Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Requesting analyzes on log


  • Please log in to reply
14 replies to this topic

#1 UsaraDark

UsaraDark

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 12 September 2013 - 06:06 PM

So I my uncle recently ran Combo Fix on my computer to clear up some problems. He told me to create an account here and post my ConboFix.exe here. What else do I need to remove from my computer?

 

ComboFix 13-09-02.02 - Timmy 09/02/2013   9:47.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4094.2680 [GMT -7:00]
Running from: c:\users\Timmy\Desktop\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3c203e39365f292b_c
c:\windows\apppatch\AppLoc.exe
c:\windows\apppatch\AppLocA.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\apppatch\unins000.dat
c:\windows\apppatch\unins000.exe
D:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-02 to 2013-09-02  )))))))))))))))))))))))))))))))
.
.
2013-09-02 16:52 . 2013-09-02 16:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-02 16:52 . 2013-09-02 16:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-02 16:18 . 2013-09-02 16:18 -------- d-----w- c:\program files\Defraggler
2013-09-01 19:17 . 2013-09-01 19:17 66728 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
2013-09-01 19:17 . 2013-09-01 19:20 -------- d-----w- c:\program files\Virtual Audio Cable
2013-08-30 13:31 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E16600DC-8443-4BFD-BD2D-F88BDDE259CC}\mpengine.dll
2013-08-28 22:57 . 2013-08-28 22:57 -------- d-----w- c:\users\Timmy\AppData\Local\NVIDIA
2013-08-28 22:54 . 2013-08-28 22:54 -------- d-----w- C:\NvidiaLogging
2013-08-25 05:55 . 2013-09-02 16:16 -------- d-----w- c:\users\Timmy\AppData\Local\CrashDumps
2013-08-24 00:48 . 2013-08-24 00:48 -------- d-----w- c:\program files (x86)\1-click run
2013-08-24 00:37 . 2013-08-24 00:42 -------- d-----w- c:\users\Timmy\AppData\Local\DownloadTerms
2013-08-24 00:37 . 2013-08-24 00:43 -------- d-----w- c:\users\Timmy\AppData\Local\SwvUpdater
2013-08-23 01:29 . 2013-08-23 01:29 -------- d-----w- c:\users\Timmy\AppData\Local\DVDVideoSoft_Ltd
2013-08-22 23:55 . 2013-08-23 00:12 -------- d-----w- c:\users\Timmy\AppData\Roaming\CodeBlocks
2013-08-22 23:35 . 2013-08-22 23:35 -------- d-----w- c:\users\Timmy\AppData\Local\YoYo_Games_Ltd
2013-08-22 23:35 . 2013-08-22 23:35 -------- d-----w- c:\users\Timmy\AppData\Local\GameMaker8.1
2013-08-21 04:16 . 2013-08-21 04:16 -------- d-----w- c:\programdata\regid.1995-08.com.techsmith
2013-08-21 04:16 . 2013-08-21 04:16 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
2013-08-21 03:41 . 2013-08-21 03:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-08-21 03:41 . 2013-08-21 03:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-08-21 03:41 . 2013-08-21 03:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-08-21 03:41 . 2013-08-21 03:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-08-21 03:41 . 2013-08-21 03:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-08-21 03:17 . 2013-08-21 03:17 -------- d-----w- c:\users\Timmy\AppData\Roaming\TechSmith
2013-08-21 03:17 . 2013-08-21 03:17 -------- d-----w- c:\users\Timmy\AppData\Local\TechSmith
2013-08-21 03:16 . 2013-08-21 03:47 -------- d-----w- c:\program files (x86)\QuickTime
2013-08-21 03:16 . 2013-08-21 04:16 -------- d-----w- c:\programdata\TechSmith
2013-08-20 00:02 . 2013-08-20 00:14 -------- d-----w- c:\users\Timmy\AppData\Roaming\Teeworlds
2013-08-15 08:41 . 2013-07-26 05:12 15405056 ----a-w- c:\windows\system32\ieframe.dll
2013-08-15 08:41 . 2013-07-26 05:12 19239424 ----a-w- c:\windows\system32\mshtml.dll
2013-08-15 00:14 . 2013-08-15 00:14 -------- d-----w- c:\windows\DEA314C409294250BC9298E4C105F28D.TMP
2013-08-15 00:14 . 2013-08-15 00:14 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-08-14 23:37 . 2013-08-14 23:37 -------- d-----w- c:\users\Timmy\AppData\Local\WBFSManager
2013-08-14 20:01 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 20:01 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-14 20:01 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 20:01 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 20:01 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-14 20:01 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-14 20:01 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 20:01 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-14 00:23 . 2013-08-14 00:30 -------- d-----w- c:\users\Timmy\Grabber
2013-08-13 23:39 . 2013-08-13 23:39 -------- d-----w- c:\users\Timmy\AppData\Local\Mozilla
2013-08-13 22:30 . 2013-08-13 22:30 -------- d-----w- c:\users\Timmy\AppData\Local\Downloaded Installations
2013-08-13 22:08 . 2013-08-13 22:08 -------- d-----w- c:\users\Timmy\AppData\Roaming\PowerUp Software
2013-08-13 22:07 . 2013-08-13 22:07 -------- d-----w- c:\programdata\PowerUp Software
2013-08-13 21:28 . 2013-08-13 21:28 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2013-08-13 17:53 . 2002-04-12 07:00 57344 ----a-w- c:\windows\SysWow64\BRSVC01A.EXE
2013-08-13 17:53 . 2001-12-13 07:01 45056 ----a-w- c:\windows\SysWow64\BRSS01A.EXE
2013-08-13 17:52 . 2004-04-19 06:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2013-08-13 17:52 . 2004-04-19 06:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2013-08-13 17:52 . 2004-04-19 06:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2013-08-13 17:52 . 2013-08-13 17:52 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2013-08-13 17:52 . 2004-04-19 06:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2013-08-13 17:52 . 2004-04-19 06:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2013-08-13 17:52 . 2013-08-13 17:52 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2013-08-13 17:29 . 2013-08-13 17:29 -------- d-----r- c:\users\Timmy\AppData\Roaming\Brother
2013-08-13 17:19 . 2010-05-10 08:45 103736 ----a-w- c:\windows\SysWow64\BRRBTOOL.EXE
2013-08-13 17:19 . 2005-01-17 07:10 45056 ----a-w- c:\windows\SysWow64\BRTCPCON.DLL
2013-08-13 17:19 . 2010-04-02 05:33 25299 ----a-w- c:\windows\SysWow64\BRLM03A.DLL
2013-08-13 17:19 . 2004-08-09 06:42 77824 ----a-w- c:\windows\SysWow64\BRLMW03A.DLL
2013-08-13 17:19 . 2013-08-13 18:02 -------- d-----w- c:\program files (x86)\Brother
2013-08-13 17:17 . 2013-08-13 17:19 -------- d-----w- c:\programdata\Brother
2013-08-13 00:47 . 2013-08-13 00:47 -------- d-----w- c:\users\Timmy\AppData\Local\Nem's Tools
2013-08-12 22:34 . 2013-08-12 22:34 -------- d-----w- c:\program files (x86)\Clownfish
2013-08-10 22:01 . 2013-08-10 22:01 -------- d-----w- c:\program files (x86)\Lame For Audacity
2013-08-10 21:55 . 2013-08-22 13:40 -------- d-----w- c:\users\Timmy\AppData\Roaming\Audacity
2013-08-10 21:36 . 2013-08-23 01:25 -------- d-----w- c:\users\Timmy\AppData\Roaming\DVDVideoSoft
2013-08-10 21:36 . 2013-08-10 21:37 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-08-10 21:13 . 2013-08-10 21:13 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2013-08-10 21:03 . 2013-08-10 21:13 -------- d-----w- c:\program files\Common Files\Adobe
2013-08-10 20:58 . 2013-08-10 21:08 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-08-10 20:56 . 2013-08-21 02:08 -------- d-----w- c:\users\Timmy\AppData\Local\Adobe
2013-08-10 20:56 . 2013-08-10 20:56 -------- d-----w- c:\users\Timmy\AppData\Local\Adobe Tool
2013-08-09 06:34 . 2009-03-19 00:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2013-08-09 06:23 . 2013-09-02 16:16 -------- d-----w- c:\users\Timmy\AppData\Local\LogMeIn Hamachi
2013-08-07 06:14 . 2013-09-02 16:16 -------- d-----w- c:\users\Timmy\AppData\Roaming\Media Player Classic
2013-08-06 20:45 . 2012-02-28 22:10 756224 ----a-w- c:\windows\SysWow64\LameACM.acm
2013-08-06 20:45 . 2013-08-06 20:45 -------- d-----w- C:\lame
2013-08-06 20:43 . 2012-02-28 22:10 756224 ----a-w- c:\windows\system32\LameACM.acm
2013-08-06 20:43 . 2013-08-06 20:43 -------- d-----w- c:\program files (x86)\x264vfw
2013-08-06 10:44 . 2013-08-06 10:44 -------- d-----w- c:\users\Timmy\AppData\Local\Dxtory Software
2013-08-06 10:44 . 2011-05-24 06:29 3673600 ----a-w- c:\windows\system32\DxtoryCodec64.dll
2013-08-06 10:44 . 2011-05-24 06:23 3166720 ----a-w- c:\windows\SysWow64\DxtoryCodec.dll
2013-08-06 10:44 . 2013-08-06 10:44 -------- d-----w- c:\program files (x86)\Dxtory Software
2013-08-04 21:07 . 2013-08-04 21:07 -------- d-----w- c:\users\Timmy\AppData\Local\Diagnostics
2013-08-04 10:10 . 2013-08-15 08:38 -------- d-----w- c:\windows\system32\MRT
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-02 16:14 . 2013-07-31 03:12 33444 ----a-w- C:\cc_20130730_201221.reg
2013-08-20 13:36 . 2013-08-01 22:15 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-20 13:36 . 2013-08-01 22:15 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-15 08:37 . 2013-08-01 22:00 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-08-02 10:04 . 2013-08-02 10:04 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-08-02 10:04 . 2013-08-02 10:04 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-08-02 10:04 . 2013-08-02 10:04 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-08-02 10:04 . 2013-08-02 10:04 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-08-02 10:04 . 2013-08-02 10:04 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-08-02 10:04 . 2013-08-02 10:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-08-02 10:04 . 2013-08-02 10:04 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-08-02 10:04 . 2013-08-02 10:04 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-08-02 10:04 . 2013-08-02 10:04 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-08-02 10:04 . 2013-08-02 10:04 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-08-02 10:04 . 2013-08-02 10:04 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-08-02 10:04 . 2013-08-02 10:04 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-08-02 10:04 . 2013-08-02 10:04 81408 ----a-w- c:\windows\system32\icardie.dll
2013-08-02 10:04 . 2013-08-02 10:04 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-08-02 10:04 . 2013-08-02 10:04 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-08-02 10:04 . 2013-08-02 10:04 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-08-02 10:04 . 2013-08-02 10:04 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-08-02 10:04 . 2013-08-02 10:04 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-08-02 10:04 . 2013-08-02 10:04 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-08-02 10:04 . 2013-08-02 10:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-08-02 10:04 . 2013-08-02 10:04 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-08-02 10:04 . 2013-08-02 10:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-08-02 10:04 . 2013-08-02 10:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-08-02 10:04 . 2013-08-02 10:04 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-08-02 10:04 . 2013-08-02 10:04 441856 ----a-w- c:\windows\system32\html.iec
2013-08-02 10:04 . 2013-08-02 10:04 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-08-02 10:04 . 2013-08-02 10:04 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-08-02 10:04 . 2013-08-02 10:04 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-08-02 10:04 . 2013-08-02 10:04 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-02 10:04 . 2013-08-02 10:04 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-08-02 10:04 . 2013-08-02 10:04 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-08-02 10:04 . 2013-08-02 10:04 235008 ----a-w- c:\windows\system32\url.dll
2013-08-02 10:04 . 2013-08-02 10:04 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-08-02 10:04 . 2013-08-02 10:04 216064 ----a-w- c:\windows\system32\msls31.dll
2013-08-02 10:04 . 2013-08-02 10:04 197120 ----a-w- c:\windows\system32\msrating.dll
2013-08-02 10:04 . 2013-08-02 10:04 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-08-02 10:04 . 2013-08-02 10:04 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-08-02 10:04 . 2013-08-02 10:04 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-02 10:04 . 2013-08-02 10:04 149504 ----a-w- c:\windows\system32\occache.dll
2013-08-02 10:04 . 2013-08-02 10:04 144896 ----a-w- c:\windows\system32\wextract.exe
2013-08-02 10:04 . 2013-08-02 10:04 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-08-02 10:04 . 2013-08-02 10:04 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-08-02 10:04 . 2013-08-02 10:04 13824 ----a-w- c:\windows\system32\mshta.exe
2013-08-02 10:04 . 2013-08-02 10:04 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-08-02 10:04 . 2013-08-02 10:04 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-08-02 10:04 . 2013-08-02 10:04 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-08-02 10:04 . 2013-08-02 10:04 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-08-02 10:04 . 2013-08-02 10:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-08-02 10:04 . 2013-08-02 10:04 102912 ----a-w- c:\windows\system32\inseng.dll
2013-08-02 10:03 . 2013-08-02 10:03 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-02 10:03 . 2013-08-02 10:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-02 10:03 . 2013-08-02 10:03 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-02 10:03 . 2013-08-02 10:03 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-08-02 10:03 . 2013-08-02 10:03 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-02 10:03 . 2013-08-02 10:03 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-02 10:03 . 2013-08-02 10:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-02 10:03 . 2013-08-02 10:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-02 10:03 . 2013-08-02 10:03 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-08-02 10:03 . 2013-08-02 10:03 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-08-02 10:03 . 2013-08-02 10:03 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-08-02 10:03 . 2013-08-02 10:03 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-02 10:03 . 2013-08-02 10:03 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-02 10:03 . 2013-08-02 10:03 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-08-02 10:03 . 2013-08-02 10:03 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-08-02 10:03 . 2013-08-02 10:03 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-08-02 10:03 . 2013-08-02 10:03 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-02 10:03 . 2013-08-02 10:03 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-02 10:03 . 2013-08-02 10:03 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-08-02 10:03 . 2013-08-02 10:03 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-02 10:03 . 2013-08-02 10:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-02 10:03 . 2013-08-02 10:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-02 10:03 . 2013-08-02 10:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-02 10:03 . 2013-08-02 10:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-02 10:03 . 2013-08-02 10:03 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-02 10:03 . 2013-08-02 10:03 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-08-02 10:03 . 2013-08-02 10:03 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-08-02 10:03 . 2013-08-02 10:03 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-02 10:03 . 2013-08-02 10:03 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-02 10:03 . 2013-08-02 10:03 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-02 10:03 . 2013-08-02 10:03 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-08-02 10:03 . 2013-08-02 10:03 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-08-02 10:03 . 2013-08-02 10:03 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-08-02 10:03 . 2013-08-02 10:03 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-08-02 10:03 . 2013-08-02 10:03 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-08-02 10:03 . 2013-08-02 10:03 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-08-02 10:03 . 2013-08-02 10:03 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-08-02 10:03 . 2013-08-02 10:03 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-08-02 10:03 . 2013-08-02 10:03 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-08-02 10:03 . 2013-08-02 10:03 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-08-02 10:03 . 2013-08-02 10:03 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-08-02 10:03 . 2013-08-02 10:03 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-08-02 10:03 . 2013-08-02 10:03 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-08-02 10:03 . 2013-08-02 10:03 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-08-02 10:03 . 2013-08-02 10:03 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-08-02 10:03 . 2013-08-02 10:03 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-02 10:03 . 2013-08-02 10:03 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-08-02 23:25 277512 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll
.
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 usj;usj;d:\games\AeriaGames\EdenEternal\avital\ussjcs64.sys;d:\games\AeriaGames\EdenEternal\avital\ussjcs64.sys [x]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVLAN60.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\applications\LogMeIn Hamachi\hamachi-2.exe;d:\applications\LogMeIn Hamachi\hamachi-2.exe [x]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\games\Hi-Rez Studios\HiPatchService.exe;d:\games\Hi-Rez Studios\HiPatchService.exe [x]
R4 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzdaendpt.sys [x]
S3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
S3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\rzvkeyboard.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-29 20:57 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-01 13:36]
.
2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-31 01:25]
.
2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-31 01:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-08-02 23:25 336904 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Timmy\AppData\Roaming\Mozilla\Firefox\Profiles\dxk4jqqo.default\
FF - ExtSQL: 2013-08-13 16:40; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\Timmy\AppData\Roaming\Mozilla\Firefox\Profiles\dxk4jqqo.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2013-08-13 16:50; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Timmy\AppData\Roaming\Mozilla\Firefox\Profiles\dxk4jqqo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-23 17:40; {740B3FD5-4483-469D-BE7F-8555B153BD04}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Clownfish - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\brsvc01a.exe
c:\windows\SysWOW64\brss01a.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
.
**************************************************************************
.
Completion time: 2013-09-02  09:59:09 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-02 16:59
.
Pre-Run: 30,005,125,120 bytes free
Post-Run: 29,870,141,440 bytes free
.
- - End Of File - - FA2B8CCE923B1DB4700B5470C850D219
A36C5E4F47E84449FF07ED3517B43A31
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,956 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:26 PM

Posted 17 September 2013 - 09:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I need more information before suggesting any other remedial action. Execute the following and post the logs for my review.

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 UsaraDark

UsaraDark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 17 September 2013 - 06:53 PM

Okay so here is the AdwCleaner by Xplode log:

 

# AdwCleaner v3.004 - Report created 17/09/2013 at 16:23:06
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Timmy - TIMMY-PC
# Running from : C:\Users\Timmy\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Timmy\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Timmy\AppData\Local\DownloadTerms
Folder Deleted : C:\Users\Timmy\AppData\Local\FilesFrog Update Checker
Folder Deleted : C:\Users\Timmy\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Timmy\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Timmy\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Timmy\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Timmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
File Deleted : C:\END
File Deleted : C:\Users\Timmy\AppData\Roaming\Mozilla\Firefox\Profiles\dxk4jqqo.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16686
 
 
-\\ Mozilla Firefox v23.0 (en-US)
 
[ File : C:\Users\Timmy\AppData\Roaming\Mozilla\Firefox\Profiles\dxk4jqqo.default\prefs.js ]
 
 
-\\ Google Chrome v29.0.1547.66
 
[ File : C:\Users\Timmy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3158 octets] - [17/09/2013 16:22:06]
AdwCleaner[S0].txt - [2987 octets] - [17/09/2013 16:23:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3047 octets] ##########
 
 
 
Here is my Junkware Removal Tool Log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Timmy on Tue 09/17/2013 at 16:37:35.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/17/2013 at 16:43:41.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
And here is my DDS scanning log:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.25.2
Run by Timmy at 16:44:59 on 2013-09-17
Microsoft Windows 7 Home Premium   6.1.7601.1.932.81.1033.18.4094.2706 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\brss01a.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\WhatPulse2\whatpulse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ie
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [GoogleChromeAutoLaunch_EEB5F8AA0ED462375287D8C91BC9B185] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [whatpulse] "C:\Program Files (x86)\WhatPulse2\whatpulse.exe"
uRun: [Steam] "D:\Games\Steam\Steam.exe" -silent
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
TCP: Interfaces\{D202B111-3B69-44EC-A6B5-EB294EBD45FF} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Timmy\AppData\Roaming\Mozilla\Firefox\Profiles\dxk4jqqo.default\
FF - ExtSQL: 2013-08-13 16:40; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; C:\Users\Timmy\AppData\Roaming\Mozilla\Firefox\Profiles\dxk4jqqo.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2013-08-13 16:50; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Timmy\AppData\Roaming\Mozilla\Firefox\Profiles\dxk4jqqo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-23 17:40; {740B3FD5-4483-469D-BE7F-8555B153BD04}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-7-31 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-7-31 189936]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-7-31 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-7-31 378944]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2013-7-30 96896]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-7-31 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-7-31 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-7-31 46808]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-6-28 2470736]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-30 14984480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-7-25 414496]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2013-6-18 54160]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2013-9-1 66728]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-7-30 39712]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-30 539240]
R3 rzdaendpt;Razer DeathAdder end point;C:\Windows\System32\drivers\rzdaendpt.sys [2013-6-6 25600]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2013-6-6 126464]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\System32\drivers\rzvkeyboard.sys [2013-6-6 23040]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;D:\Games\Hi-Rez Studios\HiPatchService.exe [2013-4-27 9216]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-31 59392]
S3 usj;usj;D:\Games\AeriaGames\EdenEternal\avital\ussjcs64.sys [2013-5-28 89560]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-31 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="D:\Applications\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-09-17 23:37:28 -------- d-----w- C:\Windows\ERUNT
2013-09-17 23:22:04 -------- d-----w- C:\AdwCleaner
2013-09-17 22:55:40 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{26EDB14B-BEF2-46D4-AF2D-994D39AE0F0B}\mpengine.dll
2013-09-16 02:04:15 -------- d-----w- C:\Users\Timmy\AppData\Roaming\Quivi
2013-09-16 02:02:38 -------- d-----w- C:\Users\Timmy\AppData\Local\CrashRpt
2013-09-16 02:02:30 -------- d-----w- C:\Program Files (x86)\WinPcap
2013-09-16 02:02:10 -------- d-----w- C:\Program Files (x86)\WhatPulse2
2013-09-11 23:59:27 -------- d-----w- C:\Users\Timmy\AppData\Roaming\mkvtoolnix
2013-09-11 06:02:05 4751752 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-09-11 05:19:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-06 03:09:47 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2013-09-06 03:09:33 -------- d-----w- C:\Windows\PCHEALTH
2013-09-06 03:09:33 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-09-06 03:08:26 -------- d-----w- C:\Users\Timmy\AppData\Local\Microsoft Help
2013-09-06 03:06:20 -------- d-----w- C:\Users\Timmy\AppData\Roaming\PowerISO
2013-09-06 01:15:36 -------- d--h--w- C:\ProgramData\Common Files
2013-09-06 01:15:30 126872 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2013-09-06 00:02:40 -------- d-----w- C:\Users\Timmy\AppData\Local\LogMeIn Hamachi
2013-09-06 00:02:25 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2013-09-04 00:22:19 -------- d-----w- C:\Users\Timmy\AppData\Roaming\raidcall
2013-09-02 21:21:26 -------- d-----w- C:\Windows\pss
2013-09-02 17:35:15 328704 ----a-w- C:\Windows\System32\uDWM.dll
2013-09-02 17:34:47 120320 ----a-w- C:\Windows\System32\dwm.exe
2013-09-02 17:31:42 -------- d-----w- C:\Users\Timmy\AppData\Local\ElevatedDiagnostics
2013-09-02 17:14:01 -------- d-sh--w- C:\$RECYCLE.BIN
2013-09-02 17:03:47 -------- d-s---w- C:\ComboFix
2013-09-02 16:46:31 98816 ----a-w- C:\Windows\sed.exe
2013-09-02 16:46:31 256000 ----a-w- C:\Windows\PEV.exe
2013-09-02 16:46:31 208896 ----a-w- C:\Windows\MBR.exe
2013-09-02 16:18:39 -------- d-----w- C:\Program Files\Defraggler
2013-09-01 19:17:21 66728 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys
2013-09-01 19:17:20 -------- d-----w- C:\Program Files\Virtual Audio Cable
2013-08-28 22:57:40 -------- d-----w- C:\Users\Timmy\AppData\Local\NVIDIA
2013-08-28 22:54:16 -------- d-----w- C:\NvidiaLogging
2013-08-25 05:55:35 -------- d-----w- C:\Users\Timmy\AppData\Local\CrashDumps
2013-08-23 01:29:53 -------- d-----w- C:\Users\Timmy\AppData\Local\DVDVideoSoft_Ltd
2013-08-22 23:55:59 -------- d-----w- C:\Users\Timmy\AppData\Roaming\CodeBlocks
2013-08-22 23:35:26 -------- d-----w- C:\Users\Timmy\AppData\Local\YoYo_Games_Ltd
2013-08-22 23:35:24 -------- d-----w- C:\Users\Timmy\AppData\Local\GameMaker8.1
2013-08-21 04:16:58 -------- d-----w- C:\ProgramData\regid.1995-08.com.techsmith
2013-08-21 04:16:53 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared
2013-08-21 03:41:48 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-08-21 03:41:48 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-08-21 03:41:48 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-08-21 03:41:48 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-08-21 03:41:48 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-08-21 03:17:55 -------- d-----w- C:\Users\Timmy\AppData\Roaming\TechSmith
2013-08-21 03:17:48 -------- d-----w- C:\Users\Timmy\AppData\Local\TechSmith
2013-08-20 00:02:02 -------- d-----w- C:\Users\Timmy\AppData\Roaming\Teeworlds
.
==================== Find3M  ====================
.
2013-09-15 21:02:24 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-15 21:02:24 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-12 03:59:13 1174979 ----a-w- C:\Windows\apppatch\unins000.exe
2013-09-02 16:14:45 33444 ----a-w- C:\cc_20130730_201221.reg
2013-08-13 22:07:25 119296 ----a-w- C:\Windows\SysWow64\zlib.dll
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-07 11:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 10:03:32 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 05:35:22 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-08-01 05:35:22 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-08-01 00:20:55 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-08-01 00:20:55 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-07-31 02:09:17 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-31 02:09:13 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-31 02:09:13 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-26 06:19:16 571168 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-07-26 04:59:39 6601504 ----a-w- C:\Windows\System32\nvcpl.dll
2013-07-26 04:59:39 3452704 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-07-26 04:59:35 920864 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-07-26 04:59:35 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-07-26 04:59:35 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-24 11:20:22 768000 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
.
============= FINISH: 16:45:29.76 ===============
 
 
And I attached the attached part of the DDS scan, however I cannot upload the .zip file, so if you need it ask me.

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,956 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:26 PM

Posted 18 September 2013 - 08:26 AM

Delete the file/folder in bold.

FF - ExtSQL: 2013-08-23 17:40; {740B3FD5-4483-469D-BE7F-8555B153BD04}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}

Source: http://www.systemlookup.com/FF_Extensions/2978.html

It's a Firefox extension. May have to close Firefox before deleting the file/folder.
===

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know of any issues with this computer.

#5 UsaraDark

UsaraDark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 18 September 2013 - 06:58 PM

So I cannot find the folder {740B3FD5-4483-469D-BE7F-8555B153BD04} within the firefox directory.

There wasn't anything majorly wrong on this computer. Combofix took off most of it, however, lately I've realized that my computer "beeps" at me. What I mean by "beep" is that lately when doing something like browsing the internet, my system would freeze for about 3~10 seconds, then after the brief freeze, the actions I've done during the freeze would then occur along with beeping noises.

 

Either way, here is the Security Check checkup.txt

 

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player 11.8.800.168  
 Mozilla Firefox (23.0) 
 Google Chrome 29.0.1547.62  
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
 CheckPoint ZoneAlarm ZAPrivacyService.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log``````````````````````

Edited by UsaraDark, 18 September 2013 - 07:01 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,956 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:26 PM

Posted 19 September 2013 - 10:23 AM

These beeping sound could mean something.

Check this page and see if you can identify a pattern.
http://www.computerhope.com/beep.htm

#7 UsaraDark

UsaraDark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 19 September 2013 - 05:53 PM

These beeps are not the computer itself, it's actually outputted onto my headphones. The amount of beeps I hear varies depending on how long the freeze was.

 

For example, if I was moving files around onto a flashdrive, and I notice that my mouse isn't responding. After left-Clicking, pressing a few keys, and 5 seconds later, by key inputs go off along with my mouse movement and mouse clicks, and along with it beeps for each and every single button pressed within the time frame of the freeze.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,956 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:26 PM

Posted 20 September 2013 - 07:17 AM

Delete the file/folder in bold.

FF - ExtSQL: 2013-08-23 17:40; {740B3FD5-4483-469D-BE7F-8555B153BD04}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}


Were you able to delete this file/folder?

It's related to a Firefox extension named Basicserve.
If listed in your Firefox etension list disable it.
===
Check the integrity of the Operating System Files. Run the SFC.exe tool.

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833
===

keep me posted.

Edited by nasdaq, 20 September 2013 - 07:25 AM.


#9 UsaraDark

UsaraDark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 20 September 2013 - 07:57 PM

I still cannot find the extension Basicserve on Firefox. Is it hidden somewhere?

 

And it doesn't appear that the SFC found anything suspicions:

Windows Resource Protection did not find any integrity violations.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,956 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:26 PM

Posted 21 September 2013 - 09:35 AM

Remove Firefox using the Add/Remove Programs.
Restart the computer normally
Reinstall the browser.

I suggest you save your bookmards before remove Firefox.
Restore bookmarks from backup or move them to another computer
https://support.mozilla.org/en-US/kb/restore-bookmarks-from-backup-or-move-them
<<<>>>

#11 UsaraDark

UsaraDark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 21 September 2013 - 02:50 PM

Done. Is that all that I need to do? Because now I think that my problem is rather a hardware problem.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,956 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:26 PM

Posted 22 September 2013 - 08:02 AM

Check your sound settings.

Open the Control Panel > Sound

Click on the Sound Tab.

If all the setting are marked with a sound icon remove those that you do not want.

Press the Apply button when needed.

Keep me posted.

#13 UsaraDark

UsaraDark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 22 September 2013 - 04:57 PM

The settings I have right now I don't want to change because they are the settings to the audio system I have right now. And If it was the sound panel that was cause the problem that wouldn't solve the freeze.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,956 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:26 PM

Posted 23 September 2013 - 07:37 AM

You should then start a new topic here.

Windows 7 Forum
http://www.bleepingcomputer.com/forums/forum167.html

Someone with hardware knowledge may be able to help you.

#15 UsaraDark

UsaraDark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 23 September 2013 - 08:50 AM

Okay, thanks!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users