3,fb,2e,50,ee,\
"?祥"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-1737241711-4109531914-1981917735-1001\Software\SecuROM\License information*]
"datasecu"=hex:2d,7b,fd,da,5c,aa,56,8d,20,59,88,c2,18,45,f9,e2,4a,da,ae,ad,73,
   2b,9c,6c,9c,ab,28,29,d4,e0,49,40,fd,f6,a4,de,f0,a0,5b,25,2b,74,ed,cb,01,b9,\
"rkeysecu"=hex:e4,65,24,4f,04,f9,d3,46,59,90,89,f4,20,07,ff,3f
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{2866E6E9-E538-4CCA-24F4-E8ADBC21FFDC}\InProcServer32*]
"jaijbiedoihljdlbmemd"=hex:6a,61,68,6d,69,69,64,63,6a,6c,6d,67,69,66,6e,69,61,
   6d,62,68,00,49
"iaijdikmkklkbkemcn"=hex:6a,61,68,6d,69,69,64,63,6a,6c,6d,67,69,66,6e,69,61,6d,
   62,68,00,fe
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{2EA59845-CA17-23B0-9C44-FABF7B5D7DB9}\InProcServer32*]
"jaakeakcmigmbfapobff"=hex:6a,61,63,64,70,61,6e,62,6d,63,6a,67,65,63,61,6b,6c,
   69,62,6b,00,00
"iaakkaachnepmoceoa"=hex:6a,61,63,64,70,61,6e,62,6d,63,6a,67,65,63,61,6b,6c,69,
   62,6b,00,fe
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{37C04182-77AC-72CC-18A9-1A76EC11D2F6}\InProcServer32*]
"jaemhfallbkejimnjikc"=hex:6a,61,67,70,67,6c,65,66,66,63,6a,61,65,61,70,66,66,
   6c,6e,6e,00,00
"iaemnfgkcogbdolkbi"=hex:6a,61,67,70,67,6c,65,66,66,63,6a,61,65,61,70,66,66,6c,
   6e,6e,00,fe
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{6FF5A9FD-ABBC-7DE5-9FDD-0A71F344E06B}\InProcServer32*]
"jamedecfegjflkfmnpcc"=hex:6a,61,6e,66,63,66,64,6b,6c,63,6c,6e,64,70,70,68,6e,
   61,6d,6d,00,00
"iamejjileeikmmmled"=hex:6a,61,6e,66,63,66,64,6b,6c,63,6c,6e,64,70,70,68,6e,61,
   6d,6d,00,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{86E422D9-568A-0339-A845-1FC6D98B10DB}\InProcServer32*]
"jacponbngkhbhpmaihlf"=hex:69,61,6f,61,63,6a,66,68,68,61,6d,6b,69,61,6b,6e,6f,
   70,00,01
"iacpichknijbkjeade"=hex:6a,61,70,62,6d,69,6f,6d,64,67,68,6c,70,62,69,69,65,6f,
   6a,65,00,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A221D5A5-81D1-3EAC-4B46-DAAAC8BAD6D6}\InProcServer32*]
"jadcfmdjhminnnldjkce"=hex:6a,61,62,70,65,62,6f,6b,6f,6f,61,62,64,70,6f,70,6f,
   69,65,6c,00,49
"iadchmjpihaajcedbe"=hex:6a,61,62,70,65,62,6f,6b,6f,6f,61,62,64,70,6f,70,6f,69,
   65,6c,00,fe
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{BF00B639-DD59-9AF0-E15C-5AA4F0EBE69A}\InProcServer32*]
"jahcklhglekgofgdaafi"=hex:6a,61,6a,6e,6f,66,64,66,70,67,6c,6e,64,64,6e,66,6b,
   64,62,6c,00,00
"iahceljgaingckhoni"=hex:6a,61,6a,6e,6f,66,64,66,70,67,6c,6e,64,64,6e,66,6b,64,
   62,6c,00,01
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-04  15:54:16
ComboFix-quarantined-files.txt  2014-01-04 21:54
ComboFix2.txt  2014-01-04 20:52
ComboFix3.txt  2014-01-04 06:39
.
Pre-Run: 338,775,347,200 bytes free
Post-Run: 338,444,226,560 bytes free
.
- - End Of File - - 9A1C174C9D9F43D2C5338455F8920323
 

[whatzitooya123]

On a side note, It's been running this whole time now without another error.

[MrCharlie]

It should be OK now.

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

MrC

[whatzitooya123]

Results of screen317's Security Check version 0.99.78  
 Windows 7  x64 (UAC is disabled!)  
 Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.170  
 Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 10%
````````````````````End of Log``````````````````````
 

[whatzitooya123]

I just re-enabled UAC

[MrCharlie]

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:

~~~~~~~~~~~~~~~~~~~~~~~~~

Results of screen317's Security Check version 0.99.78
Windows 7 x64 (UAC is disabled!)
Out of date service pack!! <-------please visit Windows Update for this


AVG AntiVirus Free Edition 2014
Antivirus out of date! <--------check for an update if available

~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /



Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.