Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Volume mixer has "Name is not available"


  • This topic is locked This topic is locked
26 replies to this topic

#1 Skizzak

Skizzak

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 04 January 2014 - 04:15 PM

When I start my computer I hear a random talk show or something and in my volume mixer there is a volume slider for "Name not available." I'm pretty sure I'm infected with something that is using a ton of resources. In my task manager if i click "show processes from all users" one stands way above the top as far as memory usage. svchost.exe is sitting at 714,024 memory usage and it climbs at an alarming rate even if nothing is running on my computer. I think my computer is being mined. My malwarebytes software isn't picking anything up on a full scan either. I appreciate any and all help with this issue.

 

DDS

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.9.2
Run by Cramer at 16:09:35 on 2014-01-04
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3327.1123 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\PnkBstrA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Razer\Synapse\RzSynapse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.speedtest.net/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.2.0.38\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.2.0.38\AVG Secure Search_toolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Smart PC Cleaner] c:\program files\smart pc cleaner\SPCLauncher.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Razer Synapse] "c:\program files\razer\synapse\RzSynapse.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: c:\users\cramer\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{17B39D77-820B-4307-97FC-CA0127879602} : DHCPNameServer = 69.88.214.131 69.88.214.132
TCP: Interfaces\{A0E8D0C6-8966-470F-8EEC-EBFFD36BA2C0} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.2.0\ViProtocol.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cramer\appdata\roaming\mozilla\firefox\profiles\a1os5m45.default\
FF - prefs.js: browser.startup.homepage - www.bing.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\battlelog web plugins\1.102.0\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.4\npesnsonar.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.2.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\cramer\appdata\roaming\mozilla\firefox\profiles\a1os5m45.default\extensions\[email protected]\plugins\npBFHUpdater.dll
FF - plugin: c:\users\cramer\appdata\roaming\triangleplayer\NPTrianglePlayer.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-7-20 37664]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-6-11 217600]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2013-11-29 1664336]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2012-7-9 9216]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein hamachi\LMIGuardianSvc.exe [2013-10-11 375056]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-17 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-17 701512]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\17.2.0\ToolbarUpdater.exe [2013-12-9 1771544]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-27 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-1-4 40776]
R3 rzudd;Razer Mouse Driver;c:\windows\system32\drivers\rzudd.sys [2012-7-15 84608]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-10-27 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-10-26 1343400]
.
=============== Created Last 30 ================
.
2014-01-04 20:31:36    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2014-01-02 21:52:29    7760024    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{e5c5099e-038d-4f4c-92b9-1d0bdb049a3f}\mpengine.dll
2013-12-27 20:00:06    7760024    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-12-27 05:04:02    --------    d-----w-    C:\zywxsoft
2013-12-27 05:04:01    --------    d-----w-    c:\users\cramer\appdata\roaming\TrianglePlayer
2013-12-23 23:05:11    --------    d-----w-    c:\users\cramer\appdata\local\LogMeIn Hamachi
2013-12-23 23:05:11    --------    d-----w-    c:\users\cramer\appdata\local\LogMeIn
2013-12-23 23:05:11    --------    d-----w-    c:\programdata\LogMeIn
2013-12-23 23:04:17    --------    d-----w-    c:\program files\LogMeIn Hamachi
2013-12-23 21:06:04    --------    d-----w-    c:\users\cramer\appdata\roaming\Rogue Legacy
.
==================== Find3M  ====================
.
2013-12-10 23:15:12    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-10 23:15:11    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-10 16:03:14    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
.
============= FINISH: 16:11:18.68 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • SpywareHammer Trainee
  • 541 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Halifax, UK
  • Local time:05:28 AM

Posted 05 January 2014 - 03:46 AM

Hi Skizzak and Welcome to Bleeping Computer!

I am currently looking though your logs and will advice you on what to do in my next reply.
It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

#3 seedy21

seedy21

  • SpywareHammer Trainee
  • 541 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Halifax, UK
  • Local time:05:28 AM

Posted 05 January 2014 - 01:46 PM

Hello Skizzak

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.
Step 1
Download ADWCleaner to your desktop:
http://www.bleepingcomputer.com/download/adwcleaner/

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Step 2

Malwarebytes Anti-Rootkit Tool....

1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/
2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe

Image1.png

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

mbarwm.png

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

Image4.png

7. In the following window ensure "Targets" are ticked. Then select "Scan"

Image5.png

8. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

9. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.
10. If no threats were found you will see the following image, Select Exit:

Image6.png

11. Verify that your system is now running normally, making sure that the following items are functional:
  • Internet access
  • Windows Update
  • Windows Firewall
12. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

Image7.png

13. The following Window will open, Select "Y" from your Keyboard, tap Enter.

Image8.png

14. The fix will be applied, select any key to Exit.

Image9.png

15. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log Date and time of scan will also be shown

Image10.png
It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

#4 Skizzak

Skizzak
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 05 January 2014 - 02:59 PM

Followed all the steps but my memory issue and the "name is not available" is still in my volume control

 

Adwcleaner:

 

# AdwCleaner v3.016 - Report created 05/01/2014 at 14:20:02
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Cramer - BOSSATRON
# Running from : C:\Users\Cramer\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smart pc cleaner
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\smart pc cleaner
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Cramer\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Cramer\AppData\LocalLow\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Smart PC Cleaner]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Smart PC Cleaner
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart PC Cleaner_is1

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\prefs.js ]

Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\17.2.0.38");
Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

*************************

AdwCleaner[R0].txt - [7685 octets] - [05/01/2014 14:18:30]
AdwCleaner[S0].txt - [7549 octets] - [05/01/2014 14:20:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7609 octets] ##########
 

 

Mbar Log:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.05.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Cramer :: BOSSATRON [administrator]

1/5/2014 2:26:26 PM
mbar-log-2014-01-05 (14-26-26).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 246568
Time elapsed: 25 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

 

System Log:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.671000 GHz
Memory total: 3488735232, free: 1829822464

Downloaded database version: v2014.01.05.04
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     01/05/2014 14:26:18
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\yk62x86.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AmdLLD.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW73.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\rzudd.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\nsi.dll
\Windows\System32\lpk.dll
\Windows\System32\wininet.dll
\Windows\System32\setupapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\msctf.dll
\Windows\System32\urlmon.dll
\Windows\System32\ws2_32.dll
\Windows\System32\gdi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\comdlg32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\advapi32.dll
\Windows\System32\user32.dll
\Windows\System32\ole32.dll
\Windows\System32\sechost.dll
\Windows\System32\normaliz.dll
\Windows\System32\imagehlp.dll
\Windows\System32\kernel32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\psapi.dll
\Windows\System32\shell32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\difxapi.dll
\Windows\System32\usp10.dll
\Windows\System32\msvcrt.dll
\Windows\System32\imm32.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffffc35f7030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-4\
Lower Device Object: 0xffffffffc34b9908
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffffc35f6ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xffffffffc30ff030
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffffc35f6ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffffc35f6700, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffffc35f6ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffffc308b918, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffffc30ff030, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 75CC75CC

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 1250242497
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1250243728-1250263728)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffffc35f7030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffffc35f6140, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffffc35f7030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffffc3101810, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffffc34b9908, DeviceName: \Device\Ide\IdeDeviceP3T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 76027602

Partition information:

    Partition 0 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
 

svchost.exe is at 1,123,548 usage currently.



#5 seedy21

seedy21

  • SpywareHammer Trainee
  • 541 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Halifax, UK
  • Local time:05:28 AM

Posted 05 January 2014 - 05:26 PM

Hi Skizzak

More information about Installing and run Combofix can be found HERE

Please download ComboFix from one of the following locations:
 

 

  • **IMPORTANT! Save ComboFix to your Desktop. Read the following thoroughly
  • Close any open browsers.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on 'ComboFix.exe' & follow the prompts.
  • If ComboFix finds any Updates, Please allow ComboFix to run them.
  • ComboFix will now disconnect your computer from the Internet and start scanning for Malware so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection. please be patient.
  • When the scan finished, it will delete the malware found and reboot your computer automatically. Don't reboot your computer manually, let ComboFix do it.
  • Once your computer is rebooted, ComboFix will start preparing a log. Please let it do so unhindered.
  • If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

    Please include the contents of C:\ComboFix.txt in your next reply.

    Please Enable your Anti-virus Software again !!

    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
    3. ComboFix may reset a number of Internet Explorer's settings, including making Internet Explorer the default browser.
    4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.

Edited by seedy21, 05 January 2014 - 05:27 PM.

It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

#6 Skizzak

Skizzak
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 05 January 2014 - 07:08 PM

Name not available is still in the volume mixer. svchost.exe is still using more resources than it should.

 

Combofix log:

 

ComboFix 14-01-04.03 - Cramer 01/05/2014  18:46:04.3.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3327.1628 [GMT -5:00]
Running from: c:\users\Cramer\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Cramer\Desktop\Setup.exe
c:\windows\msvcr71.dll
c:\windows\system32\sysprep\cryptbase.dll
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache\userinit.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-05 to 2014-01-05  )))))))))))))))))))))))))))))))
.
.
2014-01-05 23:55 . 2014-01-05 23:55    --------    d-----w-    c:\users\TEMP\AppData\Local\temp
2014-01-05 23:55 . 2014-01-05 23:55    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-01-05 23:55 . 2014-01-05 23:55    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-05 23:38 . 2013-12-04 02:57    7760024    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FFEFB041-399A-4F06-AA54-1FB7B70D8025}\mpengine.dll
2014-01-05 19:26 . 2014-01-05 19:52    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-05 19:24 . 2014-01-05 19:24    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-01-05 19:18 . 2014-01-05 19:20    --------    d-----w-    C:\AdwCleaner
2013-12-27 20:00 . 2013-12-04 02:57    7760024    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-27 05:04 . 2013-12-27 05:04    --------    d-----w-    C:\zywxsoft
2013-12-27 05:04 . 2013-12-27 05:05    --------    d-----w-    c:\users\Cramer\AppData\Roaming\TrianglePlayer
2013-12-23 23:05 . 2014-01-05 23:57    --------    d-----w-    c:\users\Cramer\AppData\Local\LogMeIn Hamachi
2013-12-23 23:05 . 2013-12-23 23:05    --------    d-----w-    c:\users\Cramer\AppData\Local\LogMeIn
2013-12-23 23:05 . 2013-12-23 23:05    --------    d-----w-    c:\programdata\LogMeIn
2013-12-23 23:04 . 2013-12-23 23:04    --------    d-----w-    c:\program files\LogMeIn Hamachi
2013-12-23 21:06 . 2013-12-23 21:06    --------    d-----w-    c:\users\Cramer\AppData\Roaming\Rogue Legacy
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-10 23:15 . 2013-03-20 19:28    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-10 23:15 . 2011-10-25 19:44    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-10 16:03 . 2012-07-20 06:20    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Steam"="c:\program files\Steam\steam.exe" [2013-12-11 1823656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-01-25 296056]
"Razer Synapse"="c:\program files\Razer\Synapse\RzSynapse.exe" [2012-08-10 316840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]
.
c:\users\Cramer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2013-3-13 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl8712b1fb;MpKsl8712b1fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E5C5099E-038D-4F4C-92B9-1D0BDB049A3F}\MpKsl8712b1fb.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 74112]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-26 1343400]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-11-10 37664]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 217600]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 1664336]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\Hi-Rez Studios\HiPatchService.exe [2013-12-16 9216]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 375056]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-07-16 84608]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-20 23:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.speedtest.net/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\
FF - prefs.js: browser.startup.homepage - www.bing.com
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4092379890-2822534315-2594436527-1001\Software\SecuROM\License information*]
"datasecu"=hex:4e,3f,33,90,88,31,fd,93,60,27,80,8d,61,9d,a0,14,63,b5,fa,2d,9f,
   80,bf,cb,ed,3e,cd,b4,98,f3,57,c0,97,f1,34,38,86,d2,96,57,90,49,16,5e,ea,99,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\vssvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2014-01-05  19:04:49 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-06 00:04
ComboFix2.txt  2012-08-26 10:21
ComboFix3.txt  2012-08-26 05:35
.
Pre-Run: 124,987,621,376 bytes free
Post-Run: 126,961,410,048 bytes free
.
- - End Of File - - 04A4B30DDB8BF5DE74688AC7532A8D32
A36C5E4F47E84449FF07ED3517B43A31
 



#7 Skizzak

Skizzak
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 06 January 2014 - 10:34 PM

Just an update when I last restarted my computer I had 19 windows updates that needed installing. Is this normal?



#8 seedy21

seedy21

  • SpywareHammer Trainee
  • 541 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Halifax, UK
  • Local time:05:28 AM

Posted 07 January 2014 - 03:34 AM


Hi Skizzak

Step 1

I assume you still have ComboFix on your system. If not, please download Combofix from one of the following locations:Please open Notepad (Through Start Menu -> Accessories -> Notepad) and copy/paste this code into notepad, exactly as it is: (DON'T include the 'Quote:')

KILLALL::

DRIVER::
vToolbarUpdater17.2.0
avgtp

File::
c:\windows\system32\drivers\avgtpx86.sys

FOLDER::
c:\program files\Common Files\AVG Secure Search

JavaClearCache::


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Make sure your Anti-Virus is disabled while we do this. You can disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, please read this.

CFScriptB-4.gif

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When the scan finished, it will execute the script and reboot your computer automatically. Don't reboot your computer manually, let ComboFix do it.

Once your computer is rebooted, ComboFix will start preparing a log. Please let it do so unhindered. After a few minutes, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Step 2

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :file
    rpcss.dll
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

#9 Skizzak

Skizzak
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 07 January 2014 - 12:40 PM

combo fix log:

 

ComboFix 14-01-04.03 - Cramer 01/07/2014  12:09:12.4.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3327.1257 [GMT -5:00]
Running from: c:\users\Cramer\Desktop\ComboFix.exe
Command switches used :: c:\users\Cramer\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\avgtpx86.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\avgtpx86.sys
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGTP
-------\Service_avgtp
-------\Service_vToolbarUpdater17.2.0
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-07 to 2014-01-07  )))))))))))))))))))))))))))))))
.
.
2014-01-07 17:26 . 2014-01-07 17:26    --------    d-----w-    c:\users\TEMP\AppData\Local\temp
2014-01-07 17:26 . 2014-01-07 17:26    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-01-07 17:26 . 2014-01-07 17:26    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-07 17:06 . 2013-12-04 02:57    7760024    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B8F5B6E-426F-4AA7-96D0-9E3A71EBBB15}\mpengine.dll
2014-01-07 04:07 . 2012-07-26 02:33    66560    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2014-01-07 04:07 . 2012-07-26 02:32    155136    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2014-01-07 03:54 . 2014-01-07 03:54    49152    ----a-w-    c:\windows\system32\taskhost.exe
2014-01-07 03:48 . 2014-01-07 03:48    1505280    ----a-w-    c:\windows\system32\d3d11.dll
2014-01-06 00:58 . 2013-04-12 13:45    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2014-01-06 00:58 . 2012-11-22 04:45    626688    ----a-w-    c:\windows\system32\usp10.dll
2014-01-06 00:58 . 2013-07-09 04:50    652800    ----a-w-    c:\windows\system32\rpcrt4.dll
2014-01-06 00:58 . 2012-08-22 17:16    712048    ----a-w-    c:\windows\system32\drivers\ndis.sys
2014-01-06 00:58 . 2012-07-04 19:45    33280    ----a-w-    c:\windows\system32\drivers\RNDISMP.sys
2014-01-06 00:58 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\system32\wintrust.dll
2014-01-06 00:57 . 2013-10-04 01:58    152576    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2014-01-06 00:57 . 2013-10-04 01:56    168960    ----a-w-    c:\windows\system32\credui.dll
2014-01-06 00:57 . 2013-10-04 01:56    1796096    ----a-w-    c:\windows\system32\authui.dll
2014-01-06 00:56 . 2012-11-02 05:11    376832    ----a-w-    c:\windows\system32\dpnet.dll
2014-01-06 00:55 . 2013-02-12 03:32    15872    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2014-01-06 00:55 . 2013-10-30 02:19    301568    ----a-w-    c:\windows\system32\msieftp.dll
2014-01-06 00:55 . 2013-09-25 01:57    247808    ----a-w-    c:\windows\system32\schannel.dll
2014-01-06 00:55 . 2013-09-25 02:01    136640    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-01-06 00:55 . 2013-09-25 01:56    220160    ----a-w-    c:\windows\system32\ncrypt.dll
2014-01-06 00:55 . 2013-07-04 12:16    369848    ----a-w-    c:\windows\system32\drivers\cng.sys
2014-01-06 00:54 . 2013-09-25 02:01    67520    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2014-01-06 00:54 . 2013-09-25 01:56    1038848    ----a-w-    c:\windows\system32\lsasrv.dll
2014-01-06 00:54 . 2013-09-25 01:57    99840    ----a-w-    c:\windows\system32\sspicli.dll
2014-01-06 00:54 . 2013-09-25 01:57    22016    ----a-w-    c:\windows\system32\secur32.dll
2014-01-06 00:54 . 2013-09-25 00:49    22016    ----a-w-    c:\windows\system32\lsass.exe
2014-01-06 00:54 . 2013-09-25 00:49    15872    ----a-w-    c:\windows\system32\sspisrv.dll
2014-01-06 00:54 . 2013-01-24 04:47    196328    ----a-w-    c:\windows\system32\drivers\fvevol.sys
2014-01-06 00:53 . 2013-10-19 01:36    159232    ----a-w-    c:\windows\system32\imagehlp.dll
2014-01-06 00:52 . 2013-10-12 02:03    163840    ----a-w-    c:\windows\system32\scrrun.dll
2014-01-06 00:52 . 2013-10-12 01:15    126976    ----a-w-    c:\windows\system32\cscript.exe
2014-01-06 00:52 . 2012-08-21 20:12    245760    ----a-w-    c:\windows\system32\OxpsConverter.exe
2014-01-06 00:52 . 2013-08-01 11:03    729024    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2014-01-06 00:52 . 2013-04-10 05:18    218984    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2014-01-06 00:52 . 2013-05-10 03:20    24576    ----a-w-    c:\windows\system32\cryptdlg.dll
2014-01-06 00:51 . 2013-11-12 02:07    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-01-06 00:51 . 2013-08-29 01:51    3969472    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2014-01-06 00:51 . 2013-08-29 01:51    3914176    ----a-w-    c:\windows\system32\ntoskrnl.exe
2014-01-06 00:51 . 2013-08-29 01:50    619520    ----a-w-    c:\windows\system32\tdh.dll
2014-01-06 00:51 . 2013-08-29 01:50    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2014-01-06 00:51 . 2013-08-29 01:48    640512    ----a-w-    c:\windows\system32\advapi32.dll
2014-01-06 00:51 . 2013-03-19 04:48    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2014-01-06 00:51 . 2013-03-19 02:49    69632    ----a-w-    c:\windows\system32\smss.exe
2014-01-06 00:51 . 2013-07-20 10:33    102608    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-06 00:51 . 2013-02-15 04:37    3217408    ----a-w-    c:\windows\system32\mstscax.dll
2014-01-06 00:51 . 2013-02-15 04:34    131584    ----a-w-    c:\windows\system32\aaclient.dll
2014-01-06 00:51 . 2013-02-15 03:25    36864    ----a-w-    c:\windows\system32\tsgqec.dll
2014-01-06 00:50 . 2013-04-26 04:55    492544    ----a-w-    c:\windows\system32\win32spl.dll
2014-01-06 00:50 . 2012-11-01 04:47    1389568    ----a-w-    c:\windows\system32\msxml6.dll
2014-01-06 00:50 . 2013-06-06 04:52    26112    ----a-w-    c:\windows\system32\lpk.dll
2014-01-06 00:50 . 2013-06-06 04:50    10240    ----a-w-    c:\windows\system32\dciman32.dll
2014-01-06 00:50 . 2013-06-06 03:01    295424    ----a-w-    c:\windows\system32\atmfd.dll
2014-01-06 00:50 . 2013-06-06 03:01    34304    ----a-w-    c:\windows\system32\atmlib.dll
2014-01-06 00:50 . 2013-06-06 04:51    70656    ----a-w-    c:\windows\system32\fontsub.dll
2014-01-06 00:50 . 2013-08-28 00:57    434688    ----a-w-    c:\windows\system32\scavengeui.dll
2014-01-06 00:49 . 2013-05-13 03:08    903168    ----a-w-    c:\windows\system32\certutil.exe
2014-01-06 00:49 . 2013-05-13 03:08    43008    ----a-w-    c:\windows\system32\certenc.dll
2014-01-06 00:48 . 2012-10-03 16:42    242176    ----a-w-    c:\windows\system32\nlasvc.dll
2014-01-06 00:48 . 2012-10-03 16:42    175104    ----a-w-    c:\windows\system32\netcorehc.dll
2014-01-06 00:48 . 2012-10-03 16:42    156672    ----a-w-    c:\windows\system32\ncsi.dll
2014-01-06 00:48 . 2012-10-03 16:40    499712    ----a-w-    c:\windows\system32\iphlpsvc.dll
2014-01-06 00:48 . 2012-10-03 16:42    52224    ----a-w-    c:\windows\system32\nlaapi.dll
2014-01-06 00:48 . 2012-10-03 16:42    18944    ----a-w-    c:\windows\system32\netevent.dll
2014-01-06 00:48 . 2012-10-03 15:21    35328    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys
2014-01-06 00:45 . 2013-07-06 05:05    1293760    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2014-01-06 00:45 . 2013-01-03 05:04    187752    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2014-01-06 00:45 . 2012-08-22 17:16    240496    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-01-06 00:45 . 2013-06-04 04:53    509440    ----a-w-    c:\windows\system32\qedit.dll
2014-01-06 00:45 . 2013-10-30 01:27    2349056    ----a-w-    c:\windows\system32\win32k.sys
2014-01-06 00:45 . 2013-10-04 01:49    81408    ----a-w-    c:\windows\system32\drivers\drmk.sys
2014-01-06 00:45 . 2013-10-04 01:17    177152    ----a-w-    c:\windows\system32\drivers\portcls.sys
2014-01-06 00:45 . 2012-08-10 23:56    542208    ----a-w-    c:\windows\system32\kerberos.dll
2014-01-06 00:44 . 2013-04-10 05:03    936448    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-01-06 00:44 . 2013-04-10 05:03    988672    ----a-w-    c:\program files\Windows Journal\JNTFiltr.dll
2014-01-06 00:44 . 2013-04-10 05:04    1221632    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2014-01-06 00:44 . 2013-04-10 05:03    969216    ----a-w-    c:\program files\Windows Journal\JNWDRV.dll
2014-01-06 00:42 . 2013-07-04 11:57    205824    ----a-w-    c:\windows\system32\WebClnt.dll
2014-01-06 00:42 . 2013-07-04 11:51    81920    ----a-w-    c:\windows\system32\davclnt.dll
2014-01-06 00:42 . 2013-07-04 09:48    115712    ----a-w-    c:\windows\system32\drivers\mrxdav.sys
2014-01-06 00:42 . 2013-10-03 01:58    305152    ----a-w-    c:\windows\system32\gdi32.dll
2014-01-06 00:42 . 2012-09-25 22:47    78336    ----a-w-    c:\windows\system32\synceng.dll
2014-01-06 00:41 . 2013-08-05 01:56    133056    ----a-w-    c:\windows\system32\drivers\ataport.sys
2014-01-06 00:41 . 2013-10-12 02:01    679424    ----a-w-    c:\windows\system32\IKEEXT.DLL
2014-01-06 00:41 . 2013-10-12 02:01    216576    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2014-01-06 00:41 . 2013-10-12 02:03    656896    ----a-w-    c:\windows\system32\nshwfp.dll
2014-01-06 00:40 . 2012-10-09 17:40    44032    ----a-w-    c:\windows\system32\dhcpcsvc6.dll
2014-01-06 00:40 . 2012-10-09 17:40    193536    ----a-w-    c:\windows\system32\dhcpcore6.dll
2014-01-06 00:40 . 2013-05-27 04:57    680960    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
2014-01-06 00:40 . 2013-05-27 04:57    392704    ----a-w-    c:\program files\Windows Defender\MpClient.dll
2014-01-06 00:40 . 2013-05-27 04:57    224768    ----a-w-    c:\program files\Windows Defender\MpCommu.dll
2014-01-06 00:39 . 2013-06-25 22:56    527064    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2014-01-06 00:39 . 2012-11-28 22:57    9728    ----a-w-    c:\windows\system32\Wdfres.dll
2014-01-06 00:39 . 2012-11-28 22:57    47720    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2014-01-06 00:39 . 2013-10-05 19:57    1168384    ----a-w-    c:\windows\system32\crypt32.dll
2014-01-06 00:39 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\system32\cryptsvc.dll
2014-01-06 00:39 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\system32\cryptnet.dll
2014-01-06 00:39 . 2013-07-12 10:07    86016    ----a-w-    c:\windows\system32\drivers\usbcir.sys
2014-01-06 00:39 . 2013-07-12 10:07    80896    ----a-w-    c:\windows\system32\drivers\USBAUDIO.sys
2014-01-06 00:39 . 2013-08-02 01:50    169984    ----a-w-    c:\windows\system32\winsrv.dll
2014-01-06 00:39 . 2013-08-02 01:49    293376    ----a-w-    c:\windows\system32\KernelBase.dll
2014-01-06 00:39 . 2013-08-02 00:52    271360    ----a-w-    c:\windows\system32\conhost.exe
2014-01-06 00:31 . 2014-01-06 00:36    --------    d-----w-    c:\windows\system32\MRT
2014-01-06 00:27 . 2013-05-10 03:48    164864    ----a-w-    c:\program files\Windows Media Player\wmplayer.exe
2014-01-06 00:19 . 2014-01-06 00:19    --------    d-----w-    c:\users\Default\AppData\Local\Microsoft Help
2014-01-06 00:03 . 2013-02-27 05:05    101720    ----a-w-    c:\windows\system32\consent.exe
2014-01-06 00:03 . 2013-02-27 04:49    47104    ----a-w-    c:\windows\system32\appinfo.dll
2014-01-05 19:26 . 2014-01-05 19:52    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-05 19:24 . 2014-01-05 19:24    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-01-05 19:18 . 2014-01-05 19:20    --------    d-----w-    C:\AdwCleaner
2013-12-27 20:00 . 2013-12-04 02:57    7760024    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-27 05:04 . 2013-12-27 05:04    --------    d-----w-    C:\zywxsoft
2013-12-27 05:04 . 2013-12-27 05:05    --------    d-----w-    c:\users\Cramer\AppData\Roaming\TrianglePlayer
2013-12-23 23:05 . 2014-01-07 17:29    --------    d-----w-    c:\users\Cramer\AppData\Local\LogMeIn Hamachi
2013-12-23 23:05 . 2013-12-23 23:05    --------    d-----w-    c:\users\Cramer\AppData\Local\LogMeIn
2013-12-23 23:05 . 2013-12-23 23:05    --------    d-----w-    c:\programdata\LogMeIn
2013-12-23 23:04 . 2013-12-23 23:04    --------    d-----w-    c:\program files\LogMeIn Hamachi
2013-12-23 21:06 . 2013-12-23 21:06    --------    d-----w-    c:\users\Cramer\AppData\Roaming\Rogue Legacy
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-07 03:52 . 2014-01-07 03:52    364544    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2014-01-07 03:52 . 2014-01-07 03:52    1158144    ----a-w-    c:\windows\system32\XpsPrint.dll
2014-01-07 03:52 . 2014-01-07 03:52    417792    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-12-10 23:15 . 2013-03-20 19:28    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-10 23:15 . 2011-10-25 19:44    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-12 02:04 . 2014-01-06 00:53    121856    ----a-w-    c:\windows\system32\wshom.ocx
2013-10-12 01:15 . 2014-01-06 00:52    141824    ----a-w-    c:\windows\system32\wscript.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Steam"="c:\program files\Steam\steam.exe" [2013-12-11 1823656]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-17 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-01-25 296056]
"Razer Synapse"="c:\program files\Razer\Synapse\RzSynapse.exe" [2012-08-10 316840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]
.
c:\users\Cramer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2013-3-13 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-10-23 280288]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-26 1343400]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 217600]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 1664336]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\Hi-Rez Studios\HiPatchService.exe [2013-12-16 9216]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 375056]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-07-16 84608]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-20 23:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.speedtest.net/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\
FF - prefs.js: browser.startup.homepage - www.bing.com
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4092379890-2822534315-2594436527-1001\Software\SecuROM\License information*]
"datasecu"=hex:4e,3f,33,90,88,31,fd,93,60,27,80,8d,61,9d,a0,14,63,b5,fa,2d,9f,
   80,bf,cb,ed,3e,cd,b4,98,f3,57,c0,97,f1,34,38,86,d2,96,57,90,49,16,5e,ea,99,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5724)
c:\program files\ATI Technologies\HydraVision\HydraDMH.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2014-01-07  12:38:12 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-07 17:38
ComboFix2.txt  2014-01-06 00:04
ComboFix3.txt  2012-08-26 10:21
ComboFix4.txt  2012-08-26 05:35
.
Pre-Run: 120,130,486,272 bytes free
Post-Run: 121,089,888,256 bytes free
.
- - End Of File - - 098D14952B2D4BC9BD46EF9D8E117572
A36C5E4F47E84449FF07ED3517B43A31
 

 

SystemLook:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 12:41 on 07/01/2014 by Cramer
Administrator - Elevation successful

========== file ==========

rpcss.dll - Unable to find/read file.

-= EOF =-


Edited by Skizzak, 07 January 2014 - 12:42 PM.


#10 seedy21

seedy21

  • SpywareHammer Trainee
  • 541 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Halifax, UK
  • Local time:05:28 AM

Posted 07 January 2014 - 04:36 PM

Hi Skizzak

Systemlook didnt run correctly. Please follow the step below.

Step 1


Please re-run SystemLook (if you have delete it, please download it and Save it to your Desktop)
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    rpcss.dll
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

Edited by seedy21, 07 January 2014 - 04:41 PM.

It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

#11 Skizzak

Skizzak
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 07 January 2014 - 05:09 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 16:52 on 07/01/2014 by Cramer
Administrator - Elevation successful

========== filefind ==========

Searching for "rpcss.dll"
C:\Windows\erdnt\cache\rpcss.dll    --a---- 376832 bytes    [05:34 26/08/2012]    [12:21 20/11/2010] 7660F01D3B38ACA1747E397D21D790AF
C:\Windows\System32\rpcss.dll    --a---- 377344 bytes    [03:37 28/10/2011]    [12:21 20/11/2010] CBBD1BCDE5B3BDBF3B008FCAEF750897
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll    --a---- 376320 bytes    [23:45 13/07/2009]    [01:16 14/07/2009] B82CD39E336973359D7C9BF911E8E84F
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll    --a---- 376832 bytes    [03:37 28/10/2011]    [12:21 20/11/2010] 7660F01D3B38ACA1747E397D21D790AF

-= EOF =-



#12 seedy21

seedy21

  • SpywareHammer Trainee
  • 541 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Halifax, UK
  • Local time:05:28 AM

Posted 07 January 2014 - 05:59 PM

Hi Skizzak

Step 1

I assume you still have ComboFix on your system. If not, please download Combofix from one of the following locations:Please open Notepad (Through Start Menu -> Accessories -> Notepad) and copy/paste this code into notepad, exactly as it is: (DON'T include the 'Quote:')

<http://www.bleepingcomputer.com/forums/t/519638/volume-mixer-has-name-is-not-available/>
KILLALL::

Suspect::[75]
C:\Windows\System32\rpcss.dll

FCopy::
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll | C:\Windows\System32\rpcss.dll


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Make sure your Anti-Virus is disabled while we do this. You can disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, please read this.

CFScriptB-4.gif

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When the scan finished, it will execute the script and reboot your computer automatically. Don't reboot your computer manually, let ComboFix do it.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

#13 Skizzak

Skizzak
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 08 January 2014 - 06:23 PM

Had a few errors on this combofix run. At first I couldnt get microsoft security essentials to turn off and it gave me two errors and restarted my computer a couple times. Something along the lines of "plug n play has failed and windows needs to restart." After disabling my internet i got it to turn off and not restart so I ran Combofix with the CFScript.txt. heres the log:

 

ComboFix 14-01-04.03 - Cramer 01/08/2014  17:52:48.5.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3327.2258 [GMT -5:00]
Running from: c:\users\Cramer\Desktop\ComboFix.exe
Command switches used :: c:\users\Cramer\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\windows\System32\rpcss.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll --> c:\windows\System32\rpcss.dll
.
(((((((((((((((((((((((((   Files Created from 2013-12-08 to 2014-01-08  )))))))))))))))))))))))))))))))
.
.
2014-01-08 23:05 . 2014-01-08 23:05    --------    d-----w-    c:\users\TEMP\AppData\Local\temp
2014-01-08 23:05 . 2014-01-08 23:05    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-01-08 23:05 . 2014-01-08 23:05    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-07 22:00 . 2014-01-07 22:00    719224    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{32AF4DF7-863E-44A7-AFF3-2637BA30D2E0}\gapaengine.dll
2014-01-07 22:00 . 2013-12-04 02:57    7760024    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26249155-7B4C-435D-BBFB-6662AA8E231D}\mpengine.dll
2014-01-07 17:38 . 2013-12-04 02:57    7760024    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-07 17:01 . 2014-01-07 17:01    338944    ----a-w-    c:\windows\system32\drivers\afd.sys
2014-01-07 17:01 . 2014-01-07 17:01    231424    ----a-w-    c:\windows\system32\mswsock.dll
2014-01-07 17:01 . 2014-01-07 17:01    1294272    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2014-01-07 04:07 . 2012-07-26 02:33    66560    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2014-01-07 04:07 . 2012-07-26 02:32    155136    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2014-01-07 04:07 . 2012-07-26 03:20    73216    ----a-w-    c:\windows\system32\WUDFSvc.dll
2014-01-07 04:07 . 2012-07-26 03:20    172032    ----a-w-    c:\windows\system32\WUDFPlatform.dll
2014-01-07 04:07 . 2012-07-26 03:21    196608    ----a-w-    c:\windows\system32\WUDFHost.exe
2014-01-07 04:07 . 2012-07-26 03:20    613888    ----a-w-    c:\windows\system32\WUDFx.dll
2014-01-07 04:07 . 2012-07-26 03:20    38912    ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2014-01-07 03:58 . 2013-07-04 11:50    530432    ----a-w-    c:\windows\system32\comctl32.dll
2014-01-07 03:58 . 2013-07-03 03:36    55808    ----a-w-    c:\windows\system32\drivers\hidclass.sys
2014-01-07 03:58 . 2013-07-03 03:36    25728    ----a-w-    c:\windows\system32\drivers\hidparse.sys
2014-01-07 03:54 . 2014-01-07 03:54    49152    ----a-w-    c:\windows\system32\taskhost.exe
2014-01-07 03:48 . 2014-01-07 03:48    1505280    ----a-w-    c:\windows\system32\d3d11.dll
2014-01-06 00:58 . 2013-04-12 13:45    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2014-01-06 00:58 . 2012-11-22 04:45    626688    ----a-w-    c:\windows\system32\usp10.dll
2014-01-06 00:58 . 2013-07-09 04:50    652800    ----a-w-    c:\windows\system32\rpcrt4.dll
2014-01-06 00:58 . 2012-08-22 17:16    712048    ----a-w-    c:\windows\system32\drivers\ndis.sys
2014-01-06 00:58 . 2012-07-04 19:45    33280    ----a-w-    c:\windows\system32\drivers\RNDISMP.sys
2014-01-06 00:58 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\system32\wintrust.dll
2014-01-06 00:57 . 2013-10-04 01:58    152576    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2014-01-06 00:57 . 2013-10-04 01:56    168960    ----a-w-    c:\windows\system32\credui.dll
2014-01-06 00:57 . 2013-10-04 01:56    1796096    ----a-w-    c:\windows\system32\authui.dll
2014-01-06 00:56 . 2012-11-02 05:11    376832    ----a-w-    c:\windows\system32\dpnet.dll
2014-01-06 00:55 . 2013-02-12 03:32    15872    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2014-01-06 00:55 . 2013-10-30 02:19    301568    ----a-w-    c:\windows\system32\msieftp.dll
2014-01-06 00:55 . 2013-09-25 01:57    247808    ----a-w-    c:\windows\system32\schannel.dll
2014-01-06 00:55 . 2013-09-25 02:01    136640    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-01-06 00:55 . 2013-09-25 01:56    220160    ----a-w-    c:\windows\system32\ncrypt.dll
2014-01-06 00:55 . 2013-07-04 12:16    369848    ----a-w-    c:\windows\system32\drivers\cng.sys
2014-01-06 00:54 . 2013-09-25 02:01    67520    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2014-01-06 00:54 . 2013-09-25 01:56    1038848    ----a-w-    c:\windows\system32\lsasrv.dll
2014-01-06 00:54 . 2013-09-25 01:57    99840    ----a-w-    c:\windows\system32\sspicli.dll
2014-01-06 00:54 . 2013-09-25 01:57    22016    ----a-w-    c:\windows\system32\secur32.dll
2014-01-06 00:54 . 2013-09-25 00:49    22016    ----a-w-    c:\windows\system32\lsass.exe
2014-01-06 00:54 . 2013-09-25 00:49    15872    ----a-w-    c:\windows\system32\sspisrv.dll
2014-01-06 00:54 . 2013-01-24 04:47    196328    ----a-w-    c:\windows\system32\drivers\fvevol.sys
2014-01-06 00:53 . 2013-10-19 01:36    159232    ----a-w-    c:\windows\system32\imagehlp.dll
2014-01-06 00:53 . 2013-10-12 02:04    121856    ----a-w-    c:\windows\system32\wshom.ocx
2014-01-06 00:52 . 2013-10-12 02:03    163840    ----a-w-    c:\windows\system32\scrrun.dll
2014-01-06 00:52 . 2013-10-12 01:15    141824    ----a-w-    c:\windows\system32\wscript.exe
2014-01-06 00:52 . 2013-10-12 01:15    126976    ----a-w-    c:\windows\system32\cscript.exe
2014-01-06 00:52 . 2012-08-21 20:12    245760    ----a-w-    c:\windows\system32\OxpsConverter.exe
2014-01-06 00:52 . 2013-08-01 11:03    729024    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2014-01-06 00:52 . 2013-04-10 05:18    218984    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2014-01-06 00:52 . 2013-03-19 04:53    186368    ----a-w-    c:\windows\system32\wwansvc.dll
2014-01-06 00:52 . 2013-03-19 03:33    40960    ----a-w-    c:\windows\system32\wwanprotdim.dll
2014-01-06 00:52 . 2013-05-10 03:20    24576    ----a-w-    c:\windows\system32\cryptdlg.dll
2014-01-06 00:51 . 2013-11-12 02:07    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-01-06 00:51 . 2013-08-29 01:51    3969472    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2014-01-06 00:51 . 2013-08-29 01:51    3914176    ----a-w-    c:\windows\system32\ntoskrnl.exe
2014-01-06 00:51 . 2013-08-29 01:50    619520    ----a-w-    c:\windows\system32\tdh.dll
2014-01-06 00:51 . 2013-08-29 01:50    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2014-01-06 00:51 . 2013-08-29 01:48    640512    ----a-w-    c:\windows\system32\advapi32.dll
2014-01-06 00:51 . 2013-03-19 04:48    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2014-01-06 00:51 . 2013-03-19 02:49    69632    ----a-w-    c:\windows\system32\smss.exe
2014-01-06 00:51 . 2013-07-20 10:33    102608    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-06 00:51 . 2013-02-15 04:37    3217408    ----a-w-    c:\windows\system32\mstscax.dll
2014-01-06 00:51 . 2013-02-15 04:34    131584    ----a-w-    c:\windows\system32\aaclient.dll
2014-01-06 00:51 . 2013-02-15 03:25    36864    ----a-w-    c:\windows\system32\tsgqec.dll
2014-01-06 00:50 . 2013-04-26 04:55    492544    ----a-w-    c:\windows\system32\win32spl.dll
2014-01-06 00:50 . 2012-11-01 04:47    1389568    ----a-w-    c:\windows\system32\msxml6.dll
2014-01-06 00:50 . 2013-06-06 04:52    26112    ----a-w-    c:\windows\system32\lpk.dll
2014-01-06 00:50 . 2013-06-06 04:50    10240    ----a-w-    c:\windows\system32\dciman32.dll
2014-01-06 00:50 . 2013-06-06 03:01    295424    ----a-w-    c:\windows\system32\atmfd.dll
2014-01-06 00:50 . 2013-06-06 03:01    34304    ----a-w-    c:\windows\system32\atmlib.dll
2014-01-06 00:50 . 2013-06-06 04:51    70656    ----a-w-    c:\windows\system32\fontsub.dll
2014-01-06 00:50 . 2013-08-28 00:57    434688    ----a-w-    c:\windows\system32\scavengeui.dll
2014-01-06 00:49 . 2013-05-13 03:08    903168    ----a-w-    c:\windows\system32\certutil.exe
2014-01-06 00:49 . 2013-05-13 03:08    43008    ----a-w-    c:\windows\system32\certenc.dll
2014-01-06 00:48 . 2012-10-03 16:42    242176    ----a-w-    c:\windows\system32\nlasvc.dll
2014-01-06 00:48 . 2012-10-03 16:42    175104    ----a-w-    c:\windows\system32\netcorehc.dll
2014-01-06 00:48 . 2012-10-03 16:42    156672    ----a-w-    c:\windows\system32\ncsi.dll
2014-01-06 00:48 . 2012-10-03 16:40    499712    ----a-w-    c:\windows\system32\iphlpsvc.dll
2014-01-06 00:48 . 2012-10-03 16:42    52224    ----a-w-    c:\windows\system32\nlaapi.dll
2014-01-06 00:48 . 2012-10-03 16:42    18944    ----a-w-    c:\windows\system32\netevent.dll
2014-01-06 00:48 . 2012-10-03 15:21    35328    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys
2014-01-06 00:45 . 2013-01-03 05:04    187752    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2014-01-06 00:45 . 2012-08-22 17:16    240496    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-01-06 00:45 . 2013-06-04 04:53    509440    ----a-w-    c:\windows\system32\qedit.dll
2014-01-06 00:45 . 2013-07-25 08:57    1620992    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2014-01-06 00:45 . 2013-10-30 01:27    2349056    ----a-w-    c:\windows\system32\win32k.sys
2014-01-06 00:45 . 2013-10-04 01:49    81408    ----a-w-    c:\windows\system32\drivers\drmk.sys
2014-01-06 00:45 . 2013-10-04 01:17    177152    ----a-w-    c:\windows\system32\drivers\portcls.sys
2014-01-06 00:45 . 2012-08-10 23:56    542208    ----a-w-    c:\windows\system32\kerberos.dll
2014-01-06 00:44 . 2013-04-10 05:03    936448    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-01-06 00:44 . 2013-04-10 05:03    988672    ----a-w-    c:\program files\Windows Journal\JNTFiltr.dll
2014-01-06 00:44 . 2013-04-10 05:04    1221632    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2014-01-06 00:44 . 2013-04-10 05:03    969216    ----a-w-    c:\program files\Windows Journal\JNWDRV.dll
2014-01-06 00:42 . 2013-07-04 11:57    205824    ----a-w-    c:\windows\system32\WebClnt.dll
2014-01-06 00:42 . 2013-07-04 11:51    81920    ----a-w-    c:\windows\system32\davclnt.dll
2014-01-06 00:42 . 2013-07-04 09:48    115712    ----a-w-    c:\windows\system32\drivers\mrxdav.sys
2014-01-06 00:42 . 2013-10-03 01:58    305152    ----a-w-    c:\windows\system32\gdi32.dll
2014-01-06 00:42 . 2012-09-25 22:47    78336    ----a-w-    c:\windows\system32\synceng.dll
2014-01-06 00:41 . 2013-08-05 01:56    133056    ----a-w-    c:\windows\system32\drivers\ataport.sys
2014-01-06 00:41 . 2013-10-12 02:01    679424    ----a-w-    c:\windows\system32\IKEEXT.DLL
2014-01-06 00:41 . 2013-10-12 02:01    216576    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2014-01-06 00:41 . 2013-10-12 02:03    656896    ----a-w-    c:\windows\system32\nshwfp.dll
2014-01-06 00:40 . 2012-10-09 17:40    44032    ----a-w-    c:\windows\system32\dhcpcsvc6.dll
2014-01-06 00:40 . 2012-10-09 17:40    193536    ----a-w-    c:\windows\system32\dhcpcore6.dll
2014-01-06 00:40 . 2013-05-27 04:57    680960    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
2014-01-06 00:40 . 2013-05-27 04:57    392704    ----a-w-    c:\program files\Windows Defender\MpClient.dll
2014-01-06 00:40 . 2013-05-27 04:57    224768    ----a-w-    c:\program files\Windows Defender\MpCommu.dll
2014-01-06 00:39 . 2013-06-25 22:56    527064    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2014-01-06 00:39 . 2012-11-28 22:57    9728    ----a-w-    c:\windows\system32\Wdfres.dll
2014-01-06 00:39 . 2012-11-28 22:57    47720    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2014-01-06 00:39 . 2013-10-05 19:57    1168384    ----a-w-    c:\windows\system32\crypt32.dll
2014-01-06 00:39 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\system32\cryptsvc.dll
2014-01-06 00:39 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\system32\cryptnet.dll
2014-01-06 00:39 . 2013-07-12 10:07    86016    ----a-w-    c:\windows\system32\drivers\usbcir.sys
2014-01-06 00:39 . 2013-07-12 10:07    80896    ----a-w-    c:\windows\system32\drivers\USBAUDIO.sys
2014-01-06 00:39 . 2013-08-02 01:50    169984    ----a-w-    c:\windows\system32\winsrv.dll
2014-01-06 00:39 . 2013-08-02 01:49    293376    ----a-w-    c:\windows\system32\KernelBase.dll
2014-01-06 00:39 . 2013-08-02 00:52    271360    ----a-w-    c:\windows\system32\conhost.exe
2014-01-06 00:31 . 2014-01-06 00:36    --------    d-----w-    c:\windows\system32\MRT
2014-01-06 00:27 . 2013-05-10 04:56    12625408    ----a-w-    c:\windows\system32\wmploc.DLL
2014-01-06 00:27 . 2013-05-10 03:48    164864    ----a-w-    c:\program files\Windows Media Player\wmplayer.exe
2014-01-06 00:19 . 2014-01-06 00:19    --------    d-----w-    c:\users\Default\AppData\Local\Microsoft Help
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-10 23:15 . 2013-03-20 19:28    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-10 23:15 . 2011-10-25 19:44    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2011-10-25 03:23    230048    ------w-    c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Steam"="c:\program files\Steam\steam.exe" [2013-12-11 1823656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-01-25 296056]
"Razer Synapse"="c:\program files\Razer\Synapse\RzSynapse.exe" [2012-08-10 316840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]
.
c:\users\Cramer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2013-3-13 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-01-07 108032]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-10-23 280288]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-26 1343400]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 217600]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 1664336]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\Hi-Rez Studios\HiPatchService.exe [2013-12-16 9216]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 375056]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-07-16 84608]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-20 23:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.speedtest.net/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\
FF - prefs.js: browser.startup.homepage - www.bing.com
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4092379890-2822534315-2594436527-1001\Software\SecuROM\License information*]
"datasecu"=hex:4e,3f,33,90,88,31,fd,93,60,27,80,8d,61,9d,a0,14,63,b5,fa,2d,9f,
   80,bf,cb,ed,3e,cd,b4,98,f3,57,c0,97,f1,34,38,86,d2,96,57,90,49,16,5e,ea,99,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2014-01-08  18:16:56 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-08 23:16
ComboFix2.txt  2014-01-07 17:38
ComboFix3.txt  2014-01-06 00:04
ComboFix4.txt  2012-08-26 10:21
ComboFix5.txt  2014-01-08 22:50
.
Pre-Run: 119,196,913,664 bytes free
Post-Run: 119,352,455,168 bytes free
.
- - End Of File - - 874BDA331EC8BAE26C9C55867A27D0C3
A36C5E4F47E84449FF07ED3517B43A31
 

However I got another error that wouldn't let me upload to a server because it was offline. How do i get that information to upload?



#14 Skizzak

Skizzak
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 08 January 2014 - 06:28 PM

Ok update, I found the file that I needed to upload and I think I got it. Let me know if it went through

 

 

EDIT: My computer seems to be running alot better now. scvhost.exe is using up minimal resources comparted to what it was and the "name not available" has disappeared from my volume mixer.


Edited by Skizzak, 08 January 2014 - 06:41 PM.


#15 seedy21

seedy21

  • SpywareHammer Trainee
  • 541 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Halifax, UK
  • Local time:05:28 AM

Posted 09 January 2014 - 11:44 AM

Hi Skizzak,

Am glad to hear that your machine is running better, but they is some more work we need to do.

Thank you for uploading that sample.

Step 1

Please download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc.
    If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users