Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus. random background ads\music, svchost using alot of ram.


  • This topic is locked This topic is locked
11 replies to this topic

#1 spiderbug2

spiderbug2

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 07 January 2014 - 09:28 AM

i believe i have a virus it all started a wile ago somehow i got a program on my computer called awsomecore or something like that "dont know where it came from" it played ads and music at random and it used alot of ram i quarantined and deleted it using comodo and ran several scans however it did not stop that music\ads or ram use it just no longer was called awsomecore insted the name changed to "svchost -k dcomlaucher" i used tdsskiller and it said Rpcss.dll was odd but it couldnt do anything about it and all i could do with it was skip. all i know is i kept getting alot of malware on my computer even when i dont even used the web , the random ads\music , svchost using alot of ram but i dont know what to do about it since non of my tools dect it or cant do anything about it.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16722  BrowserJavaVersion: 10.13.2
Run by BJ at 8:01:09 on 2014-01-07
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.8191.5606 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Gizmo\gizmo.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Waterfox\waterfox.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyOverride = local;<local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~2\GIZMO\GDRIVE.DLL,Remount_Startup_Images
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Gizmo.lnk - C:\Program Files (x86)\Gizmo\gizmo.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{49A9F930-F96A-4BB4-8C1B-60115AE5153A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{84EDBBE6-F76B-44BA-B000-769CF132EC2C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AA30F1D1-010D-494C-8CCD-4042DE9E8442} : DHCPNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
TCP: Interfaces\{B385217B-76F5-406D-B872-2F71E6887F62} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C44E6F8A-F875-4348-A18C-899D0CB3D026} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D09F2D59-8737-4069-87C6-2B7530477A98} : DHCPNameServer = 7.254.254.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: {11111111-1111-1111-1111-110411361128} - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\BJ\AppData\Roaming\Mozilla\Firefox\Profiles\6f5wyk8c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_11_8_800_168.dll
FF - plugin: C:\Windows\System32\npDeployJava1.dll
FF - plugin: C:\Windows\System32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-11-22 303408]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-9-24 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-11-14 709144]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-9-24 48872]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-11-13 283064]
R1 GizmoDrv;Gizmo Device Driver;C:\Windows\System32\drivers\gizmodrv.sys [2010-12-12 32840]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-1-25 386344]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-21 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-21 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-21 168384]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2010-12-14 11576]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2010-12-12 22408]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-1-12 325152]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2013-7-8 44064]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-4-29 32768]
S3 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-9-24 164056]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2013-2-23 25832]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\System32\drivers\evolve.sys [2013-7-18 21656]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-13 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 Gizmo Central;Gizmo Central;C:\Program Files (x86)\Gizmo\gservice.exe [2010-12-12 31856]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2009-7-14 1708800]
S3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\System32\drivers\LGPBTDD.sys [2010-12-12 30728]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2010-12-12 16008]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\System32\drivers\AE2500w764.sys [2011-12-31 1254464]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 NVFLASH;NVFLASH;C:\Windows\System32\drivers\nvflash.sys [2010-12-24 6144]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
S3 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]
S3 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
S3 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-9-20 31232]
S3 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-8-15 4308320]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-9-20 758224]
S3 TVICHW64;TVICHW64;C:\Windows\SysWOW64\drivers\TVICHW64.SYS [2011-1-13 21200]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;"C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" --> C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [?]
.
=============== Created Last 30 ================
.
2018-12-06 11:34:30    4899544    ----a-w-    C:\ProgramData\cis6721.exe
2018-12-06 11:32:52    1060864    ----a-w-    C:\Windows\SysWow64\mfc71.dll
2018-12-06 10:07:15    15360    ----a-r-    C:\Users\BJ\AppData\Roaming\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E910.exe
2018-12-06 10:07:15    11264    ----a-r-    C:\Users\BJ\AppData\Roaming\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E96.exe
2014-01-07 13:42:30    75888    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4F3FD5E3-DA7C-42CA-B677-C532994785B7}\offreg.dll
2014-01-06 21:49:58    --------    d-----w-    C:\Program Files (x86)\AMD AVT
2014-01-06 21:45:41    --------    d-----w-    C:\Program Files\AMD
2014-01-06 21:32:27    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4F3FD5E3-DA7C-42CA-B677-C532994785B7}\mpengine.dll
2014-01-06 20:58:47    4784312    ----a-w-    C:\Windows\SysWow64\GameMon.des
2014-01-06 20:58:28    4682    ----a-w-    C:\Windows\SysWow64\npptNT2.sys
2014-01-06 20:58:27    5174    ----a-w-    C:\Windows\SysWow64\nppt9x.vxd
2014-01-06 20:58:24    --------    d-----w-    C:\Program Files\Common Files\INCA Shared
2014-01-06 20:52:40    --------    d-----w-    C:\Windows\64467D47FFE44FBCABBAA0DB829A17EB.TMP
2014-01-05 18:58:03    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-05 02:41:46    --------    d-----w-    C:\Users\BJ\AppData\Local\Macromedia
2014-01-04 23:13:49    --------    d-----w-    C:\Users\BJ\AppData\Local\Diagnostics
2014-01-03 13:01:20    --------    d-----w-    C:\Users\BJ\AppData\Local\VirtualStore
2014-01-02 23:10:26    --------    d-----w-    C:\Users\BJ\AppData\Local\The Lord of the Rings Online
2014-01-02 23:08:19    --------    d-----w-    C:\Users\BJ\AppData\Local\Turbine
2014-01-02 21:38:25    --------    d-----w-    C:\Users\BJ\AppData\Roaming\Comodo
2014-01-02 19:28:05    --------    d-sh--w-    C:\Windows\SysWow64\AI_RecycleBin
2014-01-02 17:42:57    117464    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-01-02 17:00:19    --------    d-----w-    C:\ProgramData\Sophos
2014-01-02 14:51:04    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-01-02 14:37:25    98816    ----a-w-    C:\Windows\sed.exe
2014-01-02 14:37:25    256000    ----a-w-    C:\Windows\PEV.exe
2014-01-02 14:37:25    208896    ----a-w-    C:\Windows\MBR.exe
2014-01-01 16:11:37    76888    ----a-w-    C:\Windows\System32\PnkBstrA.exe
2014-01-01 15:54:33    --------    d-----w-    C:\ProgramData\ParetoLogic
2013-12-25 17:16:54    647280    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
.
==================== Find3M  ====================
.
2014-01-04 21:56:36    214392    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2014-01-03 14:08:00    214392    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2013-12-06 22:49:18    51200    ----a-w-    C:\Windows\System32\kdbsdk64.dll
2013-12-06 22:44:26    38912    ----a-w-    C:\Windows\SysWow64\kdbsdk32.dll
2013-12-06 22:08:46    157736    ----a-w-    C:\Windows\System32\amdhcp64.dll
2013-12-06 22:08:22    142304    ----a-w-    C:\Windows\SysWow64\amdhcp32.dll
2013-12-06 22:07:36    78432    ----a-w-    C:\Windows\System32\atimpc64.dll
2013-12-06 22:07:36    78432    ----a-w-    C:\Windows\System32\amdpcom64.dll
2013-12-06 22:07:14    71704    ----a-w-    C:\Windows\SysWow64\atimpc32.dll
2013-12-06 22:07:14    71704    ----a-w-    C:\Windows\SysWow64\amdpcom32.dll
2013-12-06 22:04:10    143304    ----a-w-    C:\Windows\System32\atiuxp64.dll
2013-12-06 22:03:46    126336    ----a-w-    C:\Windows\SysWow64\atiuxpag.dll
2013-12-06 22:03:00    115512    ----a-w-    C:\Windows\System32\atiu9p64.dll
2013-12-06 22:02:38    98496    ----a-w-    C:\Windows\SysWow64\atiu9pag.dll
2013-12-06 22:01:52    1318552    ----a-w-    C:\Windows\System32\aticfx64.dll
2013-12-06 22:01:04    1100216    ----a-w-    C:\Windows\SysWow64\aticfx32.dll
2013-12-06 22:00:16    9753752    ----a-w-    C:\Windows\System32\atidxx64.dll
2013-12-06 21:59:50    8406024    ----a-w-    C:\Windows\SysWow64\atidxx32.dll
2013-12-06 21:59:00    8287008    ----a-w-    C:\Windows\SysWow64\atiumdva.dll
2013-12-06 21:58:10    6630232    ----a-w-    C:\Windows\SysWow64\atiumdag.dll
2013-12-06 21:57:20    8927704    ----a-w-    C:\Windows\System32\atiumd6a.dll
2013-12-06 21:56:54    7751920    ----a-w-    C:\Windows\System32\atiumd64.dll
2013-12-06 21:52:14    13207552    ----a-w-    C:\Windows\System32\drivers\atikmdag.sys
2013-12-06 21:38:52    230912    ----a-w-    C:\Windows\System32\clinfo.exe
2013-12-06 21:38:34    99840    ----a-w-    C:\Windows\System32\OpenVideo64.dll
2013-12-06 21:38:28    83968    ----a-w-    C:\Windows\SysWow64\OpenVideo.dll
2013-12-06 21:38:22    86528    ----a-w-    C:\Windows\System32\OVDecode64.dll
2013-12-06 21:38:18    73728    ----a-w-    C:\Windows\SysWow64\OVDecode.dll
2013-12-06 21:37:58    29382144    ----a-w-    C:\Windows\System32\amdocl64.dll
2013-12-06 21:35:36    24860160    ----a-w-    C:\Windows\SysWow64\amdocl.dll
2013-12-06 21:33:28    63488    ----a-w-    C:\Windows\System32\OpenCL.dll
2013-12-06 21:33:24    57344    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2013-12-06 21:26:44    129536    ----a-w-    C:\Windows\System32\coinst_13.251.dll
2013-12-06 21:16:40    26352128    ----a-w-    C:\Windows\System32\atio6axx.dll
2013-12-06 21:13:02    368640    ----a-w-    C:\Windows\System32\atiapfxx.exe
2013-12-06 21:12:52    62464    ----a-w-    C:\Windows\System32\aticalrt64.dll
2013-12-06 21:12:50    52224    ----a-w-    C:\Windows\SysWow64\aticalrt.dll
2013-12-06 21:12:42    55808    ----a-w-    C:\Windows\System32\aticalcl64.dll
2013-12-06 21:12:40    49152    ----a-w-    C:\Windows\SysWow64\aticalcl.dll
2013-12-06 21:12:26    15716352    ----a-w-    C:\Windows\System32\aticaldd64.dll
2013-12-06 21:09:18    14302208    ----a-w-    C:\Windows\SysWow64\aticaldd.dll
2013-12-06 20:58:50    22157824    ----a-w-    C:\Windows\SysWow64\atioglxx.dll
2013-12-06 20:53:18    442368    ----a-w-    C:\Windows\System32\atidemgy.dll
2013-12-06 20:53:10    31232    ----a-w-    C:\Windows\System32\atimuixx.dll
2013-12-06 20:53:04    588288    ----a-w-    C:\Windows\System32\atieclxx.exe
2013-12-06 20:52:10    239616    ----a-w-    C:\Windows\System32\atiesrxx.exe
2013-12-06 20:50:36    190976    ----a-w-    C:\Windows\System32\atitmm64.dll
2013-12-06 20:22:54    96256    ----a-w-    C:\Windows\System32\amdave64.dll
2013-12-06 20:22:48    90112    ----a-w-    C:\Windows\SysWow64\amdave32.dll
2013-12-06 20:22:42    1144320    ----a-w-    C:\Windows\System32\atiadlxx.dll
2013-12-06 20:22:38    89088    ----a-w-    C:\Windows\System32\atisamu64.dll
2013-12-06 20:22:34    80896    ----a-w-    C:\Windows\SysWow64\atisamu32.dll
2013-12-06 20:22:28    825344    ----a-w-    C:\Windows\SysWow64\atiadlxy.dll
2013-12-06 20:22:12    74752    ----a-w-    C:\Windows\System32\atig6pxx.dll
2013-12-06 20:22:08    69632    ----a-w-    C:\Windows\SysWow64\atiglpxx.dll
2013-12-06 20:22:08    69632    ----a-w-    C:\Windows\System32\atiglpxx.dll
2013-12-06 20:22:04    100352    ----a-w-    C:\Windows\System32\atig6txx.dll
2013-12-06 20:21:54    96768    ----a-w-    C:\Windows\SysWow64\atigktxx.dll
2013-12-06 20:21:44    626176    ----a-w-    C:\Windows\System32\drivers\atikmpag.sys
2013-12-06 20:18:12    43520    ----a-w-    C:\Windows\System32\drivers\ati2erec.dll
2013-11-29 16:34:39    76888    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2013-11-19 10:21:41    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-14 17:38:18    709144    ----a-w-    C:\Windows\System32\drivers\cmdguard.sys
2013-11-14 11:38:02    43216    ----a-w-    C:\Windows\System32\cmdcsr.dll
2013-11-13 23:21:57    283064    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2013-10-12 20:11:48    98304    ----a-w-    C:\Windows\SysWow64\CmdLineExt.dll
2006-07-06 23:42:52    54272    ----a-w-    C:\Program Files (x86)\win32pad.exe
.
============= FINISH:  8:02:41.62 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 AM

Posted 11 January 2014 - 06:44 AM

Hello, spiderbug2.
My name is etavares and I will be helping you with this log.
 
Here are some guidelines to ensure we are able to get your machine back under your control.
 
  • Please do not run any unsupervised scans, fixes, etc.  We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so.  Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned.  Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first.  There's no harm in asking questions!
  •  
     
     
    Step 1
     
     
     
     
     
     
     
     
     
     
     
     
    Two Antiviruses Warning
     
     
    I do not recommend that you have more than one anti virus product installed and running on your computer at a time.  The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".  It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to add/remove in the control panel and remove either Microsoft Security Essentials or Comodo Antivirus.
     
     
     
     
     
    Step 2
     
    Please download Farbar Recovery Scan Tool and save it to a flash drive.
     
    Plug the flashdrive into the infected PC.
     
    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
     
    If you are using Vista or Windows 7 enter System Recovery Options
     
    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  •  
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  •  
    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
     
    Select Command Prompt
     
    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64)  and press Enter 
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  •  
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #3 spiderbug2

    spiderbug2
    • Topic Starter

    • Members
    • 5 posts
    • OFFLINE
    •  
    • Local time:04:35 AM

    Posted 12 January 2014 - 02:19 PM

    ok here you go, sorry it took awile i am quite a busy person.

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2014 03
    Ran by SYSTEM on MININT-5V9N4BJ on 12-01-2014 13:08:52
    Running from H:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Recovery

    The current controlset is ControlSet002
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [6900024 2012-07-23] (Logitech Inc.)
    HKLM\...\Run: [Eraser] - C:\Program Files\Eraser\Eraser.exe [980368 2010-11-04] (The Eraser Project)
    HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
    HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe [1612504 2013-11-11] (COMODO)
    HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
    HKU\B\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [2987976 2011-02-22] (SUPERAntiSpyware.com)
    HKU\B\...\Run: [GizmoDriveDelegate] - RUNDLL32.EXE C:\PROGRA~2\GIZMO\GDRIVE.DLL,Remount_Startup_Images
    HKU\B\...\Run: [HydraVisionDesktopManager] - "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    HKU\BJ\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
    HKU\BJ\...\Run: [EvolveClient] - C:\Program Files\Echobit\Evolve\EvolveClient.exe [3216800 2014-01-10] (Echobit LLC)
    HKU\BJ\...\Run: [GizmoDriveDelegate] - RUNDLL32.EXE C:\PROGRA~2\GIZMO\GDRIVE.DLL,Remount_Startup_Images

    ==================== Services (Whitelisted) =================

    S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [128752 2010-06-29] (SUPERAntiSpyware.com)
    S3 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44064 2013-07-08] (ArcSoft, Inc.)
    S3 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)
    S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-19] (COMODO)
    S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)
    S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579424 2014-01-10] (Echobit LLC)
    S3 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [31856 2010-12-12] (Arainia Solutions)
    S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
    S2 MSSQL$BWDATOOLSET; C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
    S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4784312 2013-04-23] (INCA Internet Co., Ltd.)
    S3 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-01-04] ()
    S3 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-11-29] ()
    S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
    S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
    S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
    S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
    S3 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
    S3 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)
    S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
    S4 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [x]

    ==================== Drivers (Whitelisted) ====================

    S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
    S1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)
    S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [709144 2013-11-14] (COMODO)
    S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48872 2013-09-24] (COMODO)
    S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
    S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-13] (Disc Soft Ltd)
    S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2013-07-18] (Echobit, LLC)
    S1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [32840 2010-12-12] (Arainia Solutions LLC)
    S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-09-24] (COMODO)
    S3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2010-12-12] (Logitech Inc.)
    S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-29] (Broadcom Corporation)
    S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
    S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
    S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
    S3 NVFLASH; C:\Windows\system32\drivers\nvflash.sys [6144 2010-12-24] ()
    S0 qozysh; No ImagePath
    S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
    S3 TVICHW64; C:\Windows\SysWOW64\Drivers\TVICHW64.SYS [21200 2007-03-12] (EnTech Taiwan)
    S0 wayuia; No ImagePath
    S3 atillk64; \??\C:\Users\B\AppData\Local\Temp\BIOS_Saver_tmp\atillk64.sys [x]
    S3 catchme; \??\C:\ComboFix\catchme.sys [x]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
    S3 TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [x]
    S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2018-12-06 03:34 - 2013-09-24 02:53 - 04899544 _____ (COMODO) C:\ProgramData\cis6721.exe
    2018-12-06 03:32 - 2018-12-06 03:32 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
    2014-01-12 13:08 - 2014-01-12 13:08 - 00000000 ____D C:\FRST
    2014-01-11 12:50 - 2014-01-11 12:50 - 00317916 _____ C:\Users\BJ\Downloads\MMMLib-1_6_4-1.zip
    2014-01-11 12:49 - 2014-01-11 12:49 - 00315060 _____ C:\Users\BJ\Downloads\littleMaidMob-1_6_4-1.zip
    2014-01-10 12:36 - 2014-01-10 12:36 - 00000000 ____D C:\Users\BJ\AppData\Local\Echobit
    2014-01-10 12:35 - 2014-01-10 12:35 - 03258328 _____ (Echobit LLC) C:\Users\BJ\Downloads\EvolveSetup.exe
    2014-01-09 12:29 - 2014-01-09 12:29 - 00000000 ____D C:\Users\BJ\AppData\Local\SCE
    2014-01-07 07:26 - 2014-01-07 07:26 - 00001487 _____ C:\Windows\IE11_main.log
    2014-01-06 13:50 - 2014-01-06 13:50 - 00000000 ____D C:\ProgramData\ATI
    2014-01-06 13:49 - 2014-01-06 13:49 - 00055445 _____ C:\Windows\SysWOW64\CCCInstall_201401061549350435.log
    2014-01-06 13:49 - 2014-01-06 13:49 - 00000000 ____D C:\Program Files (x86)\AMD AVT
    2014-01-06 13:45 - 2014-01-06 13:45 - 00000000 ____D C:\Program Files\AMD
    2014-01-06 13:07 - 2014-01-06 13:07 - 00368104 _____ C:\Windows\Minidump\010614-41621-01.dmp
    2014-01-06 13:06 - 2014-01-06 13:21 - 641330470 _____ C:\Windows\MEMORY.DMP
    2014-01-06 12:58 - 2014-01-06 12:59 - 00000000 ____D C:\Users\BJ\Documents\Raiderz
    2014-01-06 12:58 - 2014-01-06 12:58 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
    2014-01-06 12:58 - 2013-04-23 14:28 - 04784312 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
    2014-01-06 12:58 - 2005-01-04 01:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
    2014-01-06 12:58 - 2003-07-20 10:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd
    2014-01-06 12:52 - 2014-01-06 12:52 - 00000000 ____D C:\Windows\64467D47FFE44FBCABBAA0DB829A17EB.TMP
    2014-01-06 12:42 - 2014-01-06 12:44 - 00000000 ____D C:\Users\BJ\Downloads\RaiderZ_Installer_20131114
    2014-01-06 11:30 - 2014-01-10 12:38 - 00000720 _____ C:\Windows\DirectX.log
    2014-01-04 18:41 - 2014-01-04 18:41 - 00000000 ____D C:\Users\BJ\AppData\Local\Macromedia
    2014-01-04 15:16 - 2014-01-04 15:16 - 00000000 _____ C:\Windows\setuperr.log
    2014-01-03 05:01 - 2014-01-11 06:19 - 00000000 ____D C:\Users\BJ\AppData\Local\VirtualStore
    2014-01-02 15:10 - 2014-01-02 15:10 - 00000000 ____D C:\Users\BJ\AppData\Local\The Lord of the Rings Online
    2014-01-02 15:08 - 2014-01-02 15:14 - 00000000 ____D C:\Users\BJ\Documents\The Lord of the Rings Online
    2014-01-02 15:08 - 2014-01-02 15:09 - 00000000 ____D C:\Users\BJ\AppData\Local\Turbine
    2014-01-02 13:38 - 2014-01-02 13:45 - 00000000 ____D C:\Users\BJ\AppData\Roaming\Comodo
    2014-01-02 11:37 - 2014-01-02 11:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2014-01-02 11:28 - 2014-01-02 11:28 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
    2014-01-02 11:27 - 2014-01-02 06:50 - 00000027 _____ C:\Windows\System32\Drivers\etc\hosts.20140102-132712.backup
    2014-01-02 09:42 - 2014-01-02 09:42 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
    2014-01-02 09:00 - 2014-01-02 09:00 - 00000000 ____D C:\ProgramData\Sophos
    2014-01-02 06:37 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
    2014-01-02 06:37 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
    2014-01-02 06:37 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-01-02 06:37 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-01-02 06:37 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-01-02 06:37 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
    2014-01-02 06:37 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
    2014-01-02 06:37 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
    2014-01-02 06:05 - 2014-01-12 11:03 - 01781309 _____ C:\Windows\WindowsUpdate.log
    2014-01-01 13:35 - 2014-01-02 06:54 - 00000000 ____D C:\Windows\erdnt
    2014-01-01 08:11 - 2014-01-04 13:56 - 00076888 _____ C:\Windows\System32\PnkBstrA.exe
    2014-01-01 07:54 - 2014-01-01 07:57 - 00000000 ____D C:\ProgramData\ParetoLogic
    2013-12-31 14:46 - 2013-12-31 15:55 - 00000858 _____ C:\Windows\client.config.ini
    2013-12-30 15:49 - 2013-12-30 15:49 - 00037376 _____ C:\Windows\System32\uqdspwi.ple
    2013-12-30 15:39 - 2014-01-04 14:49 - 00000089 _____ C:\Windows\System32\xavue.ckh
    2013-12-30 15:26 - 2013-12-30 15:49 - 00000101 _____ C:\Windows\System32\tkhadei.qzp
    2013-12-30 15:26 - 2013-12-30 15:26 - 00000064 _____ C:\Windows\System32\qakalc.nhe
    2013-12-30 15:10 - 2013-12-30 15:10 - 00219314 ____S C:\Windows\System32\vgvkym.zyj
    2013-12-25 09:16 - 2013-12-25 09:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-12-16 09:08 - 2013-12-16 09:08 - 00000216 _____ C:\Users\BJ\Desktop\Starbound.url
    2013-12-16 06:44 - 2013-11-30 04:04 - 00000799 _____ C:\Users\BJ\Desktop\Origin.lnk
    2013-12-16 06:44 - 2012-12-21 08:13 - 00000689 _____ C:\Users\BJ\Desktop\Steam.lnk
    2013-12-15 04:39 - 2014-01-08 12:42 - 00000124 _____ C:\Users\BJ\Desktop\job.txt

    ==================== One Month Modified Files and Folders =======

    2018-12-06 03:34 - 2013-06-09 04:30 - 00000646 _____ C:\Windows\SysWOW64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
    2018-12-06 03:32 - 2018-12-06 03:32 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
    2018-12-06 02:24 - 2012-12-21 07:36 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2018-12-06 02:22 - 2012-12-21 07:35 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2018-12-06 02:22 - 2012-12-21 07:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2018-12-06 02:22 - 2010-12-20 10:51 - 00001945 _____ C:\Windows\epplauncher.mif
    2014-01-12 13:08 - 2014-01-12 13:08 - 00000000 ____D C:\FRST
    2014-01-12 11:03 - 2014-01-02 06:05 - 01781309 _____ C:\Windows\WindowsUpdate.log
    2014-01-12 11:03 - 2013-11-29 10:59 - 01474832 _____ C:\Windows\System32\Drivers\sfi.dat
    2014-01-12 11:03 - 2009-07-13 20:45 - 00014016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-12 11:03 - 2009-07-13 20:45 - 00014016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-12 07:23 - 2011-01-16 13:54 - 00000000 ____D C:\Users\BJ\AppData\Roaming\Skype
    2014-01-12 04:55 - 2012-09-14 11:56 - 00000000 ____D C:\Users\BJ\Desktop\Destktop Folders
    2014-01-11 12:50 - 2014-01-11 12:50 - 00317916 _____ C:\Users\BJ\Downloads\MMMLib-1_6_4-1.zip
    2014-01-11 12:49 - 2014-01-11 12:49 - 00315060 _____ C:\Users\BJ\Downloads\littleMaidMob-1_6_4-1.zip
    2014-01-11 06:19 - 2014-01-03 05:01 - 00000000 ____D C:\Users\BJ\AppData\Local\VirtualStore
    2014-01-10 12:38 - 2014-01-06 11:30 - 00000720 _____ C:\Windows\DirectX.log
    2014-01-10 12:36 - 2014-01-10 12:36 - 00000000 ____D C:\Users\BJ\AppData\Local\Echobit
    2014-01-10 12:35 - 2014-01-10 12:35 - 03258328 _____ (Echobit LLC) C:\Users\BJ\Downloads\EvolveSetup.exe
    2014-01-10 12:02 - 2013-11-30 15:13 - 00000000 ____D C:\Users\BJ\AppData\Roaming\ftblauncher
    2014-01-10 11:10 - 2013-11-26 18:04 - 00000000 ____D C:\ProgramData\Tunngle
    2014-01-10 10:22 - 2013-11-30 15:18 - 00000000 ____D C:\Users\BJ\AppData\Roaming\.minecraft
    2014-01-10 09:47 - 2013-11-28 08:41 - 00000000 ____D C:\Users\BJ\Downloads\Yogscast Mooncraft
    2014-01-10 08:37 - 2013-09-09 15:19 - 00000000 ____D C:\Users\BJ\AppData\Roaming\.technic
    2014-01-09 12:29 - 2014-01-09 12:29 - 00000000 ____D C:\Users\BJ\AppData\Local\SCE
    2014-01-09 12:02 - 2010-06-24 12:57 - 00000000 ____D C:\Users\BJ\AppData\Roaming\vlc
    2014-01-08 12:42 - 2013-12-15 04:39 - 00000124 _____ C:\Users\BJ\Desktop\job.txt
    2014-01-08 11:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2014-01-07 12:55 - 2012-09-20 12:58 - 00000000 ____D C:\Users\BJ\AppData\Roaming\Tunngle
    2014-01-07 11:13 - 2009-07-13 21:13 - 00850310 _____ C:\Windows\System32\PerfStringBackup.INI
    2014-01-07 07:26 - 2014-01-07 07:26 - 00001487 _____ C:\Windows\IE11_main.log
    2014-01-06 13:50 - 2014-01-06 13:50 - 00000000 ____D C:\ProgramData\ATI
    2014-01-06 13:50 - 2012-03-18 10:06 - 00000000 ____D C:\ProgramData\AMD
    2014-01-06 13:49 - 2014-01-06 13:49 - 00055445 _____ C:\Windows\SysWOW64\CCCInstall_201401061549350435.log
    2014-01-06 13:49 - 2014-01-06 13:49 - 00000000 ____D C:\Program Files (x86)\AMD AVT
    2014-01-06 13:48 - 2013-04-26 08:39 - 00000000 ____D C:\Program Files\ATI Technologies
    2014-01-06 13:45 - 2014-01-06 13:45 - 00000000 ____D C:\Program Files\AMD
    2014-01-06 13:42 - 2010-12-20 10:51 - 00842432 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-01-06 13:31 - 2011-06-09 13:25 - 00000000 ____D C:\ProgramData\Yahoo!
    2014-01-06 13:31 - 2011-06-09 13:24 - 00000000 ____D C:\Program Files (x86)\Yahoo!
    2014-01-06 13:21 - 2014-01-06 13:06 - 641330470 _____ C:\Windows\MEMORY.DMP
    2014-01-06 13:21 - 2010-12-21 18:02 - 00000000 ____D C:\Windows\Minidump
    2014-01-06 13:07 - 2014-01-06 13:07 - 00368104 _____ C:\Windows\Minidump\010614-41621-01.dmp
    2014-01-06 12:59 - 2014-01-06 12:58 - 00000000 ____D C:\Users\BJ\Documents\Raiderz
    2014-01-06 12:58 - 2014-01-06 12:58 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
    2014-01-06 12:52 - 2014-01-06 12:52 - 00000000 ____D C:\Windows\64467D47FFE44FBCABBAA0DB829A17EB.TMP
    2014-01-06 12:50 - 2013-11-03 09:30 - 00000000 ____D C:\ProgramData\HappyCloud
    2014-01-06 12:44 - 2014-01-06 12:42 - 00000000 ____D C:\Users\BJ\Downloads\RaiderZ_Installer_20131114
    2014-01-06 11:30 - 2013-04-09 11:30 - 00000000 ____D C:\Users\BJ\AppData\Local\Warframe
    2014-01-04 18:41 - 2014-01-04 18:41 - 00000000 ____D C:\Users\BJ\AppData\Local\Macromedia
    2014-01-04 15:16 - 2014-01-04 15:16 - 00000000 _____ C:\Windows\setuperr.log
    2014-01-04 15:08 - 2011-03-01 08:21 - 00000000 ____D C:\Users\BJ\AppData\Roaming\Mozilla
    2014-01-04 14:49 - 2013-12-30 15:39 - 00000089 _____ C:\Windows\System32\xavue.ckh
    2014-01-04 13:56 - 2014-01-01 08:11 - 00076888 _____ C:\Windows\System32\PnkBstrA.exe
    2014-01-04 13:56 - 2011-04-01 14:40 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
    2014-01-03 06:08 - 2011-04-01 14:40 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
    2014-01-03 05:26 - 2011-03-01 07:59 - 00000000 ____D C:\Users\BJ\AppData\Local\Eraser 6
    2014-01-02 15:14 - 2014-01-02 15:08 - 00000000 ____D C:\Users\BJ\Documents\The Lord of the Rings Online
    2014-01-02 15:10 - 2014-01-02 15:10 - 00000000 ____D C:\Users\BJ\AppData\Local\The Lord of the Rings Online
    2014-01-02 15:09 - 2014-01-02 15:08 - 00000000 ____D C:\Users\BJ\AppData\Local\Turbine
    2014-01-02 13:45 - 2014-01-02 13:38 - 00000000 ____D C:\Users\BJ\AppData\Roaming\Comodo
    2014-01-02 13:38 - 2013-06-09 09:58 - 00000000 ____D C:\ProgramData\Comodo
    2014-01-02 12:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2014-01-02 12:03 - 2011-03-01 07:52 - 00000000 ____D C:\users\BJ
    2014-01-02 12:00 - 2011-03-05 17:27 - 00000000 ____D C:\Users\BJ\Downloads\New folder
    2014-01-02 11:37 - 2014-01-02 11:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2014-01-02 11:35 - 2012-02-15 10:47 - 00000000 ____D C:\Users\BJ\.nbi
    2014-01-02 11:28 - 2014-01-02 11:28 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
    2014-01-02 11:27 - 2009-07-13 18:34 - 00449836 ____R C:\Windows\System32\Drivers\etc\hosts.ccebak
    2014-01-02 11:18 - 2012-01-15 13:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2014-01-02 09:42 - 2014-01-02 09:42 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
    2014-01-02 09:40 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
    2014-01-02 09:00 - 2014-01-02 09:00 - 00000000 ____D C:\ProgramData\Sophos
    2014-01-02 06:59 - 2012-12-20 12:33 - 00000000 ____D C:\users\Patrick
    2014-01-02 06:54 - 2014-01-01 13:35 - 00000000 ____D C:\Windows\erdnt
    2014-01-02 06:51 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
    2014-01-02 06:50 - 2014-01-02 11:27 - 00000027 _____ C:\Windows\System32\Drivers\etc\hosts.20140102-132712.backup
    2014-01-02 06:48 - 2009-07-13 18:34 - 90177536 _____ C:\Windows\System32\config\SOFTWARE.bak
    2014-01-02 06:48 - 2009-07-13 18:34 - 44302336 _____ C:\Windows\System32\config\SYSTEM.bak
    2014-01-02 06:48 - 2009-07-13 18:34 - 06291456 _____ C:\Windows\System32\config\DEFAULT.bak
    2014-01-02 06:48 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\System32\config\SECURITY.bak
    2014-01-02 06:48 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\System32\config\SAM.bak
    2014-01-02 06:30 - 2011-03-01 07:52 - 00000000 ____D C:\Users\BJ\AppData\Local\ATI
    2014-01-01 07:57 - 2014-01-01 07:54 - 00000000 ____D C:\ProgramData\ParetoLogic
    2014-01-01 07:47 - 2012-03-10 09:04 - 00000000 ____D C:\ProgramData\Adobe
    2013-12-31 15:55 - 2013-12-31 14:46 - 00000858 _____ C:\Windows\client.config.ini
    2013-12-31 12:09 - 2012-04-10 08:19 - 00000000 ____D C:\Users\BJ\Documents\My Cheat Tables
    2013-12-31 09:44 - 2013-11-13 15:28 - 00000000 ____D C:\ProgramData\Conduit
    2013-12-31 08:51 - 2011-03-14 12:42 - 00000000 ____D C:\Users\BJ\AppData\Roaming\Azureus
    2013-12-30 16:04 - 2012-02-10 11:26 - 00000000 ____D C:\HammerAutosave
    2013-12-30 15:49 - 2013-12-30 15:49 - 00037376 _____ C:\Windows\System32\uqdspwi.ple
    2013-12-30 15:49 - 2013-12-30 15:26 - 00000101 _____ C:\Windows\System32\tkhadei.qzp
    2013-12-30 15:26 - 2013-12-30 15:26 - 00000064 _____ C:\Windows\System32\qakalc.nhe
    2013-12-30 15:10 - 2013-12-30 15:10 - 00219314 ____S C:\Windows\System32\vgvkym.zyj
    2013-12-28 11:27 - 2012-04-26 09:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-12-25 09:18 - 2013-12-25 09:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-12-20 10:28 - 2011-03-01 12:33 - 00000000 ____D C:\ProgramData\Skype
    2013-12-20 10:27 - 2011-03-01 12:33 - 00000000 ___RD C:\Program Files (x86)\Skype
    2013-12-20 09:50 - 2013-02-23 04:23 - 00000000 ____D C:\Program Files (x86)\Dragon Age
    2013-12-20 09:37 - 2011-03-01 08:21 - 00000000 ____D C:\Users\BJ\AppData\Local\Mozilla
    2013-12-16 09:15 - 2012-12-21 08:43 - 00000000 ____D C:\Users\BJ\AppData\Roaming\Natural Selection 2
    2013-12-16 09:08 - 2013-12-16 09:08 - 00000216 _____ C:\Users\BJ\Desktop\Starbound.url
    2013-12-13 09:29 - 2009-07-13 21:08 - 00032654 _____ C:\Windows\Tasks\SCHEDLGU.TXT

    Files to move or delete:
    ====================
    C:\ProgramData\cis6721.exe
    C:\ProgramData\cis8CB4.exe


    Some content of TEMP:
    ====================
    C:\Users\BJ\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe


    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2009-07-13 16:00] - [2009-07-13 17:41] - 0510464 ____A (Microsoft Corporation) ADD35BE459C22AD590CC2AD252E6087C

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2014-01-01 07:46:00
    Restore point made on: 2014-01-02 08:24:36
    Restore point made on: 2014-01-02 08:47:57
    Restore point made on: 2014-01-02 08:59:47
    Restore point made on: 2014-01-02 09:52:27
    Restore point made on: 2014-01-02 09:54:15
    Restore point made on: 2014-01-02 10:09:21
    Restore point made on: 2014-01-02 11:22:21
    Restore point made on: 2014-01-02 11:24:48
    Restore point made on: 2014-01-02 11:26:05
    Restore point made on: 2014-01-02 11:29:02
    Restore point made on: 2014-01-02 11:30:56
    Restore point made on: 2014-01-02 11:32:02
    Restore point made on: 2014-01-02 11:35:27
    Restore point made on: 2014-01-02 11:37:35
    Restore point made on: 2014-01-02 11:38:20
    Restore point made on: 2014-01-02 15:04:41
    Restore point made on: 2014-01-02 15:05:21
    Restore point made on: 2014-01-05 10:57:42
    Restore point made on: 2014-01-06 11:30:21
    Restore point made on: 2014-01-06 12:52:35
    Restore point made on: 2014-01-06 13:31:34
    Restore point made on: 2014-01-06 13:39:15
    Restore point made on: 2014-01-06 13:43:43
    Restore point made on: 2014-01-08 11:43:56
    Restore point made on: 2014-01-10 12:38:09
    Restore point made on: 2014-01-11 12:04:03

    ==================== Memory info ===========================

    Percentage of memory in use: 9%
    Total physical RAM: 8191.12 MB
    Available physical RAM: 7380.11 MB
    Total Pagefile: 8189.27 MB
    Available Pagefile: 7368.13 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.86 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:293.82 GB) (Free:58.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: () (Fixed) (Total:80.68 GB) (Free:42.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: (New Volume) (Fixed) (Total:33.81 GB) (Free:22.43 GB) NTFS
    Drive f: (637 gb backup) (Fixed) (Total:637.69 GB) (Free:85.41 GB) NTFS
    Drive h: (USB20FD) (Removable) (Total:15.11 GB) (Free:9.37 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 68C0EF8A)
    Partition 1: (Active) - (Size=294 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=638 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 114 GB) (Disk ID: A810C60E)
    Partition 1: (Active) - (Size=81 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=34 GB) - (Type=05)

    ========================================================
    Disk: 2 (Size: 15 GB) (Disk ID: 04DD5721)
    Partition 1: (Active) - (Size=15 GB) - (Type=0C)


    LastRegBack: 2013-12-16 07:05

    ==================== End Of Log ============================



    #4 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:06:35 AM

    Posted 12 January 2014 - 02:30 PM

    Hi,

     

    OK, we need to find a file replacement.  Boot up into FRST as before.  In the search box type rpcss.dll and click Search File(s).  In a few minutes, it will complete and save a log called search.txt on the flash drive.  Post the contents of that log in your reply, please.

     

    -etavares



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #5 spiderbug2

    spiderbug2
    • Topic Starter

    • Members
    • 5 posts
    • OFFLINE
    •  
    • Local time:04:35 AM

    Posted 13 January 2014 - 01:21 PM

    here you go.

     

    Farbar Recovery Scan Tool (x64) Version: 11-01-2014 03
    Ran by SYSTEM at 2014-01-13 12:08:24
    Running from H:\
    Boot Mode: Recovery

    ================== Search: "rpcss.dll" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
    [2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

    C:\Windows\System32\rpcss.dll
    [2009-07-13 16:00] - [2009-07-13 17:41] - 0510464 ____A (Microsoft Corporation) ADD35BE459C22AD590CC2AD252E6087C

    C:\$WINDOWS.~BT\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.2.9200.16384_none_c2948360c7a43433\rpcss.dll
    [2012-07-25 22:12] - [2012-07-25 22:12] - 0817152 ____A (Microsoft Corporation) 1EC6E533C954BDDF2A37E7851A7E58FD

    C:\$WINDOWS.~BT\Windows\System32\rpcss.dll
    [2012-07-25 22:12] - [2012-07-25 22:12] - 0817152 ____A (Microsoft Corporation) 1EC6E533C954BDDF2A37E7851A7E58FD

    C:\$WINDOWS.~BT\Sources\Windows.NEW\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.2.9200.16384_none_c2948360c7a43433\rpcss.dll
    [2012-07-25 15:53] - [2012-07-25 19:07] - 0817152 ____A (Microsoft Corporation) 1EC6E533C954BDDF2A37E7851A7E58FD

    C:\$WINDOWS.~BT\Sources\Windows.NEW\Windows\System32\rpcss.dll
    [2012-07-25 15:53] - [2012-07-25 19:07] - 0817152 ____A (Microsoft Corporation) 1EC6E533C954BDDF2A37E7851A7E58FD

    X:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
    [2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

    X:\Windows\System32\rpcss.dll
    [2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

    ====== End Of Search ======



    #6 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:06:35 AM

    Posted 13 January 2014 - 08:31 PM

    Hello, spiderbug2.
     
    P2P Warning and Request
    The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case Vuze). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.
     
    It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care.  I recommend that you uninstall this program.  That is optional, however.  If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.
     
     
     
    Registry Cleaner Warning
     
     
    I also see that you have a Ccleaner installed.  It is a great tool that I use.  However, be careful of the registry cleaning functionality (versus file cleaning),  Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry.  If you do use it, make sure to use a tool like ERUNT to back up your registry first.  Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!
     
    See here for more information:
     
     
     
     
     
    Step 1
     
     
    Please copy/paste the text in the codebox into Notepad and save it as fixlist.txt to your FRST flash drive.  Boot up the infected computer with FRST and push Fix once.  It will process the script then save a log called fixlog.txt to the flash drive.
     
    Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\Windows\System32\rpcss.dll
    2013-12-30 15:49 - 2013-12-30 15:49 - 00037376 _____ C:\Windows\System32\uqdspwi.ple
    2013-12-30 15:39 - 2014-01-04 14:49 - 00000089 _____ C:\Windows\System32\xavue.ckh
    2013-12-30 15:26 - 2013-12-30 15:49 - 00000101 _____ C:\Windows\System32\tkhadei.qzp
    2013-12-30 15:26 - 2013-12-30 15:26 - 00000064 _____ C:\Windows\System32\qakalc.nhe
    2013-12-30 15:10 - 2013-12-30 15:10 - 00219314 ____S C:\Windows\System32\vgvkym.zyj
    S0 qozysh; No ImagePath
    S0 wayuia; No ImagePath
     
    After that, please boot into Windows and let me know if the ads are gone.  Please then run a new DDS scan.
     
    in your reply, please post fixlog.txt and dds.txt.
     
     
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #7 spiderbug2

    spiderbug2
    • Topic Starter

    • Members
    • 5 posts
    • OFFLINE
    •  
    • Local time:04:35 AM

    Posted 15 January 2014 - 02:02 PM

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2014 03
    Ran by SYSTEM at 2014-01-15 12:15:53 Run:1
    Running from H:\
    Boot Mode: Recovery
    ==============================================

    Content of fixlist:
    *****************
    Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\Windows\System32\rpcss.dll
    2013-12-30 15:49 - 2013-12-30 15:49 - 00037376 _____ C:\Windows\System32\uqdspwi.ple
    2013-12-30 15:39 - 2014-01-04 14:49 - 00000089 _____ C:\Windows\System32\xavue.ckh
    2013-12-30 15:26 - 2013-12-30 15:49 - 00000101 _____ C:\Windows\System32\tkhadei.qzp
    2013-12-30 15:26 - 2013-12-30 15:26 - 00000064 _____ C:\Windows\System32\qakalc.nhe
    2013-12-30 15:10 - 2013-12-30 15:10 - 00219314 ____S C:\Windows\System32\vgvkym.zyj
    S0 qozysh; No ImagePath
    S0 wayuia; No ImagePath
    *****************

    C:\Windows\System32\rpcss.dll => Moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
    C:\Windows\System32\uqdspwi.ple => Moved successfully.
    C:\Windows\System32\xavue.ckh => Moved successfully.
    C:\Windows\System32\tkhadei.qzp => Moved successfully.
    C:\Windows\System32\qakalc.nhe => Moved successfully.
    C:\Windows\System32\vgvkym.zyj => Moved successfully.
    qozysh => Service deleted successfully.
    wayuia => Service deleted successfully.

    ==== End of Fixlog ====












    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7600.16722 BrowserJavaVersion: 10.13.2
    Run by BJ at 12:47:29 on 2014-01-15
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6226 [GMT -6:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Eraser\Eraser.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Gizmo\gizmo.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Waterfox\waterfox.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uProxyOverride = local;<local>
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - <orphaned>
    BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
    TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    uRun: [EvolveClient] "C:\Program Files\Echobit\Evolve\EvolveClient.exe" -autorun
    uRun: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~2\GIZMO\GDRIVE.DLL,Remount_Startup_Images
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Gizmo.lnk - C:\Program Files (x86)\Gizmo\gizmo.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{49A9F930-F96A-4BB4-8C1B-60115AE5153A} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{84EDBBE6-F76B-44BA-B000-769CF132EC2C} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{AA30F1D1-010D-494C-8CCD-4042DE9E8442} : DHCPNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
    TCP: Interfaces\{B385217B-76F5-406D-B872-2F71E6887F62} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{C44E6F8A-F875-4348-A18C-899D0CB3D026} : DHCPNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: {11111111-1111-1111-1111-110411361128} - <orphaned>
    x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
    x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
    x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\BJ\AppData\Roaming\Mozilla\Firefox\Profiles\6f5wyk8c.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - plugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
    FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_11_8_800_168.dll
    FF - plugin: C:\Windows\System32\npDeployJava1.dll
    FF - plugin: C:\Windows\System32\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
    R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-11-22 303408]
    R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-9-24 23168]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-11-14 709144]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-9-24 48872]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-11-13 283064]
    R1 GizmoDrv;Gizmo Device Driver;C:\Windows\System32\drivers\gizmodrv.sys [2010-12-12 32840]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
    R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616]
    R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-1-25 386344]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-21 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-21 1369624]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-21 168384]
    R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2010-12-14 11576]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
    R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\System32\drivers\evolve.sys [2013-7-18 21656]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2010-12-12 22408]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-1-12 325152]
    R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-9-20 31232]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
    S3 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2013-7-8 44064]
    S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-4-29 32768]
    S3 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]
    S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-9-24 164056]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2013-2-23 25832]
    S3 EvoSvc;Evolve Service;C:\Program Files\Echobit\Evolve\EvoSvc.exe [2014-1-10 1579424]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-13 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
    S3 Gizmo Central;Gizmo Central;C:\Program Files (x86)\Gizmo\gservice.exe [2010-12-12 31856]
    S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2009-7-14 1708800]
    S3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\System32\drivers\LGPBTDD.sys [2010-12-12 30728]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2010-12-12 16008]
    S3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\System32\drivers\AE2500w764.sys [2011-12-31 1254464]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
    S3 NVFLASH;NVFLASH;C:\Windows\System32\drivers\nvflash.sys [2010-12-24 6144]
    S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
    S3 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]
    S3 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
    S3 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]
    S3 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-8-15 4308320]
    S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-9-20 758224]
    S3 TVICHW64;TVICHW64;C:\Windows\SysWOW64\drivers\TVICHW64.SYS [2011-1-13 21200]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    S4 wlcrasvc;Windows Live Mesh remote connections service;"C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" --> C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2018-12-06 11:34:30 4899544 ----a-w- C:\ProgramData\cis6721.exe
    2018-12-06 11:32:52 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
    2018-12-06 10:07:15 15360 ----a-r- C:\Users\BJ\AppData\Roaming\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E910.exe
    2018-12-06 10:07:15 11264 ----a-r- C:\Users\BJ\AppData\Roaming\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E96.exe
    2014-01-14 18:27:23 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56A64306-C8F7-485B-B195-AC8E232EEE14}\mpengine.dll
    2014-01-12 21:08:45 -------- d-----w- C:\FRST
    2014-01-11 20:05:18 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-01-10 20:36:01 -------- d-----w- C:\Users\BJ\AppData\Local\Echobit
    2014-01-09 20:29:57 -------- d-----w- C:\Users\BJ\AppData\Local\SCE
    2014-01-06 21:49:58 -------- d-----w- C:\Program Files (x86)\AMD AVT
    2014-01-06 21:45:41 -------- d-----w- C:\Program Files\AMD
    2014-01-06 20:58:47 4784312 ----a-w- C:\Windows\SysWow64\GameMon.des
    2014-01-06 20:58:28 4682 ----a-w- C:\Windows\SysWow64\npptNT2.sys
    2014-01-06 20:58:27 5174 ----a-w- C:\Windows\SysWow64\nppt9x.vxd
    2014-01-06 20:58:24 -------- d-----w- C:\Program Files\Common Files\INCA Shared
    2014-01-06 20:52:40 -------- d-----w- C:\Windows\64467D47FFE44FBCABBAA0DB829A17EB.TMP
    2014-01-05 02:41:46 -------- d-----w- C:\Users\BJ\AppData\Local\Macromedia
    2014-01-04 23:13:49 -------- d-----w- C:\Users\BJ\AppData\Local\Diagnostics
    2014-01-03 13:01:20 -------- d-----w- C:\Users\BJ\AppData\Local\VirtualStore
    2014-01-02 23:10:26 -------- d-----w- C:\Users\BJ\AppData\Local\The Lord of the Rings Online
    2014-01-02 23:08:19 -------- d-----w- C:\Users\BJ\AppData\Local\Turbine
    2014-01-02 21:38:25 -------- d-----w- C:\Users\BJ\AppData\Roaming\Comodo
    2014-01-02 19:28:05 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
    2014-01-02 17:42:57 117464 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-01-02 17:00:19 -------- d-----w- C:\ProgramData\Sophos
    2014-01-02 14:51:04 -------- d-sh--w- C:\$RECYCLE.BIN
    2014-01-02 14:37:25 98816 ----a-w- C:\Windows\sed.exe
    2014-01-02 14:37:25 256000 ----a-w- C:\Windows\PEV.exe
    2014-01-02 14:37:25 208896 ----a-w- C:\Windows\MBR.exe
    2014-01-01 16:11:37 76888 ----a-w- C:\Windows\System32\PnkBstrA.exe
    2014-01-01 15:54:33 -------- d-----w- C:\ProgramData\ParetoLogic
    2013-12-25 17:16:54 647280 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
    .
    ==================== Find3M ====================
    .
    2014-01-04 21:56:36 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2014-01-03 14:08:00 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2013-12-06 22:49:18 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
    2013-12-06 22:44:26 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
    2013-12-06 22:08:46 157736 ----a-w- C:\Windows\System32\amdhcp64.dll
    2013-12-06 22:08:22 142304 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
    2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\atimpc64.dll
    2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
    2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2013-12-06 22:04:10 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
    2013-12-06 22:03:46 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2013-12-06 22:03:00 115512 ----a-w- C:\Windows\System32\atiu9p64.dll
    2013-12-06 22:02:38 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2013-12-06 22:01:52 1318552 ----a-w- C:\Windows\System32\aticfx64.dll
    2013-12-06 22:01:04 1100216 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2013-12-06 22:00:16 9753752 ----a-w- C:\Windows\System32\atidxx64.dll
    2013-12-06 21:59:50 8406024 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2013-12-06 21:59:00 8287008 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2013-12-06 21:58:10 6630232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2013-12-06 21:57:20 8927704 ----a-w- C:\Windows\System32\atiumd6a.dll
    2013-12-06 21:56:54 7751920 ----a-w- C:\Windows\System32\atiumd64.dll
    2013-12-06 21:52:14 13207552 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2013-12-06 21:38:52 230912 ----a-w- C:\Windows\System32\clinfo.exe
    2013-12-06 21:38:34 99840 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2013-12-06 21:38:28 83968 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2013-12-06 21:38:22 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
    2013-12-06 21:38:18 73728 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2013-12-06 21:37:58 29382144 ----a-w- C:\Windows\System32\amdocl64.dll
    2013-12-06 21:35:36 24860160 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2013-12-06 21:33:28 63488 ----a-w- C:\Windows\System32\OpenCL.dll
    2013-12-06 21:33:24 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2013-12-06 21:26:44 129536 ----a-w- C:\Windows\System32\coinst_13.251.dll
    2013-12-06 21:16:40 26352128 ----a-w- C:\Windows\System32\atio6axx.dll
    2013-12-06 21:13:02 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
    2013-12-06 21:12:52 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
    2013-12-06 21:12:50 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2013-12-06 21:12:42 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
    2013-12-06 21:12:40 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2013-12-06 21:12:26 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
    2013-12-06 21:09:18 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2013-12-06 20:58:50 22157824 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2013-12-06 20:53:18 442368 ----a-w- C:\Windows\System32\atidemgy.dll
    2013-12-06 20:53:10 31232 ----a-w- C:\Windows\System32\atimuixx.dll
    2013-12-06 20:53:04 588288 ----a-w- C:\Windows\System32\atieclxx.exe
    2013-12-06 20:52:10 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
    2013-12-06 20:50:36 190976 ----a-w- C:\Windows\System32\atitmm64.dll
    2013-12-06 20:22:54 96256 ----a-w- C:\Windows\System32\amdave64.dll
    2013-12-06 20:22:48 90112 ----a-w- C:\Windows\SysWow64\amdave32.dll
    2013-12-06 20:22:42 1144320 ----a-w- C:\Windows\System32\atiadlxx.dll
    2013-12-06 20:22:38 89088 ----a-w- C:\Windows\System32\atisamu64.dll
    2013-12-06 20:22:34 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll
    2013-12-06 20:22:28 825344 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2013-12-06 20:22:12 74752 ----a-w- C:\Windows\System32\atig6pxx.dll
    2013-12-06 20:22:08 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2013-12-06 20:22:08 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
    2013-12-06 20:22:04 100352 ----a-w- C:\Windows\System32\atig6txx.dll
    2013-12-06 20:21:54 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2013-12-06 20:21:44 626176 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2013-12-06 20:18:12 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2013-11-29 16:34:39 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
    2013-11-14 17:38:18 709144 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
    2013-11-14 11:38:02 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
    2013-11-13 23:21:57 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2006-07-06 23:42:52 54272 ----a-w- C:\Program Files (x86)\win32pad.exe
    .
    ============= FINISH: 12:50:57.09 ===============

    edit: forgot to say the ads are gone but thats becuse with out it being there i didnt even think about it XD but anyway svhost is pretty much at the bottom of the ram usesage list but just to be safe will check it through out the day and reply if it starts acting strange again but thank you for your help :D

    Edited by spiderbug2, 15 January 2014 - 02:20 PM.


    #8 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:06:35 AM

    Posted 15 January 2014 - 04:38 PM

    Hello, spiderbug2.
     
    Two Antiviruses Warning - ACTION REQUIRED
     
     
    I do not recommend that you have more than one anti virus product installed and running on your computer at a time.  The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".  It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to add/remove in the control panel and remove either Microsoft Security Essentials or COMODO Antivirus.
     
    Step 1
     
    I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png
  •  
     
     
    Step 2
     
    Next, we need to update Java.
    Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of  Windows Offline (32-bit)]Java Runtime Environment (JRE) 7 Update 45 32-bit version[/URL].  Note that if you have 64-bit windows, the default is to use a 32-bit browser.  If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version.
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
  • Java 7 Update 13
    Java™ 6 Update 22 (64-bit)
    Java™ 6 Update 29
    Java™ 7 Update 5 (64-bit)
    Java™ SE Development Kit 6 Update 22 (64-bit)
    Java™ SE Development Kit 7 Update 2
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the java file you downloaded to install the newest version.  If you downloaded the 64-bit version, make sure to install that as well.
  •  
    You can download and install the SDK if you want as well.
     
    Step 3
     
    Please run DDS again and post the resulting log.
     
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #9 spiderbug2

    spiderbug2
    • Topic Starter

    • Members
    • 5 posts
    • OFFLINE
    •  
    • Local time:04:35 AM

    Posted 16 January 2014 - 06:36 PM

    all ESET scanner found is this.

    C:\FRST\Quarantine\rpcss.dll Win64/Patched.H trojan


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7600.16722 BrowserJavaVersion: 10.45.2
    Run by BJ at 17:06:39 on 2014-01-16
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.4488 [GMT -6:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Eraser\Eraser.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Gizmo\gizmo.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
    C:\Program Files\Waterfox\waterfox.exe
    C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    D:\Program Files\Steam\Steam.exe
    C:\Program Files\Waterfox\plugin-container.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uProxyOverride = local;<local>
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - <orphaned>
    BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
    TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    uRun: [EvolveClient] "C:\Program Files\Echobit\Evolve\EvolveClient.exe" -autorun
    uRun: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~2\GIZMO\GDRIVE.DLL,Remount_Startup_Images
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Gizmo.lnk - C:\Program Files (x86)\Gizmo\gizmo.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{49A9F930-F96A-4BB4-8C1B-60115AE5153A} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{84EDBBE6-F76B-44BA-B000-769CF132EC2C} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{AA30F1D1-010D-494C-8CCD-4042DE9E8442} : DHCPNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
    TCP: Interfaces\{B385217B-76F5-406D-B872-2F71E6887F62} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{C44E6F8A-F875-4348-A18C-899D0CB3D026} : DHCPNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: {11111111-1111-1111-1111-110411361128} - <orphaned>
    x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
    x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
    x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\BJ\AppData\Roaming\Mozilla\Firefox\Profiles\6f5wyk8c.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - plugin: C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
    FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_11_8_800_168.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
    R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-11-22 303408]
    R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-9-24 23168]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-11-14 709144]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-9-24 48872]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-11-13 283064]
    R1 GizmoDrv;Gizmo Device Driver;C:\Windows\System32\drivers\gizmodrv.sys [2010-12-12 32840]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
    R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616]
    R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-1-25 386344]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-21 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-21 1369624]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-21 168384]
    R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2010-12-14 11576]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
    R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\System32\drivers\evolve.sys [2013-7-18 21656]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2010-12-12 22408]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-1-12 325152]
    R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-9-20 31232]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
    S3 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2013-7-8 44064]
    S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-4-29 32768]
    S3 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]
    S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-9-24 164056]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2013-2-23 25832]
    S3 EvoSvc;Evolve Service;C:\Program Files\Echobit\Evolve\EvoSvc.exe [2014-1-10 1579424]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-13 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
    S3 Gizmo Central;Gizmo Central;C:\Program Files (x86)\Gizmo\gservice.exe [2010-12-12 31856]
    S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2009-7-14 1708800]
    S3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\System32\drivers\LGPBTDD.sys [2010-12-12 30728]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2010-12-12 16008]
    S3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\System32\drivers\AE2500w764.sys [2011-12-31 1254464]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
    S3 NVFLASH;NVFLASH;C:\Windows\System32\drivers\nvflash.sys [2010-12-24 6144]
    S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
    S3 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]
    S3 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
    S3 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]
    S3 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-8-15 4308320]
    S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-9-20 758224]
    S3 TVICHW64;TVICHW64;C:\Windows\SysWOW64\drivers\TVICHW64.SYS [2011-1-13 21200]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    S4 wlcrasvc;Windows Live Mesh remote connections service;"C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" --> C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2018-12-06 11:34:30 4899544 ----a-w- C:\ProgramData\cis6721.exe
    2018-12-06 11:32:52 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
    2018-12-06 10:07:15 15360 ----a-r- C:\Users\BJ\AppData\Roaming\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E910.exe
    2018-12-06 10:07:15 11264 ----a-r- C:\Users\BJ\AppData\Roaming\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E96.exe
    2014-01-16 19:36:40 -------- d-----w- C:\Program Files (x86)\ESET
    2014-01-16 19:36:15 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2014-01-16 19:35:20 -------- d-----w- C:\ProgramData\Oracle
    2014-01-16 19:35:00 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-01-15 18:57:21 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D28D0677-9B52-48D4-8A73-E0DC1B33426F}\mpengine.dll
    2014-01-14 18:27:23 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-01-12 21:08:45 -------- d-----w- C:\FRST
    2014-01-10 20:36:01 -------- d-----w- C:\Users\BJ\AppData\Local\Echobit
    2014-01-09 20:29:57 -------- d-----w- C:\Users\BJ\AppData\Local\SCE
    2014-01-06 21:49:58 -------- d-----w- C:\Program Files (x86)\AMD AVT
    2014-01-06 21:45:41 -------- d-----w- C:\Program Files\AMD
    2014-01-06 20:58:47 4784312 ----a-w- C:\Windows\SysWow64\GameMon.des
    2014-01-06 20:58:28 4682 ----a-w- C:\Windows\SysWow64\npptNT2.sys
    2014-01-06 20:58:27 5174 ----a-w- C:\Windows\SysWow64\nppt9x.vxd
    2014-01-06 20:58:24 -------- d-----w- C:\Program Files\Common Files\INCA Shared
    2014-01-06 20:52:40 -------- d-----w- C:\Windows\64467D47FFE44FBCABBAA0DB829A17EB.TMP
    2014-01-05 02:41:46 -------- d-----w- C:\Users\BJ\AppData\Local\Macromedia
    2014-01-04 23:13:49 -------- d-----w- C:\Users\BJ\AppData\Local\Diagnostics
    2014-01-03 13:01:20 -------- d-----w- C:\Users\BJ\AppData\Local\VirtualStore
    2014-01-02 23:10:26 -------- d-----w- C:\Users\BJ\AppData\Local\The Lord of the Rings Online
    2014-01-02 23:08:19 -------- d-----w- C:\Users\BJ\AppData\Local\Turbine
    2014-01-02 21:38:25 -------- d-----w- C:\Users\BJ\AppData\Roaming\Comodo
    2014-01-02 19:28:05 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
    2014-01-02 17:42:57 117464 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-01-02 17:00:19 -------- d-----w- C:\ProgramData\Sophos
    2014-01-02 14:51:04 -------- d-sh--w- C:\$RECYCLE.BIN
    2014-01-02 14:37:25 98816 ----a-w- C:\Windows\sed.exe
    2014-01-02 14:37:25 256000 ----a-w- C:\Windows\PEV.exe
    2014-01-02 14:37:25 208896 ----a-w- C:\Windows\MBR.exe
    2014-01-01 16:11:37 76888 ----a-w- C:\Windows\System32\PnkBstrA.exe
    2014-01-01 15:54:33 -------- d-----w- C:\ProgramData\ParetoLogic
    2013-12-25 17:16:54 647280 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
    .
    ==================== Find3M ====================
    .
    2014-01-04 21:56:36 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2014-01-03 14:08:00 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2013-12-06 22:49:18 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
    2013-12-06 22:44:26 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
    2013-12-06 22:08:46 157736 ----a-w- C:\Windows\System32\amdhcp64.dll
    2013-12-06 22:08:22 142304 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
    2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\atimpc64.dll
    2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
    2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2013-12-06 22:04:10 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
    2013-12-06 22:03:46 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2013-12-06 22:03:00 115512 ----a-w- C:\Windows\System32\atiu9p64.dll
    2013-12-06 22:02:38 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2013-12-06 22:01:52 1318552 ----a-w- C:\Windows\System32\aticfx64.dll
    2013-12-06 22:01:04 1100216 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2013-12-06 22:00:16 9753752 ----a-w- C:\Windows\System32\atidxx64.dll
    2013-12-06 21:59:50 8406024 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2013-12-06 21:59:00 8287008 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2013-12-06 21:58:10 6630232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2013-12-06 21:57:20 8927704 ----a-w- C:\Windows\System32\atiumd6a.dll
    2013-12-06 21:56:54 7751920 ----a-w- C:\Windows\System32\atiumd64.dll
    2013-12-06 21:52:14 13207552 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2013-12-06 21:38:52 230912 ----a-w- C:\Windows\System32\clinfo.exe
    2013-12-06 21:38:34 99840 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2013-12-06 21:38:28 83968 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2013-12-06 21:38:22 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
    2013-12-06 21:38:18 73728 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2013-12-06 21:37:58 29382144 ----a-w- C:\Windows\System32\amdocl64.dll
    2013-12-06 21:35:36 24860160 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2013-12-06 21:33:28 63488 ----a-w- C:\Windows\System32\OpenCL.dll
    2013-12-06 21:33:24 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2013-12-06 21:26:44 129536 ----a-w- C:\Windows\System32\coinst_13.251.dll
    2013-12-06 21:16:40 26352128 ----a-w- C:\Windows\System32\atio6axx.dll
    2013-12-06 21:13:02 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
    2013-12-06 21:12:52 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
    2013-12-06 21:12:50 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2013-12-06 21:12:42 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
    2013-12-06 21:12:40 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2013-12-06 21:12:26 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
    2013-12-06 21:09:18 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2013-12-06 20:58:50 22157824 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2013-12-06 20:53:18 442368 ----a-w- C:\Windows\System32\atidemgy.dll
    2013-12-06 20:53:10 31232 ----a-w- C:\Windows\System32\atimuixx.dll
    2013-12-06 20:53:04 588288 ----a-w- C:\Windows\System32\atieclxx.exe
    2013-12-06 20:52:10 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
    2013-12-06 20:50:36 190976 ----a-w- C:\Windows\System32\atitmm64.dll
    2013-12-06 20:22:54 96256 ----a-w- C:\Windows\System32\amdave64.dll
    2013-12-06 20:22:48 90112 ----a-w- C:\Windows\SysWow64\amdave32.dll
    2013-12-06 20:22:42 1144320 ----a-w- C:\Windows\System32\atiadlxx.dll
    2013-12-06 20:22:38 89088 ----a-w- C:\Windows\System32\atisamu64.dll
    2013-12-06 20:22:34 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll
    2013-12-06 20:22:28 825344 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2013-12-06 20:22:12 74752 ----a-w- C:\Windows\System32\atig6pxx.dll
    2013-12-06 20:22:08 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2013-12-06 20:22:08 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
    2013-12-06 20:22:04 100352 ----a-w- C:\Windows\System32\atig6txx.dll
    2013-12-06 20:21:54 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2013-12-06 20:21:44 626176 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2013-12-06 20:18:12 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2013-11-29 16:34:39 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
    2013-11-14 17:38:18 709144 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
    2013-11-14 11:38:02 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
    2013-11-13 23:21:57 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2006-07-06 23:42:52 54272 ----a-w- C:\Program Files (x86)\win32pad.exe
    .
    ============= FINISH: 17:08:24.94 ===============

    Edited by spiderbug2, 16 January 2014 - 06:39 PM.


    #10 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:06:35 AM

    Posted 18 January 2014 - 07:21 AM

    Hello, spiderbug2.
     
    Ok, good news.  Your log appears clean.  Let's clean up our mess.  If your computer is running well; please do the steps listed below.  At the end, I've also listed a few completely optional things you can do to further secure your computer.  Safe surfing!
     
     
     
    Step 1
     
     
    I see you still have not removed either Microsoft Security Essentials or COMODO Antivirus.  Please see my previous warnings about having more than one antivirus installed.  It's not a good idea.
     
     
     
     
     
    Step 2
     
     
     
    Uninstall ComboFix and Clean Up
    Click Start > Run and type combofix /Uninstall click OK (Note the space between combofix and /Uninstall)  See below:
    CF_Uninstall-1.jpg
    Please advise if this step is missed for any reason as it performs some important actions.
     
    Download and Run OTC
     
    We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • If that link doesn't work, try this one.
  • Double click OTC_Icon.jpgicon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  •  
     
     
    Step 3
     
     
    Make sure that C:\FRST is deleted.  You can also delete any other tools or log files remaining.
     
    If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it.  See the instructions here to do so.
     
     
    Optional Items
     
    Please take the time to read below to secure your machine and take the necessary steps to keep it that way.
     
     
     
     
    Protect yourself from malicious sites
     
    The HOSTS file can protect you from connecting to bad sites.  See The Hosts File and what it can do for you for more background.
     
     
     
     
    Keep Windows Up to Date
    It is important that you visit http://www.windowsupdate.com regularly.  This will ensure your computer has always the latest security updates available installed on your computer.  If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
     
     
     
    Update your AntiVirus Software
     
    It is imperative that you update your Antivirus software at least once a week (Even more if you wish).  If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.  If you use a commercial antivirus program you must make sure you keep renewing your subscription.  Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.
     
     
    Make sure your applications have all of their updates
     
    It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.  You can check these by visiting Secunia Software Inspector and Calendar of Updates.
     
     
     
     
     
     
    Update all these programs regularly
    Make sure you update all your programs regularly.  Without regular updates you WILL NOT be protected when new malicious programs are released.  You can use Secunia PSI to keep track of necessary updates. It can run in the background and constantly monitor your software; although I just run it once a week manually.  It will alert you when an update is available for a variety of software.  It is very useful.
     
    Follow this list and your potential for being infected again will reduce dramatically.
     
    Good luck!
     
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #11 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:06:35 AM

    Posted 26 January 2014 - 01:46 PM

    It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #12 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:06:35 AM

    Posted 26 January 2014 - 01:46 PM

    It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users