Host Process for Windows Services ADS IN BACKGROUND VIRUS

BMilitant · January 6, 2014

Hello everyone,

I read https://forums.malwarebytes.org/index.php?showtopic=9573%C2'>

I have a virus/malware problem, I was shutting off my laptop one time after I got on it just to use Skype for a while then while shutting down i began to hear ads or like a radio signal in the backgorund of my computer, I found the process and it is [Host Process for Windows Services] it is running my CPU up to almost 100%, under volume mixer I see there is a process with this name and I can mute it and sure enough the ads go away when I mute it. I am running Windows 7 64bit. I ran my Symantec virus protecter which ive had on my laptop the whole time, I downloaded CCleaner and ran scans on the laptop and registry. I also ran Malwarebytes and Spybot 2 and didnt find anything really. I still have my problem. I will now post my DDS files. Thanks for reading.

DDS.TXT

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.17051 BrowserJavaVersion: 10.21.2
Run by BMilitant at 16:11:06 on 2014-01-06
Microsoft Windows 7 GAMER™ 2010   6.1.7600.0.1252.1.1033.18.7934.6100 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Users\BMilitant\AppData\Local\Akamai\netsession_win.exe
C:\Users\BMilitant\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Users\BMILIT~1\AppData\Local\Temp\{22B2EF27-260B-45CD-8F84-8EFB35D617F2}\Bottom TB Shadow.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uProxyServer = localhost:21320
uProxyOverride = <local>
uWinlogon: Shell = expstart.exe
mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [AdobeBridge] <no file>
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun: [FAStartup] <no file>
dRun: [Welcome Center] C:\Windows\System32\rundll32.exe C:\Windows\System32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
dRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
StartupFolder: C:\Users\BMILIT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TBSHAD~1.LNK - C:\Program Files\Bottom TB Shadow.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoSMBalloonTip = dword:1
LSP: %SYSTEMROOT%\system32\nvLsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E61EC1F5-AEE7-47EC-B7C2-478E87E07821} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E61EC1F5-AEE7-47EC-B7C2-478E87E07821}\564786F63747275616D63323 : DHCPNameServer = 192.168.182.1
TCP: Interfaces\{E61EC1F5-AEE7-47EC-B7C2-478E87E07821}\8495151543 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E61EC1F5-AEE7-47EC-B7C2-478E87E07821}\C455C48423 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E61EC1F5-AEE7-47EC-B7C2-478E87E07821}\C4638434C4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E61EC1F5-AEE7-47EC-B7C2-478E87E07821}\D424D2130333 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli FAPassSync
x64-Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\BMilitant\AppData\Roaming\Mozilla\Firefox\Profiles\548ypzf0.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\rsdrvx64.sys [2013-4-13 26024]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-1-6 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-1-6 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-1-6 171416]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-20 137648]
S2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-4-13 102936]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-4-13 37344]
S3 hcwhdpvr;Hauppauge HD PVR Capture Service;C:\Windows\System32\drivers\hcwhdpvr.sys [2012-9-5 192072]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-7-20 44928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-7-20 29696]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-19 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2012-8-18 14544]
S4 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2014-01-06 15:59:43   --------   d-----w-   C:\ProgramData\Malwarebytes
2014-01-06 15:59:38   --------   d-----w-   C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-06 15:59:37   117464   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-01-06 15:58:39   89304   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2014-01-06 15:50:31   21040   ----a-w-   C:\Windows\System32\sdnclean64.exe
2014-01-06 15:50:29   --------   d-----w-   C:\ProgramData\Spybot - Search & Destroy
2014-01-06 15:50:25   --------   d-----w-   C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-06 15:18:29   --------   d-----w-   C:\Program Files\CCleaner
.
==================== Find3M ====================
.
2013-12-12 03:31:09   71048   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-12 03:31:09   692616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2008-11-06 03:33:00   729600   ----a-w-   C:\Program Files\Bottom TB Shadow.exe
.
============= FINISH: 16:12:32.07 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 GAMER™ 2010
Boot Device: \Device\HarddiskVolume1
Install Date: 8/18/2012 8:23:57 PM
System Uptime: 1/6/2014 4:06:17 PM (0 hours ago)
.
Motherboard: Alienware | |
Processor: Intel® Core2 Duo CPU     T9600 @ 2.80GHz | Socket 479 | 2801/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 39.961 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: facap, FastAccess Video Capture
Device ID: ROOT\IMAGE\0000
Manufacturer: Sensible Vision
Name: facap, FastAccess Video Capture
PNP Device ID: ROOT\IMAGE\0000
Service: FACAP
.
==== System Restore Points ===================
.
RP126: 12/31/2013 9:39:11 PM - Scheduled Checkpoint
RP127: 1/6/2014 9:46:05 AM - Restore Operation
RP128: 1/6/2014 2:47:32 PM - Malwarebytes Anti-Rootkit Restore Point
.
==== Installed Programs ======================
.
Adobe After Effects CS5.5
Adobe After Effects CS6
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Story
Advanced Audio FX Engine
Akamai NetSession Interface
AlienAutopsy
Apple Application Support
ArcSoft TotalMedia Extreme
ARMA 2
ARMA 2: Operation Arrowhead
BattlEye for OA Uninstall
BitTorrent
Blacklight Retribution
Call of Duty 4: Modern Warfare
Call of Duty: Modern Warfare 2 - Multiplayer
CCleaner
Chivalry: Medieval Warfare
Command Center
Counter-Strike: Global Offensive
Counter-Strike: Source
ffdshow [rev 3154] [2009-12-09]
Fraps (remove only)
Free Video to Android Converter version 5.0.21.1212
Game Booster 3
Geekbench 2.3
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Java 7 Update 21
Java Auto Updater
League of Legends
Livestream Procaster
LiveUpdate 3.3 (Symantec Corporation)
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT Redists
MyFreeCodec
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA PhysX
Open Broadcaster Software
PunkBuster Services
QuickTime
RICOH Media Driver ver.2.07.01.04
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01
SAMSUNG USB Driver for Mobile Phones
Skype™ 6.9
Spybot - Search & Destroy
Steam
Strongvault Online Backup
Symantec Endpoint Protection
Team Fortress 2
TeamSpeak 3 Client
TERA
Vegas Pro 12.0 (64-bit)
VLC media player 2.0.2
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
1/6/2014 4:08:00 PM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The WMI request could not be completed and should be retried.
1/6/2014 4:07:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Alienware Fusion Service service to connect.
1/6/2014 4:07:53 PM, Error: Service Control Manager [7000] - The Alienware Fusion Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/6/2014 4:06:41 PM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "0025643A6739" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.
1/6/2014 10:38:44 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.
1/6/2014 10:38:42 AM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/6/2014 10:38:42 AM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/6/2014 1:23:17 PM, Error: nvstor64 [4] - Command to device was aborted.    Device: \Device\RaidPort0 Model: WDC WD5000BPKT-00PK4T0 Firmware Version: 01.0 Serial Number:      WD-WX11A7160540 Port: 0
.
==== End Of File ===========================

BMilitant · January 6, 2014

Note:
If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

I just read this and I also see I did not delete my Bittorrent and while I understand the dangers of using such programs I also read in here where it said to not make changes to my computer until assisted so I will keep everything as is for now unless directed to do so.

BMilitant · January 6, 2014

Farbar Recovery Scan Tool

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
Ran by BMilitant (administrator) on BMILITANT-CPU on 06-01-2014 17:00:29
Running from C:\Users\BMilitant\Downloads
Windows Seven Black Edition (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Alienware Corporation) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Akamai Technologies, Inc.) C:\Users\BMilitant\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\BMilitant\AppData\Local\Akamai\netsession_win.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
() C:\Users\BMilitant\AppData\Local\Temp\{22B2EF27-260B-45CD-8F84-8EFB35D617F2}\Bottom TB Shadow.exe
(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AlienFX Controller] - C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe [63304 2010-05-21] (Alienware Corporation)
HKLM\...\Run: [] - [x]
HKLM-x32\...\Run: [ccApp] - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2009-07-08] (Symantec Corporation)
HKLM-x32\...\Run: [FATrayAlert] - C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe [95560 2010-04-04] (Sensible Vision )
HKLM-x32\...\Run: [FAStartup] - [x]
HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\BMilitant\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Winlogon: [shell] expstart.exe [925184 2012-08-19] () <==== ATTENTION
MountPoints2: {b9e64d1f-ea0a-11e1-9eae-0025643a6739} - "F:\WD SmartWare.exe" autoplay=true
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\Users\BMilitant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TB Shadow.lnk
ShortcutTarget: TB Shadow.lnk -> C:\Program Files\Bottom TB Shadow.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchresults.com/?c=4003&t=14
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x30DFE05BA87DCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchab.com/?aff=7&uid=bfcf3d60-8456-11e2-974a-0025643a6739&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchab.com/?aff=7&uid=bfcf3d60-8456-11e2-974a-0025643a6739&q={searchTerms}
SearchScopes: HKCU - {B7E3B70A-CBF1-4BD8-A686-04C1204FA4D3} URL = http://www.mysearchresults.com/search?c=4003&t=01&q={searchTerms}
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: SSOIEAddonBHO Class - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\SysWOW64\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 02 C:\Windows\SysWOW64\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 03 C:\Windows\SysWOW64\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 04 C:\Windows\SysWOW64\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 05 C:\Windows\SysWOW64\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 06 C:\Windows\SysWOW64\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 17 C:\Windows\SysWOW64\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 18 C:\Windows\SysWOW64\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 05 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 06 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 17 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 18 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\BMilitant\AppData\Roaming\Mozilla\Firefox\Profiles\548ypzf0.default
FF SearchEngineOrder.1: Privitize VPN
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.com/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: عارض PDF - C:\Users\BMilitant\AppData\Roaming\Mozilla\Firefox\Profiles\548ypzf0.default\Extensions\uriloader@pdf.js.xpi
FF Extension: Stylish - C:\Users\BMilitant\AppData\Roaming\Mozilla\Firefox\Profiles\548ypzf0.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (KeyDownload) - C:\Users\BMilitant\AppData\Local\Google\Chrome\User Data\Default\Extensions\eodkncoddaagiibpdlfepebiggiijkbe\1.0_2

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
S4 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2409800 2010-04-04] (Sensible Vision )
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-07-13] (Symantec Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-06-08] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3197256 2009-09-17] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [411976 2009-09-17] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-09-17] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R1 archlp; C:\Windows\SysWow64\drivers\archlp.sys [161792 2009-02-06] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-17] (Symantec Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] ()
S3 hcwhdpvr; C:\Windows\System32\DRIVERS\hcwhdpvr.sys [192072 2012-03-26] (Hauppauge, Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-07-20] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-07-20] (ManyCam LLC)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20140106.001\ENG64.SYS [126040 2013-08-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20140106.001\EX64.SYS [2099288 2013-08-22] (Symantec Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-08-18] ()
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2012-08-18] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2009-05-27] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52784 2009-09-17] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-09-27] (Symantec Corporation)
U3 akxerz7t; C:\Windows\System32\Drivers\akxerz7t.sys [0 ] (Microsoft Corporation)
S3 cpuz135; \??\C:\Users\BMILIT~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-06 17:00 - 2014-01-06 17:00 - 00013087 _____ C:\Users\BMilitant\Downloads\FRST.txt
2014-01-06 17:00 - 2014-01-06 17:00 - 00000000 ____D C:\FRST
2014-01-06 16:59 - 2014-01-06 16:59 - 01931762 _____ (Farbar) C:\Users\BMilitant\Downloads\FRST64.exe
2014-01-06 16:12 - 2014-01-06 16:12 - 00011269 _____ C:\Users\BMilitant\Desktop\dds.txt
2014-01-06 16:12 - 2014-01-06 16:12 - 00005659 _____ C:\Users\BMilitant\Desktop\attach.txt
2014-01-06 16:10 - 2014-01-06 16:10 - 00688992 ____R (Swearware) C:\Users\BMilitant\Downloads\dds.scr
2014-01-06 10:59 - 2014-01-06 14:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-06 10:59 - 2014-01-06 10:59 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-06 10:59 - 2014-01-06 10:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-06 10:58 - 2014-01-06 14:48 - 00000000 ____D C:\Users\BMilitant\Desktop\mbar
2014-01-06 10:58 - 2014-01-06 10:58 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-06 10:57 - 2014-01-06 10:57 - 12582688 _____ (Malwarebytes Corp.) C:\Users\BMilitant\Downloads\mbar-1.07.0.1008.exe
2014-01-06 10:57 - 2012-12-20 15:13 - 00002039 _____ C:\Windows\system32\Drivers\etc\hosts.20140106-105730.backup
2014-01-06 10:50 - 2014-01-06 10:56 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-06 10:50 - 2014-01-06 10:50 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-06 10:50 - 2014-01-06 10:50 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2014-01-06 10:50 - 2014-01-06 10:50 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-06 10:50 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-01-06 10:41 - 2014-01-06 16:06 - 00000168 _____ C:\Windows\setupact.log
2014-01-06 10:41 - 2014-01-06 10:42 - 04852408 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-06 10:41 - 2014-01-06 10:41 - 00000000 _____ C:\Windows\setuperr.log
2014-01-06 10:40 - 2014-01-06 10:40 - 00000348 _____ C:\Windows\PFRO.log
2014-01-06 10:36 - 2014-01-06 10:36 - 00186680 _____ C:\Users\Public\Documents\cc_20140106_103649.reg
2014-01-06 10:32 - 2014-01-06 10:32 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\BMilitant\Downloads\spybot-2.2.exe
2014-01-06 10:18 - 2014-01-06 10:18 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-06 10:18 - 2014-01-06 10:18 - 00000000 ____D C:\Program Files\CCleaner
2014-01-06 10:05 - 2014-01-06 10:05 - 04454952 _____ (Piriform Ltd) C:\Users\BMilitant\Downloads\ccsetup405.exe
2013-12-31 12:00 - 2013-12-31 12:00 - 00037376 _____ C:\Windows\system32\nizvtn.naj
2013-12-31 11:50 - 2014-01-06 16:08 - 00000091 _____ C:\Windows\system32\matdyj.gku
2013-12-31 11:49 - 2013-12-31 12:00 - 00000101 _____ C:\Windows\system32\dufyhu.fzf
2013-12-31 11:49 - 2013-12-31 11:49 - 00000064 _____ C:\Windows\system32\rbde.znp
2013-12-31 11:33 - 2013-12-31 11:33 - 00219314 ____S C:\Windows\system32\azeiu.rww
2013-12-22 13:58 - 2013-12-22 13:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-17 16:43 - 2013-12-17 16:49 - 00928448 _____ C:\Users\BMilitant\Documents\yt2.wma.sfk
2013-12-17 16:43 - 2013-12-17 16:43 - 118833248 _____ C:\Users\BMilitant\Documents\yt2.wma.sfap0
2013-12-17 16:43 - 2013-12-17 16:43 - 08158819 _____ C:\Users\BMilitant\Documents\yt2.wma
2013-12-10 02:11 - 2013-12-10 02:16 - 00007608 _____ C:\Users\BMilitant\AppData\Local\Resmon.ResmonCfg

==================== One Month Modified Files and Folders =======

2014-01-06 17:00 - 2014-01-06 17:00 - 00013087 _____ C:\Users\BMilitant\Downloads\FRST.txt
2014-01-06 17:00 - 2014-01-06 17:00 - 00000000 ____D C:\FRST
2014-01-06 16:59 - 2014-01-06 16:59 - 01931762 _____ (Farbar) C:\Users\BMilitant\Downloads\FRST64.exe
2014-01-06 16:41 - 2012-08-18 19:22 - 01699715 _____ C:\Windows\WindowsUpdate.log
2014-01-06 16:31 - 2013-03-26 17:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-06 16:15 - 2009-07-13 23:45 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-06 16:15 - 2009-07-13 23:45 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-06 16:14 - 2009-07-14 00:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-06 16:12 - 2014-01-06 16:12 - 00011269 _____ C:\Users\BMilitant\Desktop\dds.txt
2014-01-06 16:12 - 2014-01-06 16:12 - 00005659 _____ C:\Users\BMilitant\Desktop\attach.txt
2014-01-06 16:10 - 2014-01-06 16:10 - 00688992 ____R (Swearware) C:\Users\BMilitant\Downloads\dds.scr
2014-01-06 16:08 - 2013-12-31 11:50 - 00000091 _____ C:\Windows\system32\matdyj.gku
2014-01-06 16:07 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-06 16:06 - 2014-01-06 10:41 - 00000168 _____ C:\Windows\setupact.log
2014-01-06 14:48 - 2014-01-06 10:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-06 14:48 - 2014-01-06 10:58 - 00000000 ____D C:\Users\BMilitant\Desktop\mbar
2014-01-06 13:22 - 2013-05-21 15:17 - 00003460 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-01-06 10:59 - 2014-01-06 10:59 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-06 10:59 - 2014-01-06 10:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-06 10:58 - 2014-01-06 10:58 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-06 10:57 - 2014-01-06 10:57 - 12582688 _____ (Malwarebytes Corp.) C:\Users\BMilitant\Downloads\mbar-1.07.0.1008.exe
2014-01-06 10:56 - 2014-01-06 10:50 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-06 10:50 - 2014-01-06 10:50 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-06 10:50 - 2014-01-06 10:50 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2014-01-06 10:50 - 2014-01-06 10:50 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-06 10:42 - 2014-01-06 10:41 - 04852408 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-06 10:41 - 2014-01-06 10:41 - 00000000 _____ C:\Windows\setuperr.log
2014-01-06 10:40 - 2014-01-06 10:40 - 00000348 _____ C:\Windows\PFRO.log
2014-01-06 10:36 - 2014-01-06 10:36 - 00186680 _____ C:\Users\Public\Documents\cc_20140106_103649.reg
2014-01-06 10:33 - 2012-08-26 07:19 - 00000000 ____D C:\Users\BMilitant\AppData\Roaming\Sony
2014-01-06 10:33 - 2012-08-19 02:01 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-06 10:32 - 2014-01-06 10:32 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\BMilitant\Downloads\spybot-2.2.exe
2014-01-06 10:32 - 2012-10-09 19:13 - 00000000 ____D C:\Users\BMilitant\AppData\Roaming\BitTorrent
2014-01-06 10:32 - 2009-10-14 08:08 - 00000000 ____D C:\Windows\Panther
2014-01-06 10:25 - 2012-08-18 20:16 - 00003166 _____ C:\Windows\System32\Tasks\Game_Booster_AutoUpdate
2014-01-06 10:18 - 2014-01-06 10:18 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-06 10:18 - 2014-01-06 10:18 - 00000000 ____D C:\Program Files\CCleaner
2014-01-06 10:06 - 2012-08-19 12:18 - 00000000 ____D C:\Users\BMilitant\AppData\Local\Adobe
2014-01-06 10:05 - 2014-01-06 10:05 - 04454952 _____ (Piriform Ltd) C:\Users\BMilitant\Downloads\ccsetup405.exe
2014-01-06 09:55 - 2012-08-20 18:13 - 00000000 ____D C:\ProgramData\PCDr
2014-01-06 09:49 - 2013-01-28 02:23 - 00000000 ____D C:\Users\BMilitant\AppData\Local\Akamai
2014-01-06 09:49 - 2012-08-20 20:16 - 00000000 ____D C:\Users\BMilitant\AppData\Roaming\Skype
2014-01-06 09:49 - 2012-08-18 19:24 - 00000000 ____D C:\Users\BMilitant
2014-01-06 09:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-12-31 19:24 - 2013-01-31 01:16 - 00000022 _____ C:\Users\BMilitant\Downloads\LOIC-1.0.7.42-binary.zip
2013-12-31 18:30 - 2012-12-06 16:38 - 00000000 ____D C:\Users\BMilitant\Documents\The War Z
2013-12-31 18:21 - 2012-08-19 12:46 - 00000000 ____D C:\Users\BMilitant\AppData\Roaming\vlc
2013-12-31 18:17 - 2013-06-29 14:01 - 00000000 ____D C:\Users\BMilitant\Documents\Youtube
2013-12-31 18:10 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-31 12:00 - 2013-12-31 12:00 - 00037376 _____ C:\Windows\system32\nizvtn.naj
2013-12-31 12:00 - 2013-12-31 11:49 - 00000101 _____ C:\Windows\system32\dufyhu.fzf
2013-12-31 11:49 - 2013-12-31 11:49 - 00000064 _____ C:\Windows\system32\rbde.znp
2013-12-31 11:33 - 2013-12-31 11:33 - 00219314 ____S C:\Windows\system32\azeiu.rww
2013-12-30 16:44 - 2013-06-29 14:01 - 00000000 ____D C:\Users\BMilitant\Documents\Youtube Lets Play
2013-12-24 08:55 - 2012-09-01 20:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-22 13:59 - 2013-12-22 13:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-17 16:49 - 2013-12-17 16:43 - 00928448 _____ C:\Users\BMilitant\Documents\yt2.wma.sfk
2013-12-17 16:43 - 2013-12-17 16:43 - 118833248 _____ C:\Users\BMilitant\Documents\yt2.wma.sfap0
2013-12-17 16:43 - 2013-12-17 16:43 - 08158819 _____ C:\Users\BMilitant\Documents\yt2.wma
2013-12-15 12:51 - 2013-03-03 18:05 - 00001108 __RSH C:\Users\BMilitant\ntuser.pol
2013-12-13 15:22 - 2012-08-20 18:11 - 00000000 ____D C:\Program Files\AlienAutopsy
2013-12-11 22:31 - 2013-03-26 17:00 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 22:31 - 2012-08-19 00:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 22:31 - 2012-08-19 00:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 02:16 - 2013-12-10 02:11 - 00007608 _____ C:\Users\BMilitant\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-07-13 19:00] - [2009-07-13 20:41] - 0510464 ____A (Microsoft Corporation) 0B3BD8DC9BAA5750FEFB2713580EB874

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-30 19:22

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014
Ran by BMilitant at 2014-01-06 17:01:03
Running from C:\Users\BMilitant\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Symantec Endpoint Protection (Enabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Symantec Endpoint Protection (Enabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection (Enabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

==================== Installed Programs ======================

Adobe After Effects CS5.5 (x32 Version: 10.5 - Adobe Systems Incorporated)
Adobe After Effects CS6 (x32 Version: 11 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Story (x32 Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Story (x32 Version: 1.0.571 - Adobe Systems Incorporated) Hidden
Advanced Audio FX Engine (x32 Version: - )
Akamai NetSession Interface (HKCU Version: - Akamai Technologies, Inc)
AlienAutopsy (Version: 3.4.6422.14 - PC-Doctor, Inc.)
Apple Application Support (x32 Version: 2.3 - Apple Inc.)
ArcSoft TotalMedia Extreme (x32 Version: - ArcSoft)
ARMA 2 (x32 Version: - Bohemia Interactive)
ARMA 2: Operation Arrowhead (x32 Version: - Bohemia Interactive)
BattlEye for OA Uninstall (x32 Version: - )
BitTorrent (x32 Version: 7.7.0.27987 - BitTorrent Inc.)
Blacklight Retribution (x32 Version: - Perfect World Entertainment)
Call of Duty 4: Modern Warfare (x32 Version: - Infinity Ward)
Call of Duty: Modern Warfare 2 - Multiplayer (x32 Version: - Infinity Ward)
CCleaner (Version: 4.05 - Piriform)
Chivalry: Medieval Warfare (x32 Version: - )
Command Center (Version: 2.5.54.0 - Alienware Corp.) Hidden
Command Center (x32 Version: 2.5.54.0 - Alienware Corp.)
Counter-Strike: Global Offensive (x32 Version: - )
Counter-Strike: Source (x32 Version: - Valve)
ffdshow [rev 3154] [2009-12-09] (x32 Version: 1.0 - )
Fraps (remove only) (x32 Version: - )
Free Video to Android Converter version 5.0.21.1212 (x32 Version: 5.0.21.1212 - DVDVideoSoft Ltd.)
Game Booster 3 (x32 Version: 3.5 - IObit)
Geekbench 2.3 (x32 Version: - Primate Labs)
Java 7 Update 21 (x32 Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
League of Legends (x32 Version: 1.3 - Riot Games)
Livestream Procaster (x32 Version: 20.3.25 - Procaster)
LiveUpdate 3.3 (Symantec Corporation) (x32 Version: 3.3.0.92 - Symantec Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MyFreeCodec (HKCU Version: - )
NVIDIA Display Control Panel (Version: 6.14.12.5738 - NVIDIA Corporation)
NVIDIA Drivers (Version: 1.10.61.39 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7305 - NVIDIA Corporation) Hidden
NVIDIA ForceWare Network Access Manager (x32 Version: - )
NVIDIA PhysX (x32 Version: 9.10.0513 - NVIDIA Corporation)
Open Broadcaster Software (x32 Version: - )
PunkBuster Services (x32 Version: 0.992 - Even Balance, Inc.)
QuickTime (x32 Version: 7.73.80.64 - Apple Inc.)
RICOH Media Driver ver.2.07.01.04 (x32 Version: 2.07.01.04 - RICOH)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01 (x32 Version: 3.57.01 - RICOH)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.9 (x32 Version: 6.9.106 - Skype Technologies S.A.)
Spybot - Search & Destroy (x32 Version: 2.2.25 - Safer-Networking Ltd.)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden
Symantec Endpoint Protection (Version: 11.0.5002.333 - Symantec Corporation)
Team Fortress 2 (x32 Version: - Valve)
TeamSpeak 3 Client (HKCU Version: 3.0.10 - TeamSpeak Systems GmbH)
TERA (x32 Version: 1.41 - En Masse Entertainment)
Vegas Pro 12.0 (64-bit) (Version: 12.0.367 - Sony)
VLC media player 2.0.2 (x32 Version: 2.0.2 - VideoLAN)
WinRAR archiver (x32 Version: - )

==================== Restore Points =========================

01-01-2014 02:39:11 Scheduled Checkpoint
06-01-2014 14:46:05 Restore Operation
06-01-2014 19:47:32 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-01-06 10:57 - 00451854 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1   localhost
127.0.0.1   3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1   activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1   adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1   ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1   www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1   www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   1000gratisproben.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   100sexlinks.com
127.0.0.1   10sek.com
127.0.0.1   www.10sek.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {1AFEFA79-2112-4118-9EA4-9CBBA774983D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {2D5AB0B7-A86D-4D7D-809C-C91F08BED92F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {4B60BE75-EA71-4146-BADD-6C088048D46B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {67980FC4-B694-4959-AE4C-B0C1C57F6CC0} - System32\Tasks\AdobeAAMUpdater-1.0-BMilitant-CPU-BMilitant => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {920B751F-D993-438F-AFBF-A143B9CB6797} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\AlienAutopsy\sessionchecker.exe [2013-12-06] (PC-Doctor, Inc.)
Task: {9326189F-0C9C-4BF3-BD5B-5AB49A66B584} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\AlienAutopsy\uaclauncher.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {9405FD14-899C-4743-A116-E80C70CDA3DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {D0926C10-D2EB-4740-87A7-4F30560615ED} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {F28DB063-55DA-406F-BB9C-9499626C4FD5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {FC537E74-1B16-4930-AE82-4FD2FA533D9B} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster\Autoupdate.exe [2013-06-08] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2009-04-19 07:34 - 2009-04-19 07:34 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-04-19 07:34 - 2009-04-19 07:34 - 00578080 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2013-03-03 23:58 - 2013-03-03 23:58 - 00037712 _____ () C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.92.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
2013-03-03 23:58 - 2013-03-03 23:58 - 00075056 _____ () C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.92.0__bebb3c8816410241\AlienLabsTools.dll
2013-03-03 23:58 - 2013-03-03 23:58 - 00025408 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.92.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll
2013-03-03 23:58 - 2013-03-03 23:58 - 00011584 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.92.0__bebb3c8816410241\AlienFX.Communication.dll
2013-03-03 23:58 - 2013-03-03 23:58 - 00024904 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.92.0__bebb3c8816410241\AlienFX.Communication.XPS.dll
2013-03-03 23:58 - 2013-03-03 23:58 - 00028496 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll
2013-03-03 23:58 - 2013-03-03 23:58 - 00027984 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll
2013-03-03 23:58 - 2013-03-03 23:58 - 00036688 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x514\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x514.dll
2013-03-03 23:58 - 2013-03-03 23:58 - 00019792 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll
2013-03-03 23:58 - 2013-03-03 23:58 - 00036688 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll
2013-03-03 23:58 - 2013-03-03 23:58 - 00037200 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll
2013-03-03 23:58 - 2013-03-03 23:58 - 00017224 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.92.0__bebb3c8816410241\AlienFX.Communication.Core.dll
2014-01-06 10:50 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-06 10:50 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2010-04-04 13:45 - 2010-04-04 13:45 - 00094536 _____ () C:\Windows\system32\FAIEExtension.DLL
2014-01-06 10:50 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-06 10:50 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-06 10:50 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-12-22 13:58 - 2013-12-22 13:59 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:4ABA35EE
AlternateDataStreams: C:\ProgramData\Temp:58DD92AC

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"

==================== Faulty Device Manager Devices =============

Name: facap, FastAccess Video Capture
Description: facap, FastAccess Video Capture
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Sensible Vision
Service: FACAP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/06/2014 04:40:58 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (992) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (01/06/2014 04:40:58 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (992) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (01/06/2014 04:40:58 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (992) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (01/06/2014 04:40:58 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (992) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (01/06/2014 04:10:58 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (992) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (01/06/2014 04:10:58 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (992) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (01/06/2014 04:10:58 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (992) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (01/06/2014 04:10:58 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (992) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (01/06/2014 04:10:58 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (992) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (01/06/2014 04:10:58 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (992) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

System errors:
=============
Error: (01/06/2014 04:08:00 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (01/06/2014 04:07:53 PM) (Source: Service Control Manager) (User: )
Description: The Alienware Fusion Service service failed to start due to the following error:
%%1053

Error: (01/06/2014 04:07:53 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Alienware Fusion Service service to connect.

Error: (01/06/2014 04:06:41 PM) (Source: NetBT) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "0025643A6739" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (01/06/2014 04:06:41 PM) (Source: NetBT) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "0025643A6739" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (01/06/2014 02:52:33 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (01/06/2014 02:51:29 PM) (Source: NetBT) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "0025643A6739" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (01/06/2014 02:51:29 PM) (Source: NetBT) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "0025643A6739" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (01/06/2014 01:23:17 PM) (Source: nvstor64) (User: )
Description: Command to device was aborted.

Device: \Device\RaidPort0

Model: WDC WD5000BPKT-00PK4T0

Firmware Version: 01.0

Serial Number:      WD-WX11A7160540

Port: 0

Error: (01/06/2014 10:42:36 AM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Microsoft Office Sessions:
=========================
Error: (01/06/2014 04:40:58 PM) (Source: ESENT)(User: )
Description: wuaueng.dll992SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (01/06/2014 04:40:58 PM) (Source: ESENT)(User: )
Description: wuaueng.dll992SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (01/06/2014 04:40:58 PM) (Source: ESENT)(User: )
Description: wuaueng.dll992SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (01/06/2014 04:40:58 PM) (Source: ESENT)(User: )
Description: wuaueng.dll992SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (01/06/2014 04:10:58 PM) (Source: ESENT)(User: )
Description: wuaueng.dll992SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (01/06/2014 04:10:58 PM) (Source: ESENT)(User: )
Description: wuaueng.dll992SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (01/06/2014 04:10:58 PM) (Source: ESENT)(User: )
Description: wuaueng.dll992SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (01/06/2014 04:10:58 PM) (Source: ESENT)(User: )
Description: wuaueng.dll992SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (01/06/2014 04:10:58 PM) (Source: ESENT)(User: )
Description: wuaueng.dll992SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (01/06/2014 04:10:58 PM) (Source: ESENT)(User: )
Description: wuaueng.dll992SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

CodeIntegrity Errors:
===================================
Date: 2013-04-13 16:19:42.821
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-13 16:19:42.801
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-13 16:19:39.730
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-13 16:19:39.709
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-13 16:19:37.097
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-13 16:19:37.077
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-13 16:19:34.810
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-13 16:19:34.788
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-13 16:19:31.057
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-13 16:19:31.036
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 7934.36 MB
Available physical RAM: 4095.09 MB
Total Pagefile: 15866.86 MB
Available Pagefile: 12000.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:40.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7B0F2431)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

kevinf80 · January 6, 2014

Hello and

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Run FRST one more time:

Type the following in the edit box after "Search:".

rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.

Kevin

BMilitant · January 6, 2014

Ok I am going to do what you requested but I just got done this scan also

Combofix scan

ComboFix 14-01-04.03 - BMilitant 01/06/2014 17:10:13.1.2 - x64
Microsoft Windows 7 GAMER™ 2010   6.1.7600.0.1252.1.1033.18.7934.3868 [GMT -5:00]
Running from: c:\users\BMilitant\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\KeyDownload-Addon\KeYDownload.dll
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-06 to 2014-01-06 )))))))))))))))))))))))))))))))
.
.
2014-01-06 22:00 . 2014-01-06 22:00   --------   d-----w-   C:\FRST
2014-01-06 15:59 . 2014-01-06 15:59   --------   d-----w-   c:\programdata\Malwarebytes
2014-01-06 15:59 . 2014-01-06 19:48   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-06 15:59 . 2014-01-06 15:59   117464   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-06 15:58 . 2014-01-06 15:58   89304   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2014-01-06 15:50 . 2013-09-20 15:49   21040   ----a-w-   c:\windows\system32\sdnclean64.exe
2014-01-06 15:50 . 2014-01-06 15:56   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2014-01-06 15:50 . 2014-01-06 15:50   --------   d-----w-   c:\program files (x86)\Spybot - Search & Destroy 2
2014-01-06 15:18 . 2014-01-06 15:18   --------   d-----w-   c:\program files\CCleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-12 03:31 . 2012-08-19 05:28   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-12 03:31 . 2012-08-19 05:28   692616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2008-11-06 03:33 . 2012-08-19 06:14   729600   ----a-w-   c:\program files\Bottom TB Shadow.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[-] 2009-07-14 . 0B3BD8DC9BAA5750FEFB2713580EB874 . 510464 . . [6.1.7600.16385] .. c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\BMilitant\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\OobeFldr.dll" [2009-07-14 859648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 18:43   144712   ----a-w-   c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ     scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cpuz135;cpuz135;c:\users\BMILIT~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys;c:\users\BMILIT~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 hcwhdpvr;Hauppauge HD PVR Capture Service;c:\windows\system32\DRIVERS\hcwhdpvr.sys;c:\windows\SYSNATIVE\DRIVERS\hcwhdpvr.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [x]
R4 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 archlp;archlp;SysWOW64\drivers\archlp.sys;SysWOW64\drivers\archlp.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrvx64.sys;c:\windows\SYSNATIVE\drivers\rsdrvx64.sys [x]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe;c:\program files\Alienware\Command Center\AlienFusionService.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 03:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = localhost:21320
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-FAStartup - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-Symantec Antvirus
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-MyFreeCodec - c:\program files (x86)\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,81,43,a5,36,86,88,46,bf,98,53,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,81,43,a5,36,86,88,46,bf,98,53,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\users\BMILIT~1\AppData\Local\Temp\{22B2EF27-260B-45CD-8F84-8EFB35D617F2}\Bottom TB Shadow.exe
c:\program files\Alienware\Command Center\AlienSense\FATrayAlert.exe
c:\program files\Alienware\Command Center\AlienFusionController.exe
c:\program files\Alienware\Command Center\AlienFXHook32Mngr.exe
.
**************************************************************************
.
Completion time: 2014-01-06 17:24:34 - machine was rebooted
ComboFix-quarantined-files.txt 2014-01-06 22:24
.
Pre-Run: 43,342,368,768 bytes free
Post-Run: 44,363,956,224 bytes free
.
- - End Of File - - 33EEC3559C2664E42DF4C8E0D6C346A7
A36C5E4F47E84449FF07ED3517B43A31

BMilitant · January 6, 2014

Hello and

P2P/Piracy Warning:

Run FRST one more time:
Type the following in the edit box after "Search:".
rpcss.dll
Click Search button and post the log (Search.txt) it makes to your reply.

Kevin

I ran FRST one more time

Search.txt

Farbar Recovery Scan Tool (x64) Version: 05-01-2014

Ran by BMilitant at 2014-01-06 17:35:12

Running from C:\Users\BMilitant\Downloads

Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll

[2009-07-13 19:00] - [2009-07-13 20:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

C:\Windows\System32\rpcss.dll

[2009-07-13 19:00] - [2009-07-13 20:41] - 0510464 ____A (Microsoft Corporation) 0B3BD8DC9BAA5750FEFB2713580EB874

====== End Of Search ======

kevinf80 · January 6, 2014

Combofix has indicaed the patched .dll file that I ask you to search for with another run of FRST..

Unfortunately I also see that you are running illegal software, your Hosts file has been amended to stop activation issues....

If you want help to continue fully uninstall the illegal Adobe software, also reset your Hosts file to remove the following entries.

127.0.0.1    3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1    activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1    adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1    ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1    www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1    www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

When that is completed also run this:

Download CKScanner from here: http://downloads.malwareremoval.com/CKScanner.exe

Important - Save it to your desktop.

Doubleclick CKScanner.exe (Right click and "Run as administrator" in Vista/Win7).

Give permission if necessary, and click Search For Files.

After a very short time, when the cursor hourglass disappears, click Save List To File.

A message box will verify the file saved. Please run the program once only.

Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

BMilitant · January 6, 2014

I uninstalled everything from Adobe on my computer except flashplayer which is their free service. I dont know how to reset host files. Please walk me through that and here is the file

CKfiles.txt

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\tera\client\s1game\cookedpc\art_data\packages\bg\extension_01\original\ex01_blackcrack_obj.gpk
c:\program files (x86)\tera\client\s1game\cookedpc\art_data\packages\ch\npc\npc_objects\blackcrack_bigstone.gpk
c:\program files (x86)\tera\client\s1game\cookedpc\art_data\packages\ch\npc\npc_objects\blackcrack_bigstone_ani.gpk
c:\program files (x86)\tera\client\s1game\cookedpc\art_data\packages\ch\npc\npc_objects\blackcrack_npc_obj.gpk
c:\program files (x86)\tera\client\s1game\cookedpc\art_data\packages\ch\npc\npc_objects\blackcrack_npc_obj_ani.gpk
c:\program files (x86)\tera\client\s1game\cookedpc\art_data\packages\ch\npc\npc_objects\black_crack_wall.gpk
c:\users\bmilitant\downloads\wirecast.pro.v4.1.4.cracked-brd.rar
scanner sequence 3.IE.11.WDNAIZ
----- EOF -----

kevinf80 · January 6, 2014

CKScanner log is not complete, 7 entries are missing?

BMilitant · January 6, 2014

you said do not run it twice, do you want me to run it again? thats what I have here

BMilitant · January 6, 2014

CKScanner log is not complete, 7 entries are missing?

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad

c:\program files (x86)\tera\client\s1game\cookedpc\art_data\packages\bg\extension_01\original\ex01_blackcrack_obj.gpk

c:\program files (x86)\tera\client\s1game\cookedpc\art_data\packages\ch\npc\npc_objects\blackcrack_bigstone.gpk

c:\program files (x86)\tera\client\s1game\cookedpc\art_data\packages\ch\npc\npc_objects\blackcrack_bigstone_ani.gpk

c:\program files (x86)\tera\client\s1game\cookedpc\art_data\packages\ch\npc\npc_objects\blackcrack_npc_obj.gpk

c:\program files (x86)\tera\client\s1game\cookedpc\art_data\packages\ch\npc\npc_objects\blackcrack_npc_obj_ani.gpk

c:\program files (x86)\tera\client\s1game\cookedpc\art_data\packages\ch\npc\npc_objects\black_crack_wall.gpk

c:\users\bmilitant\downloads\wirecast.pro.v4.1.4.cracked-brd.rar

c:\users\bmilitant\downloads\adbe_cs5_masterkeygen\adobe cs5 universal keygen by core.exe

c:\users\bmilitant\downloads\adobe dreamweaver cs6 12.1 build 5949 (ls6) [chingliu]\4.cracked dll\amtlib.dll

c:\users\bmilitant\downloads\sony.vegas.pro.v11.build.371.x64.incl.keygen.and.patch\read me.txt

c:\users\bmilitant\downloads\sony.vegas.pro.v11.build.371.x64.incl.keygen.and.patch\vegaspro11.0.371_64bit.exe

c:\users\bmilitant\downloads\sony.vegas.pro.v11.build.371.x64.incl.keygen.and.patch\keygen\diginsan.nfo

c:\users\bmilitant\downloads\sony.vegas.pro.v11.build.371.x64.incl.keygen.and.patch\keygen\sound forge 10 bugfix for 32 bit windows.reg

c:\users\bmilitant\downloads\sony.vegas.pro.v11.build.371.x64.incl.keygen.and.patch\keygen\sound forge 10 bugfix for 64 bit windows.reg

scanner sequence 3.IE.11.WDNAIZ

----- EOF -----

kevinf80 · January 6, 2014

We will not assist users that are obviously using illegal software.
If any such evidence is found you will be given the benefit of the doubt and the opportunity to completely uninstall and delete any such data from your system.
During the scanning process if any further evidence shows up your topic will be closed and no further assistance will be provided.
If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

Ron Lewis
Forum Community Manager

I already give you a chance and you try to post a pruned log, I have to go by forum protocol the same as everyone else. Thread will be closed and locked..

BMilitant · January 6, 2014

I already give you a chance and you try to post a pruned log, I have to go by forum protocol the same as everyone else. Thread will be closed and locked..

These are not programs I am using on my computer, These are files that are apparently sitting on my computer. Hence why I didnt delete them because I dont use them. YOU SAID DONT CHANGE ANYTHING from the beggining. I aknowleged I didnt see the post until after I started my process. Look at my second post...

BMilitant · January 6, 2014

I already give you a chance and you try to post a pruned log, I have to go by forum protocol the same as everyone else. Thread will be closed and locked..

DONT CHANGE ANYTHING AFTER YOU START YOUR PROCESS! BUT DONT HAVE ANYTHING BAD ON YOUR COMPUTER OR WE WONT HELP! this makes sense around here

BMilitant · January 6, 2014

Quote

We will not assist users that are obviously using illegal software.

If any such evidence is found you will be given the benefit of the doubt and the opportunity to completely uninstall and delete any such data from your system.

During the scanning process if any further evidence shows up your topic will be closed and no further assistance will be provided.

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

Ron Lewis
Forum Community Manager

I already give you a chance and you try to post a pruned log, I have to go by forum protocol the same as everyone else. Thread will be closed and locked..

You just qouted something that YOU didnt tell me, you qouted something from a different thread...

BMilitant · January 6, 2014

WWWWWWWWWWWWWWHHHHHHHHHHHHHHHHHHHHHHHHHIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIITTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTEEEEEEEEEEEEEEEEEEEEEEEEEEE

KKKKKKKKKKKKKNNNNNNNNNNNNNNNNNNNNNNNNNIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIGGGGGGGGGGGGGGGGGGGHHHHHHHHHHHHHHHHHHHHHHHHTTTTTTTTTTTTTTTTTTTSSSSSSS

kevinf80 · January 6, 2014

You just qouted something that YOU didnt tell me, you qouted something from a different thread...

Read reply #4 and expand the link marked piracy in the warning, I don`t make the rules, but I have to follow them......

If you wish to take this up with one of the moderators please do so......

Host Process for Windows Services ADS IN BACKGROUND VIRUS

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information