Jump to content

Help, got infected and Malwarebytes + all other AntiVirus do


icheesy
 Share

Recommended Posts

Can't download / run any antivirus, so I think I'm infected with some sort of virus-killing bot!!!! HELP!
I've tried malwarebytes, kaspersky, bitdefender, outpost, eset.. they all come with a "file not there" kind of message, like:

This is what happens when I try running malwarebytes
I uninstalled and deleted my old one, then put in a completely fresh one, and this happens.

sauZvRf.png

 

 

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Cheese at 0:24:12 on 2014-01-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8075.5150 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Users\Cheese\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Users\Cheese\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\DeskPins\DeskPins.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Cheese\pjtkx\cscrss.com
C:\Users\Cheese\ynlti\csrss.exe.com
C:\Users\Cheese\fsztn\cssrss.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\{$2768-4498-5198-1488$}\Skype.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\WScript.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Cheese\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Cheese\Desktop\League\BoL Studio.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.196\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.66\deploy\LolClient.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = 173.213.96.229:7808
uProxyOverride = <local>
uWindows: Load = C:\{$2768-4498-5198-1488$}\Skype.exe
mWinlogon: Userinit = userinit.exe
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Facebook Update] "C:\Users\Cheese\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "C:\Users\Cheese\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRunOnce: [ynlti] C:\Users\Cheese\ynlti\start.vbs
uRunOnce: [pjtkx] C:\Users\Cheese\pjtkx\start.vbs
uRunOnce: [fsztn] C:\Users\Cheese\fsztn\85672.vbs
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [skype] C:\{$2768-4498-5198-1488$}\Skype.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows"
StartupFolder: C:\Users\Cheese\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Cheese\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DeskPins.lnk - C:\Program Files (x86)\DeskPins\DeskPins.exe
StartupFolder: C:\Users\Cheese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.url
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: ConsentPromptBehaviorAdmin = dword:0
uPolicies-System: ConsentPromptBehaviorUser = dword:0
uPolicies-System: EnableLUA = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 192.168.1.127
TCP: Interfaces\{2A1D5FA8-A8CF-4411-9011-54EF7F248C40} : DHCPNameServer = 192.168.1.127
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\windows\syswow64\nvinit.dll  
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: avcenter.exe - nsjw.exe
IFEO: avguard.exe - nsjw.exe
IFEO: avp.exe - nsjw.exe
IFEO: bdagent.exe - nsjw.exe
IFEO: ccuac.exe - nsjw.exe
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: avcenter.exe - nsjw.exe
x64-IFEO: avguard.exe - nsjw.exe
x64-IFEO: avp.exe - nsjw.exe
x64-IFEO: bdagent.exe - nsjw.exe
x64-IFEO: ccuac.exe - nsjw.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cheese\AppData\Roaming\Mozilla\Firefox\Profiles\i2l93bwv.default\
FF - prefs.js: network.proxy.ftp - 208.92.249.135
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 208.92.249.135
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 208.92.249.135
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 208.92.249.135
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 1
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Cheese\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Cheese\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Cheese\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Cheese\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Cheese\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - ExtSQL: 2013-11-27 12:39; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-12-27 12:14; rxpnazr@cszwaoe.edu; C:\Users\Cheese\AppData\Roaming\Mozilla\Firefox\Profiles\i2l93bwv.default\extensions\rxpnazr@cszwaoe.edu
FF - ExtSQL: 2013-12-27 12:14; oiaoyaoamdz@wqqk-dzjs.org; C:\Users\Cheese\AppData\Roaming\Mozilla\Firefox\Profiles\i2l93bwv.default\extensions\oiaoyaoamdz@wqqk-dzjs.org
FF - ExtSQL: 2013-12-27 12:14; 4exrfw1mid@qjqggtuye.net; C:\Users\Cheese\AppData\Roaming\Mozilla\Firefox\Profiles\i2l93bwv.default\extensions\4exrfw1mid@qjqggtuye.net
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.shownSelectionUI - true
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 Level Quality Watcher;Level Quality Watcher;C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=8F71DB22-A8DF-4C0D-A26C-2142A9317F6A --> C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=8F71DB22-A8DF-4C0D-A26C-2142A9317F6A [?]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-4-29 412960]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-19 5341536]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-7-13 44928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2013-7-10 879760]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-10-16 200552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-13 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [userChoice]
.
=============== Created Last 30 ================
.
2014-01-12 06:11:46 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
2014-01-12 03:26:18 -------- d-----w- C:\Users\Cheese\AppData\Local\MFAData
2014-01-12 03:26:18 -------- d-----w- C:\Users\Cheese\AppData\Local\Avg2014
2014-01-12 03:26:18 -------- d-----w- C:\ProgramData\MFAData
2014-01-12 02:33:37 -------- d-----w- C:\Program Files (x86)\ESET
2014-01-12 02:09:18 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-12 02:07:42 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-12 02:07:42 -------- d-----w- C:\Program Files (x86)\Malll
2014-01-10 04:53:39 284160 --sha-r- C:\ProgramData\846166776.exe
2014-01-10 04:53:38 -------- d--h--w- C:\{$2768-4498-5198-1488$}
2014-01-09 22:30:37 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5F4C93D0-85E9-401E-8B35-5B86F00AE95B}\mpengine.dll
2014-01-08 05:02:13 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-08 00:31:49 -------- d-----w- C:\Program Files\AutoHotkey
2014-01-07 07:09:29 1651531 ----a-w- C:\Users\Cheese\AppData\Roaming\4.exe
2014-01-07 06:48:15 -------- d-----r- C:\Sandbox
2014-01-07 06:47:36 -------- d-----w- C:\Program Files\Sandboxie
2014-01-07 06:44:41 1711037 ----a-w- C:\Users\Cheese\AppData\Roaming\msconfig.exe
2014-01-07 06:44:41 -------- d--h--w- C:\{$1284-9213-2940-1289$}
2013-12-31 09:16:20 -------- d-----w- C:\Users\Cheese\AppData\Roaming\BoL
2013-12-31 06:47:25 -------- d-----w- C:\Program Files (x86)\LastPass
2013-12-31 02:45:35 -------- d-sh--r- C:\Users\Cheese\fsztn
2013-12-28 02:40:19 -------- d-sh--w- C:\Windows\SysWow64\{$1284-9213-2940-1289$}
2013-12-27 23:27:19 1160324 ----a-w- C:\Users\Cheese\AppData\Roaming\0.exe
2013-12-27 18:54:57 -------- d-----w- C:\Program Files (x86)\DeskPins
2013-12-27 18:13:48 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-24 23:52:06 90112 ----a-w- C:\Windows\unvise32.exe
2013-12-24 23:51:19 -------- d-----w- C:\Program Files (x86)\Mall Of America Tycoon
.
==================== Find3M  ====================
.
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-16 16:18:44 439296 ----a-w- C:\Windows\System32\AdpeakProxy64.dll
2013-10-16 16:18:44 338944 ----a-w- C:\Windows\SysWow64\AdpeakProxy.dll
.
============= FINISH:  0:24:30.90 ===============

 

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 7/10/2013 9:49:54 PM
System Uptime: 1/12/2014 12:13:01 AM (0 hours ago)
.
Motherboard: ASRock |  | Z77 Extreme4
Processor: Intel® Core i5-3570K CPU @ 3.40GHz | CPUSocket | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 932 GiB total, 832.416 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: ACPI\INT33A0\0
Manufacturer: 
Name: 
PNP Device ID: ACPI\INT33A0\0
Service: 
.
Class GUID: 
Description: Video Controller
Device ID: PCI\VEN_8086&DEV_0162&SUBSYS_01621849&REV_09\3&11583659&0&10
Manufacturer: 
Name: Video Controller
PNP Device ID: PCI\VEN_8086&DEV_0162&SUBSYS_01621849&REV_09\3&11583659&0&10
Service: 
.
Class GUID: 
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_1E221849&REV_04\3&11583659&0&FB
Manufacturer: 
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_1E221849&REV_04\3&11583659&0&FB
Service: 
.
Class GUID: 
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_16B1&SUBSYS_96B11849&REV_10\4&2B8260C3&0&00E4
Manufacturer: 
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_16B1&SUBSYS_96B11849&REV_10\4&2B8260C3&0&00E4
Service: 
.
Class GUID: 
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_1E311849&REV_04\3&11583659&0&A0
Manufacturer: 
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_1E311849&REV_04\3&11583659&0&A0
Service: 
.
Class GUID: 
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_10421849&REV_00\4&37A73C8A&0&00E7
Manufacturer: 
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_10421849&REV_00\4&37A73C8A&0&00E7
Service: 
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: hlnfd
Device ID: ROOT\LEGACY_HLNFD\0000
Manufacturer: 
Name: hlnfd
PNP Device ID: ROOT\LEGACY_HLNFD\0000
Service: hlnfd
.
==== System Restore Points ===================
.
RP87: 12/30/2013 1:25:02 PM - Windows Update
RP88: 1/2/2014 3:16:24 PM - Windows Update
RP89: 1/6/2014 10:54:19 AM - Windows Update
RP90: 1/9/2014 4:30:14 PM - Windows Update
RP91: 1/12/2014 12:19:59 AM - AA11
.
==== Image File Execution Options =============
.
IFEO: avcenter.exe - nsjw.exe
IFEO: avguard.exe - nsjw.exe
IFEO: avp.exe - nsjw.exe
IFEO: bdagent.exe - nsjw.exe
IFEO: ccuac.exe - nsjw.exe
IFEO: ComboFix.exe - nsjw.exe
IFEO: egui.exe - nsjw.exe
IFEO: hijackthis.exe - nsjw.exe
IFEO: keyscrambler.exe - nsjw.exe
IFEO: mbam.exe - nsjw.exe
IFEO: MpCmdRun.exe - nsjw.exe
IFEO: MSASCui.exe - nsjw.exe
IFEO: MsMpEng.exe - nsjw.exe
IFEO: msseces.exe - nsjw.exe
IFEO: spybotsd.exe - nsjw.exe
IFEO: wireshark.exe - nsjw.exe
IFEO: zlclient.exe - nsjw.exe
x64-IFEO: avcenter.exe - nsjw.exe
x64-IFEO: avguard.exe - nsjw.exe
x64-IFEO: avp.exe - nsjw.exe
x64-IFEO: bdagent.exe - nsjw.exe
x64-IFEO: ccuac.exe - nsjw.exe
x64-IFEO: ComboFix.exe - nsjw.exe
x64-IFEO: egui.exe - nsjw.exe
x64-IFEO: hijackthis.exe - nsjw.exe
x64-IFEO: keyscrambler.exe - nsjw.exe
x64-IFEO: mbam.exe - nsjw.exe
x64-IFEO: MpCmdRun.exe - nsjw.exe
x64-IFEO: MSASCui.exe - nsjw.exe
x64-IFEO: MsMpEng.exe - nsjw.exe
x64-IFEO: msseces.exe - nsjw.exe
x64-IFEO: spybotsd.exe - nsjw.exe
x64-IFEO: wireshark.exe - nsjw.exe
x64-IFEO: zlclient.exe - nsjw.exe
.
==== Installed Programs ======================
.
7 Days to Die - Alpha version 0.9.1
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
AutoHotkey 1.1.13.01
Battlefield 3™
Battlelog Web Plugins
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
DarkComet RAT Remover version 1.0
DeskPins (remove only)
ESN Sonar
Facebook Video Calling 1.2.0.287
FileZilla Client 3.7.1.1
GhostMouse
Google Chrome
Google Drive
Google Talk Plugin
Google Update Helper
HyperCam 2
Java 7 Update 45
Java Auto Updater
LastPass (uninstall only)
League of Legends
Level Quality Watcher
Lightworks
Litecoin
LogonStudio
Mall Of America Tycoon
Malwarebytes Anti-Malware version 1.75.0.1300
ManyCam 3.1.58
Microsoft .NET Framework 4 Client Profile
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mouse Recorder 2.3.6.6
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
No-IP DUC
Notepad++
NVIDIA 3D Vision Controller Driver 320.08
NVIDIA 3D Vision Driver 320.08
NVIDIA Control Panel 320.08
NVIDIA Graphics Driver 320.08
NVIDIA HD Audio Driver 1.3.23.1
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0325
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.14.17
NVIDIA Update Components
Origin
Pando Media Booster
PunkBuster Services
Sandboxie 4.06 (64-bit)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Skype Click to Call
Skype™ 6.11
swMSM
TeamSpeak 3 Client
TeamViewer 9
The Sims™ 3
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Ventrilo Client for Windows x64
Windows Macro Recorder
WinRAR 5.00 beta 6 (64-bit)
Wireless LAN Driver
.
==== Event Viewer Messages From Past Week ========
.
1/12/2014 12:24:13 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 8 time(s).
1/12/2014 12:24:13 AM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473536.
1/12/2014 12:23:55 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 7 time(s).
1/12/2014 12:23:55 AM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-2147217025.
1/12/2014 12:22:22 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 6 time(s).
1/12/2014 12:19:57 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 5 time(s).
1/12/2014 12:19:54 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 4 time(s).
1/12/2014 12:19:42 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 3 time(s).
1/12/2014 12:19:25 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/12/2014 12:19:13 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/12/2014 12:14:21 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/12/2014 12:13:18 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  hlnfd
1/12/2014 12:13:10 AM, Error: Service Control Manager [7000]  - The Microsoft Antimalware Service service failed to start due to the following error:  The system cannot find the file specified.
1/12/2014 12:10:09 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 175 time(s).
1/12/2014 12:10:06 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 174 time(s).
1/12/2014 12:10:02 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 173 time(s).
1/12/2014 12:09:58 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 172 time(s).
1/12/2014 12:09:37 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 171 time(s).
1/12/2014 12:09:05 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 170 time(s).
1/12/2014 12:08:27 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 169 time(s).
1/12/2014 12:08:14 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 168 time(s).
1/12/2014 12:08:08 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 167 time(s).
1/12/2014 12:07:48 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 166 time(s).
1/12/2014 12:03:28 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 165 time(s).
1/12/2014 12:03:01 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 164 time(s).
1/12/2014 12:00:40 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 163 time(s).
1/12/2014 12:00:23 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 162 time(s).
1/11/2014 9:47:23 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 136 time(s).
1/11/2014 9:37:44 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 135 time(s).
1/11/2014 9:37:39 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 134 time(s).
1/11/2014 9:36:06 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 133 time(s).
1/11/2014 9:35:03 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 132 time(s).
1/11/2014 9:34:25 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 131 time(s).
1/11/2014 9:33:48 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 130 time(s).
1/11/2014 9:32:15 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 129 time(s).
1/11/2014 9:32:06 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 128 time(s).
1/11/2014 9:31:48 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 127 time(s).
1/11/2014 9:30:12 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 126 time(s).
1/11/2014 9:29:11 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 125 time(s).
1/11/2014 9:28:40 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 124 time(s).
1/11/2014 9:28:15 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 123 time(s).
1/11/2014 9:26:23 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 122 time(s).
1/11/2014 9:25:57 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 121 time(s).
1/11/2014 9:21:26 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 120 time(s).
1/11/2014 9:20:26 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 119 time(s).
1/11/2014 9:14:30 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 118 time(s).
1/11/2014 9:10:07 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 117 time(s).
1/11/2014 9:04:44 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 116 time(s).
1/11/2014 8:59:34 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 115 time(s).
1/11/2014 8:57:33 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 114 time(s).
1/11/2014 8:57:21 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 113 time(s).
1/11/2014 8:56:54 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 112 time(s).
1/11/2014 8:52:10 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 111 time(s).
1/11/2014 8:49:10 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 110 time(s).
1/11/2014 8:46:43 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 109 time(s).
1/11/2014 8:46:38 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 108 time(s).
1/11/2014 8:46:03 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 107 time(s).
1/11/2014 8:41:54 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 106 time(s).
1/11/2014 8:40:15 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 105 time(s).
1/11/2014 8:40:09 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 104 time(s).
1/11/2014 8:37:06 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 103 time(s).
1/11/2014 8:32:54 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 102 time(s).
1/11/2014 8:32:31 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 101 time(s).
1/11/2014 8:32:20 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 100 time(s).
1/11/2014 8:29:47 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 99 time(s).
1/11/2014 8:25:14 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 98 time(s).
1/11/2014 8:22:06 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 97 time(s).
1/11/2014 8:21:52 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 96 time(s).
1/11/2014 8:21:28 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 95 time(s).
1/11/2014 8:20:53 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 94 time(s).
1/11/2014 8:19:12 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 93 time(s).
1/11/2014 8:18:22 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 92 time(s).
1/11/2014 8:17:43 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 91 time(s).
1/11/2014 8:17:32 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 90 time(s).
1/11/2014 8:16:59 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 89 time(s).
1/11/2014 8:14:55 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 88 time(s).
1/11/2014 8:14:36 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 87 time(s).
1/11/2014 8:09:59 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 86 time(s).
1/11/2014 8:09:40 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 85 time(s).
1/11/2014 8:09:26 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 84 time(s).
1/11/2014 8:09:13 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 83 time(s).
1/11/2014 8:08:34 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 82 time(s).
1/11/2014 8:08:31 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 81 time(s).
1/11/2014 8:08:29 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 80 time(s).
1/11/2014 8:08:13 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 79 time(s).
1/11/2014 8:02:06 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 78 time(s).
1/11/2014 8:01:06 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 77 time(s).
1/11/2014 8:00:56 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 76 time(s).
1/11/2014 8:00:45 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 75 time(s).
1/11/2014 8:00:32 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 74 time(s).
1/11/2014 8:00:10 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 73 time(s).
1/11/2014 7:59:59 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 72 time(s).
1/11/2014 7:59:42 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 71 time(s).
1/11/2014 7:59:30 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 70 time(s).
1/11/2014 7:59:14 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 69 time(s).
1/11/2014 7:57:16 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 68 time(s).
1/11/2014 7:57:01 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 67 time(s).
1/11/2014 7:54:52 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 66 time(s).
1/11/2014 7:54:23 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 65 time(s).
1/11/2014 7:51:50 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 64 time(s).
1/11/2014 7:51:08 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 63 time(s).
1/11/2014 7:50:56 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 62 time(s).
1/11/2014 7:50:26 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 61 time(s).
1/11/2014 7:50:18 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 60 time(s).
1/11/2014 7:50:05 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 59 time(s).
1/11/2014 7:49:51 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 58 time(s).
1/11/2014 7:49:18 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 57 time(s).
1/11/2014 7:49:06 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 56 time(s).
1/11/2014 7:48:47 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 55 time(s).
1/11/2014 7:48:23 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 54 time(s).
1/11/2014 7:47:47 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 53 time(s).
1/11/2014 7:47:35 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 52 time(s).
1/11/2014 7:47:18 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 51 time(s).
1/11/2014 7:47:16 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 50 time(s).
1/11/2014 7:47:14 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 49 time(s).
1/11/2014 7:43:46 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 48 time(s).
1/11/2014 7:43:43 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 47 time(s).
1/11/2014 7:43:12 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 46 time(s).
1/11/2014 7:41:42 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 45 time(s).
1/11/2014 7:41:29 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 44 time(s).
1/11/2014 7:38:55 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 43 time(s).
1/11/2014 7:29:51 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 42 time(s).
1/11/2014 7:27:41 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 41 time(s).
1/11/2014 7:09:25 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 40 time(s).
1/11/2014 7:08:08 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 39 time(s).
1/11/2014 6:55:41 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 38 time(s).
1/11/2014 6:52:13 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 37 time(s).
1/11/2014 6:51:39 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 36 time(s).
1/11/2014 6:51:22 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 35 time(s).
1/11/2014 6:51:20 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 34 time(s).
1/11/2014 6:50:35 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 33 time(s).
1/11/2014 6:49:32 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 32 time(s).
1/11/2014 6:49:13 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 31 time(s).
1/11/2014 6:49:10 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 30 time(s).
1/11/2014 6:49:01 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 29 time(s).
1/11/2014 6:47:53 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 28 time(s).
1/11/2014 6:43:44 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 27 time(s).
1/11/2014 6:27:31 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 26 time(s).
1/11/2014 6:24:15 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 25 time(s).
1/11/2014 5:59:41 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 24 time(s).
1/11/2014 5:58:17 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 23 time(s).
1/11/2014 5:55:23 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 22 time(s).
1/11/2014 5:46:16 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 21 time(s).
1/11/2014 5:45:38 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 20 time(s).
1/11/2014 5:32:30 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 19 time(s).
1/11/2014 5:27:22 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 18 time(s).
1/11/2014 5:13:52 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 17 time(s).
1/11/2014 5:13:40 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 16 time(s).
1/11/2014 4:49:24 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 15 time(s).
1/11/2014 4:40:18 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 14 time(s).
1/11/2014 4:38:11 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 13 time(s).
1/11/2014 4:33:51 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 12 time(s).
1/11/2014 4:33:37 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 11 time(s).
1/11/2014 4:32:46 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 10 time(s).
1/11/2014 11:59:55 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 161 time(s).
1/11/2014 11:43:53 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 160 time(s).
1/11/2014 11:30:05 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 159 time(s).
1/11/2014 11:27:14 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 158 time(s).
1/11/2014 11:02:28 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 157 time(s).
1/11/2014 10:58:14 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 156 time(s).
1/11/2014 10:57:53 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 155 time(s).
1/11/2014 10:56:22 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 154 time(s).
1/11/2014 10:55:16 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 153 time(s).
1/11/2014 10:52:51 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 152 time(s).
1/11/2014 10:48:42 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 151 time(s).
1/11/2014 10:47:33 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 150 time(s).
1/11/2014 10:47:23 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 149 time(s).
1/11/2014 10:45:54 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 148 time(s).
1/11/2014 10:44:39 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 147 time(s).
1/11/2014 10:44:24 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 146 time(s).
1/11/2014 10:40:29 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 145 time(s).
1/11/2014 10:30:13 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 144 time(s).
1/11/2014 10:14:56 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 143 time(s).
1/11/2014 10:12:23 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 142 time(s).
1/11/2014 10:12:21 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 141 time(s).
1/11/2014 10:11:15 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 140 time(s).
1/11/2014 10:10:58 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 139 time(s).
1/11/2014 10:10:46 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 138 time(s).
1/11/2014 10:09:01 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 137 time(s).
1/11/2014 1:39:58 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 9 time(s).
1/11/2014 1:32:24 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
1/11/2014 1:31:44 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Hello icheesy and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall this application: Level Quality Watcher

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 4

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
  • ComboFix log
Link to post
Share on other sites

Hello icheesy and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall this application: Level Quality Watcher

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 4

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
  • ComboFix log

 

Thanks for your reply

I cannot find Level Quality Watcher in my programs list

 

QSMOYeT.png

How can I find and uninstall Level Quality Watcher?

Link to post
Share on other sites

Okay I ran: Junkware removal, AdwCleaner, and Combofix in safemode.
AdwCleaner killed the Quality Level Watcher, I believe.
 

 

After doing all of theses, I downloaded a fresh malwarebytes, but I still have "can't run mbam.exe" after installed

Junkware logs

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Cheese on Sun 01/12/2014 at 15:30:47.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\caphyon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1830681138-2647716890-1972216353-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E5A212E8-4450-4499-ABF7-C1CC70E59F71}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Cheese\appdata\locallow\SkwConfig.bin"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Cheese\appdata\local\cre"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/12/2014 at 15:32:11.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


AdwCleaner logs

# AdwCleaner v3.017 - Report created 12/01/2014 at 15:20:32
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Cheese - WANGPC
# Running from : C:\Users\Cheese\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : hlnfd
Service Deleted : Level Quality Watcher
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\YoutubeAdblocker
Folder Deleted : C:\ProgramData\SearchNewTab
Folder Deleted : C:\ProgramData\surf and kueeopp
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Level Quality Watcher
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\YoutubeAdblocker
Folder Deleted : C:\Program Files (x86)\SearchNewTab
Folder Deleted : C:\Program Files (x86)\surf and kueeopp
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\Cheese\AppData\Local\Conduit
Folder Deleted : C:\Users\Cheese\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Cheese\Documents\optimizer pro
Folder Deleted : C:\Users\Cheese\AppData\Roaming\Mozilla\Firefox\Profiles\i2l93bwv.default\Extensions\4exrfw1mid@qjqggtuye.net
Folder Deleted : C:\Users\Cheese\AppData\Roaming\Mozilla\Firefox\Profiles\i2l93bwv.default\Extensions\oiaoyaoamdz@wqqk-dzjs.org
Folder Deleted : C:\Users\Cheese\AppData\Roaming\Mozilla\Firefox\Profiles\i2l93bwv.default\Extensions\rxpnazr@cszwaoe.edu
File Deleted : C:\Users\Cheese\AppData\Roaming\Mozilla\Firefox\Profiles\i2l93bwv.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\END
File Deleted : C:\Windows\SysWOW64\AdpeakProxy.dll
File Deleted : C:\Windows\System32\AdpeakProxy64.dll
File Deleted : C:\Users\Cheese\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Cheese\AppData\Roaming\Mozilla\Firefox\Profiles\i2l93bwv.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\Cheese\AppData\Roaming\Mozilla\Firefox\Profiles\i2l93bwv.default\searchplugins\WebSearch.xml
File Deleted : C:\Users\Cheese\AppData\Roaming\Mozilla\Firefox\Profiles\i2l93bwv.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [gethighlightly@gethighlightly.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AdpeakProxy.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298569
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{91607FA7-3C2F-4F90-93E3-D5337A6B0AC2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Scorpion Saver
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Adpeak, Inc.
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Updater By Sweetpacks
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : [x64] HKLM\SOFTWARE\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [OldURL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
 
-\\ Mozilla Firefox v22.0 (en-US)
 
[ File : C:\Users\Cheese\AppData\Roaming\Mozilla\Firefox\Profiles\i2l93bwv.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("extensions.3EXb0.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\"[...]
Line Deleted : user_pref("extensions.BXCtqOj.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement('script');script.t[...]
Line Deleted : user_pref("extensions.dnyl04pSuAsk.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;[...]
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Cheese\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [11618 octets] - [12/01/2014 15:20:05]
AdwCleaner[s0].txt - [10596 octets] - [12/01/2014 15:20:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10657 octets] ##########
 

Combofix logs

ComboFix 14-01-12.01 - Cheese 01/12/2014  15:37:14.1.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8075.7220 [GMT -6:00]
Running from: c:\users\Cheese\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\846166776.exe
c:\users\Cheese\AppData\Roaming\0.exe
c:\users\Cheese\AppData\Roaming\4.exe
c:\users\Cheese\AppData\Roaming\dclogs
c:\users\Cheese\AppData\Roaming\dclogs\2013-07-15-2.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-07-16-3.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-07-17-4.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-07-24-4.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-07-25-5.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-07-26-6.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-07-28-1.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-07-29-2.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-08-02-6.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-08-03-7.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-11-10-1.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-11-11-2.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-11-12-3.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-11-13-4.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-11-14-5.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-11-15-6.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-11-16-7.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-11-17-1.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-11-18-2.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-11-19-3.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-11-20-4.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-11-21-5.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-11-22-6.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-11-23-7.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-11-24-1.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-11-25-2.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-11-26-3.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-11-27-4.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-01-1.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-02-2.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-03-3.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-04-4.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-05-5.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-06-6.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-07-7.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-08-1.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-09-2.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-10-3.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-11-4.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-12-5.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-13-6.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-15-1.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-16-2.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-17-3.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-18-4.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-19-5.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-20-6.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-21-7.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-22-1.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-23-2.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-24-3.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-25-4.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-26-5.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-27-6.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-28-7.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-29-1.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-30-2.dc
c:\users\Cheese\AppData\Roaming\dclogs\2013-12-31-3.dc
c:\users\Cheese\AppData\Roaming\dclogs\2014-01-01-4.dc
c:\users\Cheese\AppData\Roaming\dclogs\2014-01-02-5.dc
c:\users\Cheese\AppData\Roaming\dclogs\2014-01-03-6.dc
c:\users\Cheese\AppData\Roaming\dclogs\2014-01-04-7.dc
c:\users\Cheese\AppData\Roaming\dclogs\2014-01-05-1.dc
c:\users\Cheese\AppData\Roaming\dclogs\2014-01-06-2.dc
c:\users\Cheese\AppData\Roaming\dclogs\2014-01-07-3.dc
c:\users\Cheese\AppData\Roaming\dclogs\2014-01-08-4.dc
c:\users\Cheese\AppData\Roaming\dclogs\2014-01-09-5.dc
c:\users\Cheese\AppData\Roaming\msconfig.exe
c:\users\Cheese\AppData\Roaming\msconfig.ini
c:\users\Cheese\fsztn
c:\users\Cheese\fsztn\28522.cmd
c:\users\Cheese\fsztn\85672.vbs
c:\users\Cheese\fsztn\ApnyHBfGcCcY.SXT
c:\users\Cheese\fsztn\cssrss.exe
c:\users\Cheese\fsztn\FpTLMFBi.JNK
c:\users\Cheese\fsztn\tTPgchgpbNy.vbs
c:\users\Cheese\fsztn\yRdFAJEfVT.ECD
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabhpjmebdjiobjihollpnlmmcdkjpom
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabhpjmebdjiobjihollpnlmmcdkjpom\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabhpjmebdjiobjihollpnlmmcdkjpom\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabhpjmebdjiobjihollpnlmmcdkjpom\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabhpjmebdjiobjihollpnlmmcdkjpom\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabhpjmebdjiobjihollpnlmmcdkjpom\1.0\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabhpjmebdjiobjihollpnlmmcdkjpom\1.0\sqlite.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabhpjmebdjiobjihollpnlmmcdkjpom\1.0\XPyxHPHN8t1l.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kapmocaaffcldhgoabdpepannbllooda
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kapmocaaffcldhgoabdpepannbllooda\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kapmocaaffcldhgoabdpepannbllooda\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kapmocaaffcldhgoabdpepannbllooda\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kapmocaaffcldhgoabdpepannbllooda\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kapmocaaffcldhgoabdpepannbllooda\1.0\sqlite.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kapmocaaffcldhgoabdpepannbllooda\1.0\XjicTle.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdoekcapeojddkjejaeelmehakbhgig
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdoekcapeojddkjejaeelmehakbhgig\2.19\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdoekcapeojddkjejaeelmehakbhgig\2.19\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdoekcapeojddkjejaeelmehakbhgig\2.19\JhDTn.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdoekcapeojddkjejaeelmehakbhgig\2.19\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdoekcapeojddkjejaeelmehakbhgig\2.19\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdoekcapeojddkjejaeelmehakbhgig\2.19\sqlite.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\SysWow64\{$1284-9213-2940-1289$}
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-12 to 2014-01-12  )))))))))))))))))))))))))))))))
.
.
2014-01-12 21:33 . 2014-01-12 21:34 -------- d-----w- c:\program files (x86)\Malware
2014-01-12 21:30 . 2014-01-12 21:30 -------- d-----w- c:\windows\ERUNT
2014-01-12 21:20 . 2014-01-12 21:20 -------- d-----w- C:\AdwCleaner
2014-01-12 06:19 . 2014-01-12 06:19 -------- d-----w- c:\programdata\Lavasoft
2014-01-12 06:11 . 2014-01-12 06:11 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2014-01-12 03:26 . 2014-01-12 03:29 -------- d-----w- c:\programdata\MFAData
2014-01-12 03:26 . 2014-01-12 03:26 -------- d-----w- c:\users\Cheese\AppData\Local\MFAData
2014-01-12 03:26 . 2014-01-12 03:26 -------- d-----w- c:\users\Cheese\AppData\Local\Avg2014
2014-01-12 02:33 . 2014-01-12 02:33 -------- d-----w- c:\program files (x86)\ESET
2014-01-12 02:09 . 2014-01-12 02:09 -------- d-----w- c:\programdata\Malwarebytes
2014-01-12 02:07 . 2014-01-12 02:09 -------- d-----w- c:\program files (x86)\Malll
2014-01-12 02:07 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-10 04:53 . 2014-01-10 04:53 -------- d-----w- C:\{$2768-4498-5198-1488$}
2014-01-09 22:30 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F4C93D0-85E9-401E-8B35-5B86F00AE95B}\mpengine.dll
2014-01-08 05:02 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-08 00:31 . 2014-01-08 00:31 -------- d-----w- c:\program files\AutoHotkey
2014-01-07 06:48 . 2014-01-07 06:48 -------- d-----r- C:\Sandbox
2014-01-07 06:47 . 2014-01-07 06:47 -------- d-----w- c:\program files\Sandboxie
2014-01-07 06:44 . 2014-01-07 06:44 -------- d-----w- C:\{$1284-9213-2940-1289$}
2013-12-31 09:16 . 2014-01-12 01:35 -------- d-----w- c:\users\Cheese\AppData\Roaming\BoL
2013-12-31 06:47 . 2013-12-31 07:12 -------- d-----w- c:\program files (x86)\LastPass
2013-12-27 18:54 . 2013-12-27 18:54 -------- d-----w- c:\program files (x86)\DeskPins
2013-12-27 18:13 . 2013-12-27 18:13 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-24 23:52 . 2003-03-16 06:15 90112 ----a-w- c:\windows\unvise32.exe
2013-12-24 23:51 . 2013-12-24 23:52 -------- d-----w- c:\program files (x86)\Mall Of America Tycoon
2013-12-16 05:13 . 2013-12-16 05:13 -------- d-----w- c:\users\Default\AppData\Local\Google
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-04 04:12 . 2013-12-04 04:12 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-04 04:12 . 2013-12-04 04:12 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-04 04:12 . 2013-12-04 04:12 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-04 04:12 . 2013-12-04 04:12 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-04 04:12 . 2013-12-04 04:12 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-04 04:12 . 2013-12-04 04:12 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-04 04:12 . 2013-12-04 04:12 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-04 04:12 . 2013-12-04 04:12 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-04 04:12 . 2013-12-04 04:12 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-04 04:12 . 2013-12-04 04:12 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-04 04:12 . 2013-12-04 04:12 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-04 04:12 . 2013-12-04 04:12 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-04 04:12 . 2013-12-04 04:12 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-04 04:12 . 2013-12-04 04:12 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-04 04:12 . 2013-12-04 04:12 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-04 04:12 . 2013-12-04 04:12 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-04 04:12 . 2013-12-04 04:12 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-04 04:12 . 2013-12-04 04:12 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-04 04:12 . 2013-12-04 04:12 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-04 04:12 . 2013-12-04 04:12 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-04 04:12 . 2013-12-04 04:12 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-04 04:12 . 2013-12-04 04:12 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-04 04:12 . 2013-12-04 04:12 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-04 04:12 . 2013-12-04 04:12 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-04 04:12 . 2013-12-04 04:12 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-04 04:12 . 2013-12-04 04:12 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-04 04:12 . 2013-12-04 04:12 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-04 04:12 . 2013-12-04 04:12 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-04 04:12 . 2013-12-04 04:12 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-04 04:12 . 2013-12-04 04:12 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-04 04:12 . 2013-12-04 04:12 413696 ----a-w- c:\windows\system32\html.iec
2013-12-04 04:12 . 2013-12-04 04:12 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-04 04:12 . 2013-12-04 04:12 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-04 04:12 . 2013-12-04 04:12 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-04 04:12 . 2013-12-04 04:12 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-04 04:12 . 2013-12-04 04:12 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-04 04:12 . 2013-12-04 04:12 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-04 04:12 . 2013-12-04 04:12 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-04 04:12 . 2013-12-04 04:12 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-04 04:12 . 2013-12-04 04:12 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-04 04:12 . 2013-12-04 04:12 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-04 04:12 . 2013-12-04 04:12 235520 ----a-w- c:\windows\system32\url.dll
2013-12-04 04:12 . 2013-12-04 04:12 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-04 04:12 . 2013-12-04 04:12 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-04 04:12 . 2013-12-04 04:12 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-04 04:12 . 2013-12-04 04:12 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-04 04:12 . 2013-12-04 04:12 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-04 04:12 . 2013-12-04 04:12 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-04 04:12 . 2013-12-04 04:12 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-04 04:12 . 2013-12-04 04:12 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-04 04:12 . 2013-12-04 04:12 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-04 04:12 . 2013-12-04 04:12 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-04 04:12 . 2013-12-04 04:12 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-04 04:12 . 2013-12-04 04:12 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-04 04:12 . 2013-12-04 04:12 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-04 04:12 . 2013-12-04 04:12 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-04 04:12 . 2013-12-04 04:12 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-04 04:12 . 2013-12-04 04:12 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-04 04:12 . 2013-12-04 04:12 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-26 11:54 . 2013-12-12 04:55 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-12 04:55 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-12 04:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-12 04:55 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-12 04:55 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-12 04:55 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-12 04:55 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-12 04:55 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-12 04:55 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-12 04:55 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-12 04:55 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-12 04:55 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-12 04:55 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-12 04:55 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-12 04:55 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-12 04:55 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-12 04:55 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-12 04:55 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-12 04:55 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-12 04:55 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-12 04:55 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-12 04:55 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-12 04:55 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-12 04:55 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-12 01:01 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 01:01 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-12 02:23 . 2013-12-12 00:55 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-12 00:55 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-12 01:01 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-12 01:01 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-10-30 01:24 . 2013-12-12 01:01 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-10-19 02:18 . 2013-12-12 01:01 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-19 01:36 . 2013-12-12 01:01 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-10-15 00:00 . 2013-12-04 04:13 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ManyCam"="c:\program files (x86)\ManyCam\Bin\ManyCam.exe" [2013-06-21 5396304]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-11-21 3551576]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-12-06 20203904]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-10-16 759496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Skype"="c:\{$2768-4498-5198-1488$}\Skype.exe" [2014-01-07 284160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malware\mbamgui.exe" [2013-04-04 532040]
.
c:\users\Cheese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
DeskPins.lnk - c:\program files (x86)\DeskPins\DeskPins.exe [2004-5-2 62464]
Skype.url [2014-1-12 54]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
R2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 00:07 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1830681138-2647716890-1972216353-1000Core.job
- c:\users\Cheese\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-18 04:22]
.
2014-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1830681138-2647716890-1972216353-1000UA.job
- c:\users\Cheese\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-18 04:22]
.
2014-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-11 03:51]
.
2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-11 03:51]
.
2014-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1830681138-2647716890-1972216353-1000Core.job
- c:\users\Cheese\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-11 03:36]
.
2014-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1830681138-2647716890-1972216353-1000UA.job
- c:\users\Cheese\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-11 03:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 21:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 21:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 21:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 21:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 21:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 173.213.96.229:7808
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.127
FF - ProfilePath - 
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1830681138-2647716890-1972216353-1000\Software\SecuROM\License information*]
"datasecu"=hex:5d,80,11,36,6a,6b,d0,53,a8,31,32,d2,67,9b,3b,d4,f8,4b,93,4c,75,
   99,fe,30,82,7b,ac,f9,67,a7,49,3b,be,b0,84,82,02,3d,0a,f0,db,56,6c,8e,c2,2a,\
"rkeysecu"=hex:9e,06,4a,78,b1,ab,fe,af,4b,5b,ae,9f,c1,6a,6f,d2
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-12  15:42:22
ComboFix-quarantined-files.txt  2014-01-12 21:42
.
Pre-Run: 895,806,943,232 bytes free
Post-Run: 898,174,320,640 bytes free
.
- - End Of File - - 5BEE2909DEFEFFA7BCDC9573E9B2E429
A36C5E4F47E84449FF07ED3517B43A31
 
Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.