Jump to content

Recommended Posts

Hi.  I'm new at this so I'm having some trouble.  I ran the scan and removed whatever was infected but I still am having issues with ads playing.  I think it's a virus.  I have the two things (attach, DDS) to paste.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 10.45.2
Run by LazyLazy at 3:12:45 on 2014-01-09
Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.8119.5713 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vVX3000.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe
C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
C:\Users\Keylin\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Keylin\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Keylin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Keylin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Keylin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Keylin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Keylin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Keylin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Keylin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Keylin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Keylin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Keylin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Keylin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Keylin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = localhost; 127.0.0.1; <local>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Dyyno Launcher] "C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104
uRun: [Google Update] "C:\Users\Keylin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{1BF502CB-2581-4026-AB62-C18E7BFD0C5F} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{1BF502CB-2581-4026-AB62-C18E7BFD0C5F}\144545231363 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{1BF502CB-2581-4026-AB62-C18E7BFD0C5F}\67963647F627D27657563747 : DHCPNameServer = 192.168.7.254
TCP: Interfaces\{3AAC1CF8-3080-4B1D-8F40-970234F8094E} : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{3C819B11-EF25-440F-AC7D-1A35A431CBF2} : DHCPNameServer = 192.168.42.129
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: sUrf aNdd kaeepu: {0ADEC3EF-9411-7C68-55EE-5030A22EAE45} - 
x64-BHO: AppLow: {11111111-1111-1111-1111-110411531160} - C:\Program Files (x86)\AppLow\AppLow-bho64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [VX3000] C:\Windows\vVX3000.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-1-8 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-1-8 207904]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-1-8 1034464]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-1-8 422216]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-1-8 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-8 50344]
R2 Dyyno Launcher;Dyyno Service;C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-8-31 415072]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 2210640]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-8 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-8 701512]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-23 14997280]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-15 414496]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-8 79672]
R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2013-6-27 20752]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-8 25928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-10-23 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\System32\drivers\RTL8192su.sys [2010-1-6 676864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S2 WCMVCAM;WebcamMax, WDM Video Capture;C:\Windows\System32\drivers\wcmvcam64.sys [2011-6-23 1071032]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2011-9-29 27136]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-23 1255736]
.
=============== Created Last 30 ================
.
2014-01-09 08:06:59 76800 ----a-w- C:\Windows\System32\drivers\rspndr.sys.bak
2014-01-09 08:05:59 65600 ----a-w- C:\Windows\System32\drivers\lsi_sas2.sys.bak
2014-01-09 08:04:59 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys.bak
2014-01-09 07:55:52 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3A90C86C-BB1B-49DB-A620-D30F6CFC7A22}\offreg.dll
2014-01-09 04:58:44 -------- d-----w- C:\Users\Keylin\AppData\Roaming\AVAST Software
2014-01-09 04:57:35 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-01-09 04:57:34 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-01-09 04:57:33 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-01-09 04:57:32 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-01-09 04:57:31 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-01-09 04:57:31 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-01-09 04:57:27 43152 ----a-w- C:\Windows\avastSS.scr
2014-01-09 04:57:13 -------- d-----w- C:\Program Files\AVAST Software
2014-01-09 04:56:59 -------- d-----w- C:\ProgramData\AVAST Software
2014-01-09 03:22:10 -------- d-----w- C:\Users\Keylin\AppData\Roaming\Malwarebytes
2014-01-09 03:22:02 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-09 03:22:01 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-09 03:22:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-09 03:05:39 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z..Z.ZZZ.....Z
2014-01-09 02:55:40 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.ZZZZ......ZZ
2013-12-31 00:18:33 -------- d-----w- C:\ProgramData\Oracle
2013-12-31 00:18:23 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-20 20:01:33 -------- d-----w- C:\Program Files (x86)\AppLow
2013-12-20 20:01:24 -------- d-----w- C:\ProgramData\sUrf aNdd kaeepu
2013-12-20 20:01:23 -------- d-----w- C:\Users\Keylin\AppData\Local\Packages
2013-12-20 20:01:23 -------- d-----w- C:\Program Files (x86)\sUrf aNdd kaeepu
2013-12-20 20:01:19 -------- d-----w- C:\ProgramData\837d3354958bb577
2013-12-13 05:36:30 -------- d-----w- C:\Users\Keylin\AppData\Local\Blizzard
2013-12-13 04:03:20 -------- d-----w- C:\Program Files (x86)\Hearthstone
2013-12-13 04:01:09 -------- d-----w- C:\Users\Keylin\AppData\Local\Blizzard Entertainment
2013-12-13 04:01:08 -------- d-----w- C:\Users\Keylin\AppData\Roaming\Battle.net
2013-12-13 04:01:08 -------- d-----w- C:\Users\Keylin\AppData\Local\Battle.net
2013-12-13 04:01:02 -------- d-----w- C:\Program Files (x86)\Battle.net
.
==================== Find3M  ====================
.
2013-12-11 03:26:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 03:26:31 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-15 21:47:39 6665504 ----a-w- C:\Windows\System32\nvcpl.dll
2013-10-15 21:47:39 3489568 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-10-15 21:47:36 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-10-15 21:47:36 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-10-15 21:47:36 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-10-15 20:54:06 589600 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
============= FINISH:  3:13:17.50 ===============
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 11/23/2011 11:43:32 AM
System Uptime: 1/9/2014 1:09:16 AM (2 hours ago)
.
Motherboard: BIOSTAR Group |  | H55A+
Processor: Intel® Core i3 CPU         540  @ 3.07GHz | CPU 1 | 3067/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 23.535 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AppLow
avast! Free Antivirus
Bad Rats
Battle.net
Belkin Connect Wireless USB Adapter
BioShock
Bonjour
Borderlands
CCleaner
Counter-Strike: Source
Damned
DivX Setup
DivX Web Player
Dyyno Broadcaster
EasyTether
Faerie Solitaire
FFsplit version 0.7
Garry's Mod
GeForce Experience NvStream Client Components
Google Chrome
GTK2-Runtime
Happy Cloud Client
Hearthstone
Insecticide Part 1
Java 7 Update 45
Java Auto Updater
League of Legends
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5
Microsoft Corporation
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft LifeCam
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft XNA Framework Redistributable 4.0
Mumble 1.2.3
NVIDIA 3D Vision Controller Driver 331.58
NVIDIA 3D Vision Driver 331.58
NVIDIA Control Panel 331.58
NVIDIA GeForce Experience 1.6.1.2
NVIDIA Graphics Driver 331.58
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 8.3.23
NVIDIA Update Components
NVIDIA Virtual Audio 1.2.5
Open Broadcaster Software
OpenAL
Portal 2
Python 2.7.5
QuickTime
Resident Evil 5
SHIELD Streaming
Skype Click to Call
Skype™ 6.11
Steam
Steam Mobile Access
System Shock 2
TeamSpeak 3 Client
uTorrentControl2 Toolbar
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
VLC media player 2.0.0
Windows Live ID Sign-in Assistant
WinRAR 4.01 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
1/9/2014 2:48:26 AM, Error: Service Control Manager [7023]  - The Power service terminated with the following error:  The WMI request could not be completed and should be retried.
1/9/2014 2:48:25 AM, Error: Service Control Manager [7000]  - The WebcamMax, WDM Video Capture service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/9/2014 12:33:05 AM, Error: Service Control Manager [7023]  - The SPP Notification Service service terminated with the following error:  Access is denied.
1/8/2014 4:28:07 AM, Error: nvlddmkm [14]  - 
1/8/2014 10:54:42 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
1/8/2014 10:54:42 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/8/2014 10:54:42 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/8/2014 10:54:41 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/8/2014 10:54:40 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/8/2014 10:54:37 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/8/2014 10:54:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/8/2014 10:54:22 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
1/8/2014 10:54:22 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
1/8/2014 10:54:22 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
1/8/2014 10:54:22 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
1/8/2014 10:54:22 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
1/8/2014 10:54:22 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
1/8/2014 10:54:22 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
1/8/2014 10:54:22 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
1/8/2014 10:54:22 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
1/8/2014 10:54:22 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
1/8/2014 10:54:22 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
1/8/2014 10:47:22 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error:  A system shutdown has already been scheduled.
1/8/2014 10:47:22 PM, Error: Service Control Manager [7031]  - The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/8/2014 10:47:22 PM, Error: Service Control Manager [7031]  - The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/8/2014 10:32:25 PM, Error: Service Control Manager [7023]  - The Windows Update service terminated with the following error:  %%-2147467243
1/8/2014 10:13:02 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error:  A system shutdown has already been scheduled.
1/8/2014 10:01:53 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
.
==== End Of File ===========================
 
 
 
 
 
I hope I did this correctly.  Please help?
 
 
Link to post
Share on other sites

Hello lazylazy and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall this application: uTorrentControl2 Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Hi, thank you so much for taking the time to help me!  It's still happening, but here are the logs.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.0 (01.07.2014:1)

OS: Windows 7 Professional x64

Ran by Keylin on Thu 01/09/2014 at 15:38:32.26

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\wajam

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022342291}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422532260}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{33333333-3333-3333-3333-330033343391}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066346691}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466536660}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{77777777-7777-7777-7777-770077347791}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220022342291}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422532260}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{33333333-3333-3333-3333-330033343391}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660066346691}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466536660}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{77777777-7777-7777-7777-770077347791}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3072253

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660066346691}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466536660}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{77777777-7777-7777-7777-770077347791}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411531160}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066346691}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466536660}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{77777777-7777-7777-7777-770077347791}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2267EF35-2E71-4036-950D-2D769BB20DDE}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\Keylin\appdata\locallow\utorrentcontrol2"

Successfully deleted: [Folder] "C:\Program Files (x86)\wajam"

Successfully deleted: [Folder] "C:\Users\Keylin\appdata\locallow\asktoolbar"

 

 

 

~~~ Chrome

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 01/09/2014 at 15:44:57.53

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

# AdwCleaner v3.016 - Report created 09/01/2014 at 16:24:27

# Updated 23/12/2013 by Xplode

# Operating System : Windows 7 Professional  (64 bits)

# Username : Keylin - KEYLIN-PC

# Running from : C:\Users\Keylin\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.7600.16385

 

 

-\\ Google Chrome v

 

[ File : C:\Users\Keylin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [7823 octets] - [09/01/2014 15:50:30]

AdwCleaner[R1].txt - [7883 octets] - [09/01/2014 15:57:24]

AdwCleaner[R2].txt - [7943 octets] - [09/01/2014 16:00:21]

AdwCleaner[R3].txt - [979 octets] - [09/01/2014 16:23:33]

AdwCleaner[s0].txt - [5631 octets] - [09/01/2014 16:03:20]

AdwCleaner[s1].txt - [901 octets] - [09/01/2014 16:24:27]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [960 octets] ##########

 

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.09.08

 

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Keylin :: KEYLIN-PC [administrator]

 

Protection: Enabled

 

1/9/2014 4:27:05 PM

mbam-log-2014-01-09 (16-27-05).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 237442

Time elapsed: 5 minute(s), 8 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

I know, it was just a beginning.

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

ComboFix 14-01-08.03 - Keylin 01/10/2014  20:25:30.1.4 - x64

Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.8119.5332 [GMT -5:00]

Running from: c:\users\Keylin\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Keylin\AppData\Roaming\Dyyno

c:\users\Keylin\AppData\Roaming\Dyyno\dgcsrv.xml

c:\users\Keylin\AppData\Roaming\Dyyno\dyyno.xml

.

.

(((((((((((((((((((((((((   Files Created from 2013-12-11 to 2014-01-11  )))))))))))))))))))))))))))))))

.

.

2014-01-11 01:32 . 2014-01-11 01:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2014-01-11 01:32 . 2014-01-11 01:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-01-09 21:24 . 2014-01-09 21:28 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A90C86C-BB1B-49DB-A620-D30F6CFC7A22}\offreg.dll

2014-01-09 20:50 . 2014-01-09 21:24 -------- d-----w- C:\AdwCleaner

2014-01-09 20:25 . 2014-01-09 20:25 -------- d-----w- c:\windows\ERUNT

2014-01-09 08:06 . 2014-01-09 08:11 76800 ----a-w- c:\windows\system32\drivers\rspndr.sys.bak

2014-01-09 08:05 . 2014-01-09 08:10 65600 ----a-w- c:\windows\system32\drivers\lsi_sas2.sys.bak

2014-01-09 08:04 . 2014-01-09 08:09 90624 ----a-w- c:\windows\system32\drivers\bowser.sys.bak

2014-01-09 04:58 . 2014-01-09 04:58 -------- d-----w- c:\users\Keylin\AppData\Roaming\AVAST Software

2014-01-09 04:57 . 2014-01-09 04:58 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys

2014-01-09 04:57 . 2014-01-09 04:57 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-01-09 04:57 . 2014-01-09 04:57 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-01-09 04:57 . 2014-01-09 04:57 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys

2014-01-09 04:57 . 2014-01-09 04:57 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-01-09 04:57 . 2014-01-09 04:57 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2014-01-09 04:57 . 2014-01-09 04:57 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-01-09 04:57 . 2014-01-09 04:57 334136 ----a-w- c:\windows\system32\aswBoot.exe

2014-01-09 04:57 . 2014-01-09 04:57 43152 ----a-w- c:\windows\avastSS.scr

2014-01-09 04:57 . 2014-01-09 04:57 -------- d-----w- c:\program files\AVAST Software

2014-01-09 04:56 . 2014-01-09 04:57 -------- d-----w- c:\programdata\AVAST Software

2014-01-09 03:22 . 2014-01-09 03:22 -------- d-----w- c:\users\Keylin\AppData\Roaming\Malwarebytes

2014-01-09 03:22 . 2014-01-09 03:22 -------- d-----w- c:\programdata\Malwarebytes

2014-01-09 03:22 . 2014-01-09 03:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2014-01-09 03:22 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-01-09 03:05 . 2014-01-09 03:13 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z..Z.ZZZ.....Z

2014-01-09 02:55 . 2014-01-09 02:59 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.ZZZZ......ZZ

2013-12-31 00:18 . 2013-12-31 00:18 -------- d-----w- c:\programdata\Oracle

2013-12-31 00:18 . 2013-12-31 00:18 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-12-31 00:18 . 2013-10-08 12:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-12-20 20:01 . 2013-12-20 20:01 -------- d-----w- c:\users\Keylin\AppData\Local\Packages

2013-12-20 20:01 . 2013-12-20 20:01 -------- d-----w- c:\programdata\837d3354958bb577

2013-12-13 05:36 . 2013-12-13 05:36 -------- d-----w- c:\users\Keylin\AppData\Local\Blizzard

2013-12-13 04:03 . 2013-12-20 05:32 -------- d-----w- c:\program files (x86)\Hearthstone

2013-12-13 04:01 . 2013-12-13 04:01 -------- d-----w- c:\users\Keylin\AppData\Local\Blizzard Entertainment

2013-12-13 04:01 . 2013-12-29 02:00 -------- d-----w- c:\users\Keylin\AppData\Local\Battle.net

2013-12-13 04:01 . 2013-12-13 04:02 -------- d-----w- c:\users\Keylin\AppData\Roaming\Battle.net

2013-12-13 04:01 . 2013-12-20 05:04 -------- d-----w- c:\program files (x86)\Battle.net

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-11 03:26 . 2012-04-11 22:32 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-12-11 03:26 . 2011-11-24 21:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-11-09 23:26 . 2013-11-09 23:26 98304 ----a-r- c:\users\Keylin\AppData\Roaming\Microsoft\Installer\{DBDD570E-0952-475F-9453-AB88F3DD5659}\python_icon.exe

2013-10-16 00:48 . 2013-10-24 00:02 9472600 ----a-w- c:\windows\SysWow64\nvopencl.dll

2013-10-16 00:48 . 2013-10-24 00:02 30344992 ----a-w- c:\windows\system32\nvoglv64.dll

2013-10-16 00:48 . 2013-10-24 00:02 15858664 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2013-10-16 00:48 . 2013-10-24 00:02 1241376 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2013-10-16 00:48 . 2013-10-24 00:02 11362672 ----a-w- c:\windows\system32\nvopencl.dll

2013-10-16 00:48 . 2013-10-24 00:02 9516872 ----a-w- c:\windows\SysWow64\nvcuda.dll

2013-10-16 00:48 . 2013-10-24 00:02 696096 ----a-w- c:\windows\system32\NvFBC64.dll

2013-10-16 00:48 . 2013-10-24 00:02 655136 ----a-w- c:\windows\system32\NvIFR64.dll

2013-10-16 00:48 . 2013-10-24 00:02 599840 ----a-w- c:\windows\SysWow64\NvFBC.dll

2013-10-16 00:48 . 2013-10-24 00:02 560416 ----a-w- c:\windows\SysWow64\NvIFR.dll

2013-10-16 00:48 . 2013-10-24 00:02 317472 ----a-w- c:\windows\system32\nvoglshim64.dll

2013-10-16 00:48 . 2013-10-24 00:02 3131680 ----a-w- c:\windows\system32\nvcuvid.dll

2013-10-16 00:48 . 2013-10-24 00:02 3124512 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-10-16 00:48 . 2013-10-24 00:02 2946848 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2013-10-16 00:48 . 2013-10-24 00:02 2747168 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2013-10-16 00:48 . 2013-10-24 00:02 266984 ----a-w- c:\windows\SysWow64\nvoglshim32.dll

2013-10-16 00:48 . 2013-10-24 00:02 25256224 ----a-w- c:\windows\system32\nvcompiler.dll

2013-10-16 00:48 . 2013-10-24 00:02 22933280 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2013-10-16 00:48 . 2013-10-24 00:02 1884448 ----a-w- c:\windows\system32\nvdispco6433158.dll

2013-10-16 00:48 . 2013-10-24 00:02 18243632 ----a-w- c:\windows\system32\nvd3dumx.dll

2013-10-16 00:48 . 2013-10-24 00:02 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2013-10-16 00:48 . 2013-10-24 00:02 168616 ----a-w- c:\windows\system32\nvinitx.dll

2013-10-16 00:48 . 2013-10-24 00:02 1511712 ----a-w- c:\windows\system32\nvdispgenco6433158.dll

2013-10-16 00:48 . 2013-10-24 00:02 141336 ----a-w- c:\windows\SysWow64\nvinit.dll

2013-10-16 00:48 . 2013-10-24 00:02 12537632 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2013-10-16 00:48 . 2013-10-24 00:02 11415232 ----a-w- c:\windows\system32\nvcuda.dll

2013-10-16 00:48 . 2012-03-14 03:16 1435504 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-10-16 00:48 . 2011-11-24 17:15 3067560 ----a-w- c:\windows\system32\nvapi64.dll

2013-10-16 00:48 . 2011-11-24 17:15 2694664 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-10-16 00:48 . 2011-11-24 17:15 18290536 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-10-16 00:48 . 2011-11-24 17:15 15244272 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-10-15 21:47 . 2011-11-24 17:16 6665504 ----a-w- c:\windows\system32\nvcpl.dll

2013-10-15 21:47 . 2011-11-24 17:16 3489568 ----a-w- c:\windows\system32\nvsvc64.dll

2013-10-15 21:47 . 2011-11-24 17:16 922912 ----a-w- c:\windows\system32\nvvsvc.exe

2013-10-15 21:47 . 2011-11-24 17:16 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-10-15 21:47 . 2011-11-24 17:16 219424 ----a-w- c:\windows\system32\nvmctray.dll

2013-10-15 20:54 . 2013-10-15 20:54 589600 ----a-w- c:\windows\SysWow64\nvStreaming.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll

[-] 2009-07-14 . DECECB058AC61DF952AF74A3C505E27C . 509952 . . [6.1.7600.16385] .. c:\windows\system32\rpcss.dll

.

[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[-] 2011-11-23 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll

.

[-] 2011-11-23 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll

[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Dyyno Launcher"="c:\program files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" [2011-08-31 2151776]

"EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2011-05-22 48648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-09 3764024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys;c:\windows\SYSNATIVE\DRIVERS\wcmvcam64.sys [x]

R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys;c:\windows\SYSNATIVE\DRIVERS\ManyCam_x64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [x]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys;c:\windows\SYSNATIVE\DRIVERS\easytthr.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2014-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 03:26]

.

2014-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-683505389-1397809457-3931058963-1000Core.job

- c:\users\Keylin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-20 21:03]

.

2014-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-683505389-1397809457-3931058963-1000UA.job

- c:\users\Keylin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-20 21:03]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-01-09 04:57 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]

"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-09-19 1028896]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{0ADEC3EF-9411-7C68-55EE-5030A22EAE45} - c:\program files (x86)\sUrf aNdd kaeepu\N_XMw.x64.dll

BHO-{11111111-1111-1111-1111-110411531160} - c:\program files (x86)\AppLow\AppLow-bho64.dll

AddRemove-TeamSpeak 3 Client - c:\program files (x86)\TeamSpeak 3 Client\uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-683505389-1397809457-3931058963-1000\Software\SecuROM\License information*]

"datasecu"=hex:46,05,16,ea,08,fe,b3,eb,d0,1f,23,f7,d6,fd,06,75,66,4d,74,26,05,

   14,0d,ce,0b,12,bd,21,c9,8f,0a,53,93,e0,a7,9a,f7,b8,3f,f4,db,a6,d4,9f,d8,35,\

"rkeysecu"=hex:58,5b,cc,38,26,78,1e,8d,8d,52,aa,df,f9,30,e7,d9

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-01-10  20:34:12

ComboFix-quarantined-files.txt  2014-01-11 01:34

.

Pre-Run: 24,582,901,760 bytes free

Post-Run: 24,492,548,096 bytes free

.

- - End Of File - - EF799DC8B846ED2575F8350CBFB0EE7C

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::

c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll | c:\windows\system32\rpcss.dll

c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll | c:\windows\system32\user32.dll

c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll | c:\windows\SysWOW64\user32.dll

JavaClearCache::

KillAll::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

ComboFix 14-01-08.03 - Keylin 01/12/2014   1:45.3.4 - x64

Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.8119.6610 [GMT -5:00]

Running from: c:\users\Keylin\Downloads\ComboFix.exe

Command switches used :: c:\users\Keylin\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

--------------- FCopy ---------------

.

c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll --> c:\windows\system32\rpcss.dll

c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll --> c:\windows\system32\user32.dll

c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll --> c:\windows\SysWOW64\user32.dll

.

(((((((((((((((((((((((((   Files Created from 2013-12-12 to 2014-01-12  )))))))))))))))))))))))))))))))

.

.

2014-01-12 06:53 . 2014-01-12 06:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2014-01-12 06:53 . 2014-01-12 06:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-01-09 20:50 . 2014-01-09 21:24 -------- d-----w- C:\AdwCleaner

2014-01-09 20:25 . 2014-01-09 20:25 -------- d-----w- c:\windows\ERUNT

2014-01-09 08:06 . 2014-01-09 08:11 76800 ----a-w- c:\windows\system32\drivers\rspndr.sys.bak

2014-01-09 08:05 . 2014-01-09 08:10 65600 ----a-w- c:\windows\system32\drivers\lsi_sas2.sys.bak

2014-01-09 08:04 . 2014-01-09 08:09 90624 ----a-w- c:\windows\system32\drivers\bowser.sys.bak

2014-01-09 04:58 . 2014-01-09 04:58 -------- d-----w- c:\users\Keylin\AppData\Roaming\AVAST Software

2014-01-09 04:57 . 2014-01-09 04:58 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys

2014-01-09 04:57 . 2014-01-09 04:57 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-01-09 04:57 . 2014-01-09 04:57 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-01-09 04:57 . 2014-01-09 04:57 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys

2014-01-09 04:57 . 2014-01-09 04:57 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-01-09 04:57 . 2014-01-09 04:57 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2014-01-09 04:57 . 2014-01-09 04:57 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-01-09 04:57 . 2014-01-09 04:57 334136 ----a-w- c:\windows\system32\aswBoot.exe

2014-01-09 04:57 . 2014-01-09 04:57 43152 ----a-w- c:\windows\avastSS.scr

2014-01-09 04:57 . 2014-01-09 04:57 -------- d-----w- c:\program files\AVAST Software

2014-01-09 04:56 . 2014-01-09 04:57 -------- d-----w- c:\programdata\AVAST Software

2014-01-09 03:22 . 2014-01-09 03:22 -------- d-----w- c:\users\Keylin\AppData\Roaming\Malwarebytes

2014-01-09 03:22 . 2014-01-09 03:22 -------- d-----w- c:\programdata\Malwarebytes

2014-01-09 03:22 . 2014-01-09 03:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2014-01-09 03:22 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-01-09 03:05 . 2014-01-09 03:13 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z..Z.ZZZ.....Z

2014-01-09 02:55 . 2014-01-09 02:59 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.ZZZZ......ZZ

2013-12-31 00:18 . 2013-12-31 00:18 -------- d-----w- c:\programdata\Oracle

2013-12-31 00:18 . 2013-12-31 00:18 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-12-31 00:18 . 2013-10-08 12:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-12-20 20:01 . 2013-12-20 20:01 -------- d-----w- c:\users\Keylin\AppData\Local\Packages

2013-12-20 20:01 . 2013-12-20 20:01 -------- d-----w- c:\programdata\837d3354958bb577

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-11 03:26 . 2012-04-11 22:32 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-12-11 03:26 . 2011-11-24 21:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-11-09 23:26 . 2013-11-09 23:26 98304 ----a-r- c:\users\Keylin\AppData\Roaming\Microsoft\Installer\{DBDD570E-0952-475F-9453-AB88F3DD5659}\python_icon.exe

2013-10-16 00:48 . 2013-10-24 00:02 9472600 ----a-w- c:\windows\SysWow64\nvopencl.dll

2013-10-16 00:48 . 2013-10-24 00:02 30344992 ----a-w- c:\windows\system32\nvoglv64.dll

2013-10-16 00:48 . 2013-10-24 00:02 15858664 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2013-10-16 00:48 . 2013-10-24 00:02 1241376 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2013-10-16 00:48 . 2013-10-24 00:02 11362672 ----a-w- c:\windows\system32\nvopencl.dll

2013-10-16 00:48 . 2013-10-24 00:02 9516872 ----a-w- c:\windows\SysWow64\nvcuda.dll

2013-10-16 00:48 . 2013-10-24 00:02 696096 ----a-w- c:\windows\system32\NvFBC64.dll

2013-10-16 00:48 . 2013-10-24 00:02 655136 ----a-w- c:\windows\system32\NvIFR64.dll

2013-10-16 00:48 . 2013-10-24 00:02 599840 ----a-w- c:\windows\SysWow64\NvFBC.dll

2013-10-16 00:48 . 2013-10-24 00:02 560416 ----a-w- c:\windows\SysWow64\NvIFR.dll

2013-10-16 00:48 . 2013-10-24 00:02 317472 ----a-w- c:\windows\system32\nvoglshim64.dll

2013-10-16 00:48 . 2013-10-24 00:02 3131680 ----a-w- c:\windows\system32\nvcuvid.dll

2013-10-16 00:48 . 2013-10-24 00:02 3124512 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-10-16 00:48 . 2013-10-24 00:02 2946848 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2013-10-16 00:48 . 2013-10-24 00:02 2747168 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2013-10-16 00:48 . 2013-10-24 00:02 266984 ----a-w- c:\windows\SysWow64\nvoglshim32.dll

2013-10-16 00:48 . 2013-10-24 00:02 25256224 ----a-w- c:\windows\system32\nvcompiler.dll

2013-10-16 00:48 . 2013-10-24 00:02 22933280 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2013-10-16 00:48 . 2013-10-24 00:02 1884448 ----a-w- c:\windows\system32\nvdispco6433158.dll

2013-10-16 00:48 . 2013-10-24 00:02 18243632 ----a-w- c:\windows\system32\nvd3dumx.dll

2013-10-16 00:48 . 2013-10-24 00:02 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2013-10-16 00:48 . 2013-10-24 00:02 168616 ----a-w- c:\windows\system32\nvinitx.dll

2013-10-16 00:48 . 2013-10-24 00:02 1511712 ----a-w- c:\windows\system32\nvdispgenco6433158.dll

2013-10-16 00:48 . 2013-10-24 00:02 141336 ----a-w- c:\windows\SysWow64\nvinit.dll

2013-10-16 00:48 . 2013-10-24 00:02 12537632 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2013-10-16 00:48 . 2013-10-24 00:02 11415232 ----a-w- c:\windows\system32\nvcuda.dll

2013-10-16 00:48 . 2012-03-14 03:16 1435504 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-10-16 00:48 . 2011-11-24 17:15 3067560 ----a-w- c:\windows\system32\nvapi64.dll

2013-10-16 00:48 . 2011-11-24 17:15 2694664 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-10-16 00:48 . 2011-11-24 17:15 18290536 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-10-16 00:48 . 2011-11-24 17:15 15244272 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-10-15 21:47 . 2011-11-24 17:16 6665504 ----a-w- c:\windows\system32\nvcpl.dll

2013-10-15 21:47 . 2011-11-24 17:16 3489568 ----a-w- c:\windows\system32\nvsvc64.dll

2013-10-15 21:47 . 2011-11-24 17:16 922912 ----a-w- c:\windows\system32\nvvsvc.exe

2013-10-15 21:47 . 2011-11-24 17:16 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-10-15 21:47 . 2011-11-24 17:16 219424 ----a-w- c:\windows\system32\nvmctray.dll

2013-10-15 20:54 . 2013-10-15 20:54 589600 ----a-w- c:\windows\SysWow64\nvStreaming.exe

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Dyyno Launcher"="c:\program files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" [2011-08-31 2151776]

"EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2011-05-22 48648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-09 3764024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys;c:\windows\SYSNATIVE\DRIVERS\wcmvcam64.sys [x]

R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys;c:\windows\SYSNATIVE\DRIVERS\ManyCam_x64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [x]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys;c:\windows\SYSNATIVE\DRIVERS\easytthr.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2014-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 03:26]

.

2014-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-683505389-1397809457-3931058963-1000Core.job

- c:\users\Keylin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-20 21:03]

.

2014-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-683505389-1397809457-3931058963-1000UA.job

- c:\users\Keylin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-20 21:03]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ADEC3EF-9411-7C68-55EE-5030A22EAE45}]

c:\program files (x86)\sUrf aNdd kaeepu\N_XMw.x64.dll [bU]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110411531160}]

c:\program files (x86)\AppLow\AppLow-bho64.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-01-09 04:57 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]

"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-09-19 1028896]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.254

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-683505389-1397809457-3931058963-1000\Software\SecuROM\License information*]

"datasecu"=hex:46,05,16,ea,08,fe,b3,eb,d0,1f,23,f7,d6,fd,06,75,66,4d,74,26,05,

   14,0d,ce,0b,12,bd,21,c9,8f,0a,53,93,e0,a7,9a,f7,b8,3f,f4,db,a6,d4,9f,d8,35,\

"rkeysecu"=hex:58,5b,cc,38,26,78,1e,8d,8d,52,aa,df,f9,30,e7,d9

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

.

**************************************************************************

.

Completion time: 2014-01-12  02:00:00 - machine was rebooted

ComboFix-quarantined-files.txt  2014-01-12 07:00

ComboFix2.txt  2014-01-11 01:34

.

Pre-Run: 24,618,627,072 bytes free

Post-Run: 24,549,261,312 bytes free

.

- - End Of File - - FE8D3C1C192A3CC4CA3CE82E2E01B339

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Well done! :)

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppLow\AppLow-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.B application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppLow\AppLow-buttonutil64.dll.vir probably a variant of Win64/Toolbar.Crossrider.B application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppLow\AppLow-buttonutil64.exe.vir a variant of Win64/Toolbar.Crossrider.B application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppLow\utils.exe.vir multiple threats cleaned by deleting - quarantined

C:\Users\Keylin\Downloads\frostwire-5.2.11.windows.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

C:\Users\Keylin\Downloads\WebcamMax-7.5.7.8.MultiLanguage.Setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
Link to post
Share on other sites

If you would like, one last additional scan:

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.