Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Virus - Background Commercials - High CPU Usage - BSODs


  • This topic is locked This topic is locked
29 replies to this topic

#1 DevDep

DevDep

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 15 April 2014 - 05:45 PM

Hey all, so I have talked to my dad and found out I have a virus.  My PC has started to BSOD along with high CPU usage and background advertisements going on.  He shared his thread with me and I have started to take the steps necessary to get this fixed and want to make sure I do it correctly.  I have completed up to Step 6 in the Prep Guide Before Using Malware Removal Tools and Requesting Help to get to this point.  Any help would be greatly appreciated, my dad talked you all up so I am confident in the ability of everyone's work!  Thanks ahead of time!!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476
Run by Devin at 18:34:38 on 2014-04-15
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.8174.5042 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\rundll32.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_168_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3321459&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPE941DED1-3B0B-4D17-B621-218243A8DB05&SSPV=
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_168_ActiveX.exe -update activex
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
Trusted Zone: clonewarsadventures.com
Trusted Zone: dell.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R?2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1593632]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 MpKsl3b76b6fd;MpKsl3b76b6fd;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9F9177ED-959C-40C8-BE4A-BA44CF6CBF11}\MpKsl3b76b6fd.sys [2014-4-15 45352]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-4 16941856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-23 411936]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-9-7 2655768]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-6-8 406056]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-3-23 39200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-15 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-15 857912]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-4-7 49152]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-4-15 25816]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2013-9-6 31152]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-18 1255736]
.
=============== Created Last 30 ================
.
2014-04-15 22:28:50 45352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9F9177ED-959C-40C8-BE4A-BA44CF6CBF11}\MpKsl3b76b6fd.sys
2014-04-15 21:59:59 -------- d-sh--w- C:\$RECYCLE.BIN
2014-04-15 21:28:57 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9F9177ED-959C-40C8-BE4A-BA44CF6CBF11}\offreg.dll
2014-04-15 21:25:24 98816 ----a-w- C:\Windows\sed.exe
2014-04-15 21:25:24 256000 ----a-w- C:\Windows\PEV.exe
2014-04-15 21:25:24 208896 ----a-w- C:\Windows\MBR.exe
2014-04-15 21:11:39 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-15 21:10:35 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-15 21:10:35 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-04-15 21:10:35 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-04-15 21:10:35 -------- d-----w- C:\ProgramData\Malwarebytes
2014-04-15 21:10:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-15 21:01:26 10521840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9F9177ED-959C-40C8-BE4A-BA44CF6CBF11}\mpengine.dll
2014-04-08 22:01:13 10521840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-04 02:57:25 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7B52FF44-2A2D-4141-A964-6B05500F638E}\gapaengine.dll
2014-03-29 17:26:38 -------- d-sh--w- C:\$$PendingFiles
2014-03-23 23:34:00 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-03-22 02:14:13 -------- d-----w- C:\Users\Devin\AppData\Roaming\Milestone
2014-03-20 09:31:28 59904 ---ha-w- C:\Windows\zlib1.dll
2014-03-20 09:31:28 12800 ---ha-w- C:\Windows\aplib64.dll
2014-03-20 09:31:28 11264 ---ha-w- C:\Windows\aplib.dll
2014-03-20 09:31:25 228864 ---ha-w- C:\Windows\client.dll
.
==================== Find3M  ====================
.
2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll
2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-03-04 13:05:53 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-02-05 09:31:00 1048152 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-02-05 09:30:41 1179576 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 18:37:48.00 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 PM

Posted 16 April 2014 - 05:35 AM






Hello DevDep

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
.



search for file

I need to find out some more information about one of the files on the computer

Please run FRST like you did before but this time I would like you to

Type the following in the edit box after "Search:".

rpcss.dll

It then should look like:

Search: rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.



When you reply to me it should be with 3 reports

FRST.txt
addition.txt
search.txt



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 DevDep

DevDep
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 16 April 2014 - 10:43 AM

Hey Gringo!  Thanks for the timely reply and your help ahead of time.  Here are the first two files you requested.  I do have one question, in your directions you mention to NOT attach any files and just copy and paste to make it easier, I then see the word "Attach" for my second log you requested "Addition.txt".  I copy and pasted it instead of attaching it to the post, would you like me to actually "attach" files when you request to "attach" them to the post? I did both this time just in case. Thanks!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 01
Ran by Devin (administrator) on DEVIN-PC on 16-04-2014 11:36:23
Running from C:\Users\Devin\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_168_ActiveX.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_168_ActiveX.exe [701296 2013-02-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-3636146119-3856516131-4203037938-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-3636146119-3856516131-4203037938-1000\...\Policies\system: [DisableLockWorkstation] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3321459&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPE941DED1-3B0B-4D17-B621-218243A8DB05&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDBFD80E3A6AACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3321459&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPE941DED1-3B0B-4D17-B621-218243A8DB05&q={searchTerms}&SSPV=
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3321459&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPE941DED1-3B0B-4D17-B621-218243A8DB05&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3321459&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPE941DED1-3B0B-4D17-B621-218243A8DB05&q={searchTerms}&SSPV=
SearchScopes: HKCU - {BBB8D162-49A1-4382-B28E-4CECF0542A77} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=599486&p={searchTerms}
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF HKCU\...\Firefox\Extensions: [uc@uc.com] - C:\Program Files (x86)\Unfriend Checker\FF\

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: mysearch.avg.com
CHR DefaultSearchProvider: AVG Secure Search
CHR DefaultSearchURL: http://mysearch.avg.com/search?cid={4AFB1250-BDF8-4C68-BDA8-DB1B6A88B571}&mid=8e0e543b08a947d3bb80a9628d4a6c45-2f9c8f0a4e37fa1114267f516baba995b3463b19&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-08 18:34:33&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

==================== Services (Whitelisted) =================

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-10] ()

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R1 MpKslc85512f2; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9F9177ED-959C-40C8-BE4A-BA44CF6CBF11}\MpKslc85512f2.sys [45352 2014-04-16] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2013-09-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-16 11:36 - 2014-04-16 11:36 - 02158080 _____ (Farbar) C:\Users\Devin\Desktop\FRST64.exe
2014-04-16 11:36 - 2014-04-16 11:36 - 00010414 _____ () C:\Users\Devin\Desktop\FRST.txt
2014-04-16 11:36 - 2014-04-16 11:36 - 00000000 ____D () C:\FRST
2014-04-15 19:19 - 2014-04-15 19:19 - 00291616 _____ () C:\Windows\Minidump\041514-41558-01.dmp
2014-04-15 18:37 - 2014-04-15 18:40 - 00016690 _____ () C:\Users\Devin\Desktop\attach.txt
2014-04-15 18:37 - 2014-04-15 18:39 - 00009903 _____ () C:\Users\Devin\Desktop\dds.txt
2014-04-15 18:33 - 2014-04-15 18:34 - 00688992 ____R (Swearware) C:\Users\Devin\Downloads\dds.com
2014-04-15 18:27 - 2014-04-15 18:27 - 00291584 _____ () C:\Windows\Minidump\041514-44772-01.dmp
2014-04-15 18:18 - 2014-04-15 18:19 - 00688992 _____ (Swearware) C:\Users\Devin\Downloads\dds_com (1)
2014-04-15 18:04 - 2014-04-15 18:05 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Devin\Downloads\cbSetup_exe
2014-04-15 17:44 - 2014-04-15 17:44 - 00016443 _____ () C:\ComboFix.txt
2014-04-15 17:27 - 2014-04-15 17:27 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Devin\Desktop\rkill.com
2014-04-15 17:25 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-15 17:25 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-15 17:25 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-15 17:25 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-15 17:25 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-15 17:25 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-15 17:25 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-15 17:25 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-15 17:24 - 2014-04-15 17:59 - 00000000 ____D () C:\Qoobox
2014-04-15 17:23 - 2014-04-15 17:42 - 00000000 ____D () C:\Windows\erdnt
2014-04-15 17:11 - 2014-04-16 11:32 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-15 17:10 - 2014-04-15 17:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-15 17:10 - 2014-04-15 17:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-15 17:10 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-15 17:10 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-15 17:10 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-08 20:07 - 2014-04-15 19:19 - 646863697 _____ () C:\Windows\MEMORY.DMP
2014-04-08 20:07 - 2014-04-08 20:07 - 00291576 _____ () C:\Windows\Minidump\040814-39000-01.dmp
2014-04-04 16:01 - 2014-04-04 16:01 - 00886288 _____ (Microsoft Corporation) C:\Users\Devin\Desktop\mssstool64.exe
2014-04-02 00:36 - 2014-04-16 11:36 - 00000079 _____ () C:\Windows\system32\ykzwyhm.bul
2014-04-02 00:26 - 2014-04-02 00:26 - 00000064 _____ () C:\Windows\system32\fsmxej.npm
2014-04-02 00:26 - 2014-04-02 00:26 - 00000000 _____ () C:\Windows\system32\gkjs.aal
2014-04-02 00:10 - 2014-04-02 00:10 - 00299344 ____S () C:\Windows\system32\vcva.ytb
2014-03-31 01:12 - 2014-04-16 11:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-31 01:12 - 2014-04-15 19:17 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-31 01:12 - 2014-03-31 01:12 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-31 01:12 - 2014-03-31 01:12 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 13:26 - 2014-03-29 13:26 - 00000000 __SHD () C:\$$PendingFiles
2014-03-23 19:34 - 2014-03-23 19:34 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-23 19:34 - 2014-03-04 07:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-03-23 19:29 - 2014-03-04 10:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-23 19:29 - 2014-03-04 10:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-23 19:29 - 2014-03-04 10:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-23 19:29 - 2014-03-04 10:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-23 19:29 - 2014-03-04 10:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-23 19:29 - 2014-03-04 10:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-23 19:29 - 2014-03-04 10:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-23 19:29 - 2014-03-04 10:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-23 19:29 - 2014-03-04 10:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-23 19:29 - 2014-03-04 10:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-23 19:29 - 2014-03-04 10:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-23 19:29 - 2014-03-04 10:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-23 19:29 - 2014-03-04 10:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-23 19:29 - 2014-03-04 10:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-23 19:29 - 2014-03-04 10:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-23 19:29 - 2014-03-04 10:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-23 19:29 - 2014-03-04 10:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-23 19:29 - 2014-03-04 10:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-23 19:29 - 2014-03-04 10:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-23 19:29 - 2014-03-04 10:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-23 19:29 - 2014-03-04 10:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-23 19:29 - 2014-03-04 10:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-23 19:29 - 2014-03-04 10:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-23 19:29 - 2014-03-04 10:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-23 19:29 - 2013-12-27 14:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-03-23 19:29 - 2013-12-27 14:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-03-23 19:03 - 2014-03-23 19:23 - 232480872 _____ (NVIDIA Corporation) C:\Users\Devin\Desktop\335.23-desktop-win8-win7-winvista-64bit-english-whql.exe
2014-03-23 18:36 - 2014-03-23 18:36 - 00000000 ____D () C:\Users\Devin\Desktop\memtest86+-5.01.iso
2014-03-23 18:35 - 2014-03-23 18:35 - 00059435 _____ () C:\Users\Devin\Desktop\memtest86+-5.01.iso.zip
2014-03-21 22:14 - 2014-03-21 22:14 - 00000000 ____D () C:\Users\Devin\AppData\Roaming\Milestone
2014-03-20 05:31 - 2014-03-20 05:31 - 00228864 ____H () C:\Windows\client.dll
2014-03-20 05:31 - 2014-03-20 05:31 - 00059904 ____H () C:\Windows\zlib1.dll
2014-03-20 05:31 - 2014-03-20 05:31 - 00012800 ____H () C:\Windows\aplib64.dll
2014-03-20 05:31 - 2014-03-20 05:31 - 00011264 ____H () C:\Windows\aplib.dll

==================== One Month Modified Files and Folders =======

2014-04-16 11:36 - 2014-04-16 11:36 - 02158080 _____ (Farbar) C:\Users\Devin\Desktop\FRST64.exe
2014-04-16 11:36 - 2014-04-16 11:36 - 00010414 _____ () C:\Users\Devin\Desktop\FRST.txt
2014-04-16 11:36 - 2014-04-16 11:36 - 00000000 ____D () C:\FRST
2014-04-16 11:36 - 2014-04-02 00:36 - 00000079 _____ () C:\Windows\system32\ykzwyhm.bul
2014-04-16 11:35 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 11:35 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 11:33 - 2013-02-19 11:02 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-16 11:33 - 2013-02-17 14:28 - 01836832 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 11:32 - 2014-04-15 17:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 11:32 - 2014-03-31 01:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-16 11:32 - 2009-07-14 01:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-16 11:26 - 2013-02-18 12:42 - 00130941 _____ () C:\Windows\setupact.log
2014-04-16 11:26 - 2013-02-17 12:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-16 11:26 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-15 19:19 - 2014-04-15 19:19 - 00291616 _____ () C:\Windows\Minidump\041514-41558-01.dmp
2014-04-15 19:19 - 2014-04-08 20:07 - 646863697 _____ () C:\Windows\MEMORY.DMP
2014-04-15 19:19 - 2013-02-17 12:43 - 00000000 ____D () C:\Windows\Minidump
2014-04-15 19:17 - 2014-03-31 01:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-15 18:40 - 2014-04-15 18:37 - 00016690 _____ () C:\Users\Devin\Desktop\attach.txt
2014-04-15 18:39 - 2014-04-15 18:37 - 00009903 _____ () C:\Users\Devin\Desktop\dds.txt
2014-04-15 18:34 - 2014-04-15 18:33 - 00688992 ____R (Swearware) C:\Users\Devin\Downloads\dds.com
2014-04-15 18:27 - 2014-04-15 18:27 - 00291584 _____ () C:\Windows\Minidump\041514-44772-01.dmp
2014-04-15 18:27 - 2013-02-17 12:43 - 00052138 _____ () C:\Windows\PFRO.log
2014-04-15 18:24 - 2014-03-07 21:40 - 00000000 ____D () C:\Users\Devin\AppData\Roaming\uTorrent
2014-04-15 18:19 - 2014-04-15 18:18 - 00688992 _____ (Swearware) C:\Users\Devin\Downloads\dds_com (1)
2014-04-15 18:19 - 2013-02-17 12:26 - 00000000 ____D () C:\Users\Devin\AppData\Local\Apps\2.0
2014-04-15 18:05 - 2014-04-15 18:04 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Devin\Downloads\cbSetup_exe
2014-04-15 17:59 - 2014-04-15 17:24 - 00000000 ____D () C:\Qoobox
2014-04-15 17:59 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-04-15 17:44 - 2014-04-15 17:44 - 00016443 _____ () C:\ComboFix.txt
2014-04-15 17:42 - 2014-04-15 17:23 - 00000000 ____D () C:\Windows\erdnt
2014-04-15 17:42 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-15 17:27 - 2014-04-15 17:27 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Devin\Desktop\rkill.com
2014-04-15 17:24 - 2009-07-14 01:08 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-15 17:10 - 2014-04-15 17:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-15 17:10 - 2014-04-15 17:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-15 16:59 - 2013-02-17 12:26 - 00000000 ____D () C:\Users\Devin\AppData\Local\Deployment
2014-04-08 20:07 - 2014-04-08 20:07 - 00291576 _____ () C:\Windows\Minidump\040814-39000-01.dmp
2014-04-08 19:52 - 2013-12-16 19:39 - 00000000 ____D () C:\Users\Devin\AppData\Local\DayZ
2014-04-08 18:36 - 2013-03-26 01:25 - 00000000 ____D () C:\Users\Devin\AppData\Roaming\TS3Client
2014-04-07 15:25 - 2013-12-13 15:40 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-04-04 16:01 - 2014-04-04 16:01 - 00886288 _____ (Microsoft Corporation) C:\Users\Devin\Desktop\mssstool64.exe
2014-04-03 09:51 - 2014-04-15 17:10 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-15 17:10 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-15 17:10 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 01:52 - 2013-02-17 12:41 - 00000000 ____D () C:\ProgramData\Origin
2014-04-02 01:51 - 2013-02-19 01:37 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-04-02 00:26 - 2014-04-02 00:26 - 00000064 _____ () C:\Windows\system32\fsmxej.npm
2014-04-02 00:26 - 2014-04-02 00:26 - 00000000 _____ () C:\Windows\system32\gkjs.aal
2014-04-02 00:10 - 2014-04-02 00:10 - 00299344 ____S () C:\Windows\system32\vcva.ytb
2014-04-01 22:21 - 2013-03-26 00:45 - 00000000 ____D () C:\Users\Devin\AppData\Local\TeamSpeak 3 Client
2014-03-31 01:12 - 2014-03-31 01:12 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-31 01:12 - 2014-03-31 01:12 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 13:26 - 2014-03-29 13:26 - 00000000 __SHD () C:\$$PendingFiles
2014-03-29 13:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-03-29 13:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-29 09:29 - 2013-02-17 11:35 - 00000000 ____D () C:\Users\Devin
2014-03-23 19:36 - 2013-11-04 03:58 - 00001357 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-03-23 19:35 - 2013-02-17 11:46 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-23 19:34 - 2014-03-23 19:34 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-23 19:23 - 2014-03-23 19:03 - 232480872 _____ (NVIDIA Corporation) C:\Users\Devin\Desktop\335.23-desktop-win8-win7-winvista-64bit-english-whql.exe
2014-03-23 19:14 - 2013-03-16 15:34 - 00000000 ____D () C:\Users\Devin\AppData\Local\PMB Files
2014-03-23 19:02 - 2014-01-08 00:12 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-23 19:02 - 2013-09-05 22:27 - 00003232 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-03-23 18:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-23 18:50 - 2014-01-17 01:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-03-23 18:36 - 2014-03-23 18:36 - 00000000 ____D () C:\Users\Devin\Desktop\memtest86+-5.01.iso
2014-03-23 18:35 - 2014-03-23 18:35 - 00059435 _____ () C:\Users\Devin\Desktop\memtest86+-5.01.iso.zip
2014-03-21 23:33 - 2013-09-05 22:16 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-21 23:30 - 2014-02-08 19:35 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-03-21 22:14 - 2014-03-21 22:14 - 00000000 ____D () C:\Users\Devin\AppData\Roaming\Milestone
2014-03-20 05:31 - 2014-03-20 05:31 - 00228864 ____H () C:\Windows\client.dll
2014-03-20 05:31 - 2014-03-20 05:31 - 00059904 ____H () C:\Windows\zlib1.dll
2014-03-20 05:31 - 2014-03-20 05:31 - 00012800 ____H () C:\Windows\aplib64.dll
2014-03-20 05:31 - 2014-03-20 05:31 - 00011264 ____H () C:\Windows\aplib.dll
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-07-13 20:00] - [2009-07-13 21:41] - 0514048 ____A (Microsoft Corporation) 7D3CDB7772D4E9D463A81040B783FB12

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

LastRegBack: 2014-03-30 12:25

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-04-2014 01
Ran by Devin at 2014-04-16 11:36:50
Running from C:\Users\Devin\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.6.602.168 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
ArcGIS Desktop 10 (HKLM-x32\...\ArcGIS Desktop 10) (Version: 10.0.2414 - Environmental Systems Research Institute, Inc.)
ArcGIS Desktop 10 (x32 Version: 10.0.2414 - Environmental Systems Research Institute, Inc.) Hidden
AVG 2014 (Version: 14.0.3722 - AVG Technologies) Hidden
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 14.2.4.1 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
CPUID HWMonitor 1.24 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Dell System Detect Bootstrapper (HKCU\...\8e3135b376bd523e) (Version: 5.1.0.41 - Dell)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 3.59 - Happy Cloud, Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.13.85 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
SaveValet IE - Stop overpaying!  Instantly get the lowest price and best deals right as you shop. (HKLM-x32\...\SaveValet_IE) (Version: 1.7.9.48 - Save Valet, LLC)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.0.3 - Electronic Arts)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
War Thunder Launcher 1.0.1.199 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2012 Gaijin Entertainment Corporation)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version:  - Relic Entertainment)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)

==================== Restore Points  =========================

23-03-2014 22:49:24 Removed Microsoft Games for Windows - LIVE
23-03-2014 22:50:47 Removed Windows Live ID Sign-in Assistant
23-03-2014 23:35:28 Installed DirectX
25-03-2014 04:22:21 Windows Update
29-03-2014 13:42:42 Windows Update
02-04-2014 00:08:03 Windows Update
07-04-2014 13:49:35 Windows Update
15-04-2014 21:00:46 Windows Update
15-04-2014 22:09:18 Windows Backup
15-04-2014 22:10:26 Windows Backup
15-04-2014 22:15:56 Windows Backup
15-04-2014 22:32:27 Windows Backup

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-04-15 17:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {64E52AC2-8086-431A-BC82-4634E66B79D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-17] (Google Inc.)
Task: {6A6AD25B-B0F1-4AF4-9335-47DCC64DEEF6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {87863A8C-9F82-4878-9AD4-7C3287463484} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-17] (Google Inc.)
Task: {BAD0F313-9D63-426F-9F97-943341890F76} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-02-17 12:32 - 2014-03-04 09:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-02-19 12:55 - 2013-11-10 02:43 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2014 11:33:06 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/15/2014 06:31:34 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/15/2014 04:59:55 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/08/2014 08:26:17 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/08/2014 08:09:29 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/08/2014 07:51:36 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/08/2014 05:52:05 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/08/2014 10:22:21 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/08/2014 10:15:38 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/07/2014 11:17:19 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

System errors:
=============
Error: (04/16/2014 11:26:44 AM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (04/15/2014 07:20:16 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (04/15/2014 07:19:57 PM) (Source: BugCheck) (User: )
Description: 0x0000001e (0xffffffffc0000005, 0xfffff800032a09cb, 0x0000000000000000, 0x000000007efa0000)C:\Windows\MEMORY.DMP041514-41558-01

Error: (04/15/2014 07:19:57 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:17:36 PM on ‎4/‎15/‎2014 was unexpected.

Error: (04/15/2014 06:28:35 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (04/15/2014 06:28:03 PM) (Source: BugCheck) (User: )
Description: 0x0000001e (0xffffffffc0000005, 0xfffff8000357b8ba, 0x0000000000000001, 0x0000000000000018)C:\Windows\MEMORY.DMP041514-44772-01

Error: (04/15/2014 06:28:02 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:25:42 PM on ‎4/‎15/‎2014 was unexpected.

Error: (04/15/2014 05:42:00 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (04/15/2014 05:41:04 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/15/2014 05:34:55 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Microsoft Office Sessions:
=========================
Error: (04/16/2014 11:33:06 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/15/2014 06:31:34 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/15/2014 04:59:55 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/08/2014 08:26:17 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/08/2014 08:09:29 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/08/2014 07:51:36 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/08/2014 05:52:05 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/08/2014 10:22:21 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/08/2014 10:15:38 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/07/2014 11:17:19 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

CodeIntegrity Errors:
===================================
  Date: 2014-04-15 17:41:04.684
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-15 17:41:04.651
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 8174.46 MB
Available physical RAM: 5285.21 MB
Total Pagefile: 16347.05 MB
Available Pagefile: 13412.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:452.09 GB) (Free:143.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.66 GB) (Free:6.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 3FD32B17)
Partition 1: (Active) - (Size=452 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

Farbar Recovery Scan Tool (x64) Version: 16-04-2014 01
Ran by Devin at 2014-04-16 11:40:14
Running from C:\Users\Devin\Desktop
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 20:00] - [2009-07-13 21:41] - 0509440 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\rpcss.dll
[2009-07-13 20:00] - [2009-07-13 21:41] - 0514048 ____A (Microsoft Corporation) 7D3CDB7772D4E9D463A81040B783FB12

C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2013-02-18 14:27] - [2010-11-20 09:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

====== End Of Search ======

 

 

 

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 PM

Posted 16 April 2014 - 11:44 AM

Hello DevDep



I need you to download this script I have made for you -->Attached File  fixlist.txt   700bytes   8 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 DevDep

DevDep
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 16 April 2014 - 11:16 PM

Hey Gringo!  Thanks again for the help, I just ran the "Fix" option in the FRST program and was informed my computer would reset itself - after the reset my PC powered back up to a black screen where my mouse cursor is visible and nothing else.  I can move my mouse around although there is virtually nothing to interact with and nothing I can do besides turn my PC off manually by pressing the power button.  It has been in this mode for about 15 minutes now and hopefully I can wait out a reply to see what I should do, or if this is part of the "Fix" process.  Thanks ahead of time! If my system starts itself back up I will edit this post to include the "Fixlog"

 

 

****Update: My system shut down while I was AFK for a few minutes, upon turning it back on I was sent to the same screen as mentioned before.  At this point it seems as if the PC will not boot to my login screen at all.  I'll keep my eyes open for a reply to see what steps need to be taken.


Edited by DevDep, 16 April 2014 - 11:26 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 PM

Posted 17 April 2014 - 07:48 AM


Hello DevDep,

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First Press the Scan button.
  • It will make a log (FRST.txt)
I want you to poste the FRST.txt report into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 DevDep

DevDep
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 17 April 2014 - 11:32 PM

Gringo, here is the .txt file you requested:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by SYSTEM on MININT-N3QSOT5 on 18-04-2014 00:26:04
Running from J:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\RunOnce: [*FRST] - "C:\Users\Devin\Desktop\FRST64.exe" [2158592 2014-04-16] (Farbar)
HKU\Devin\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\Devin\...\Policies\system: [DisableLockWorkstation] 0
 
==================== Services (Whitelisted) =================
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-28] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-09] ()
S2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [X]
S2 RpcSs; %SystemRoot%\system32\rpcss.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2013-09-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-16 20:05 - 2014-04-16 20:05 - 00000000 ____D () C:\Users\Devin\Desktop\FRST-OlderVersion
2014-04-16 07:40 - 2014-04-16 07:41 - 00000906 _____ () C:\Users\Devin\Desktop\Search.txt
2014-04-16 07:36 - 2014-04-18 00:26 - 00000000 ____D () C:\FRST
2014-04-16 07:36 - 2014-04-16 20:05 - 02158592 _____ (Farbar) C:\Users\Devin\Desktop\FRST64.exe
2014-04-16 07:36 - 2014-04-16 07:37 - 00026451 _____ () C:\Users\Devin\Desktop\FRST.txt
2014-04-16 07:36 - 2014-04-16 07:37 - 00020067 _____ () C:\Users\Devin\Desktop\Addition.txt
2014-04-15 15:19 - 2014-04-15 15:19 - 00291616 _____ () C:\Windows\Minidump\041514-41558-01.dmp
2014-04-15 14:37 - 2014-04-15 14:40 - 00016690 _____ () C:\Users\Devin\Desktop\attach.txt
2014-04-15 14:37 - 2014-04-15 14:39 - 00009903 _____ () C:\Users\Devin\Desktop\dds.txt
2014-04-15 14:33 - 2014-04-15 14:34 - 00688992 ____R (Swearware) C:\Users\Devin\Downloads\dds.com
2014-04-15 14:27 - 2014-04-15 14:27 - 00291584 _____ () C:\Windows\Minidump\041514-44772-01.dmp
2014-04-15 14:18 - 2014-04-15 14:19 - 00688992 _____ (Swearware) C:\Users\Devin\Downloads\dds_com (1)
2014-04-15 14:04 - 2014-04-15 14:05 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Devin\Downloads\cbSetup_exe
2014-04-15 13:44 - 2014-04-15 13:44 - 00016443 _____ () C:\ComboFix.txt
2014-04-15 13:27 - 2014-04-15 13:27 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Devin\Desktop\rkill.com
2014-04-15 13:25 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-15 13:25 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-15 13:25 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-15 13:25 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-15 13:25 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-15 13:25 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-15 13:25 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-15 13:25 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-15 13:24 - 2014-04-15 13:59 - 00000000 ____D () C:\Qoobox
2014-04-15 13:23 - 2014-04-15 13:42 - 00000000 ____D () C:\Windows\erdnt
2014-04-15 13:11 - 2014-04-16 19:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-04-15 13:10 - 2014-04-15 13:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-15 13:10 - 2014-04-15 13:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-15 13:10 - 2014-04-03 05:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-15 13:10 - 2014-04-03 05:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-04-15 13:10 - 2014-04-03 05:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-04-08 16:07 - 2014-04-15 15:19 - 646863697 _____ () C:\Windows\MEMORY.DMP
2014-04-08 16:07 - 2014-04-08 16:07 - 00291576 _____ () C:\Windows\Minidump\040814-39000-01.dmp
2014-04-04 12:01 - 2014-04-04 12:01 - 00886288 _____ (Microsoft Corporation) C:\Users\Devin\Desktop\mssstool64.exe
2014-03-30 21:12 - 2014-04-16 19:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-30 21:12 - 2014-04-16 08:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-30 21:12 - 2014-03-30 21:12 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 21:12 - 2014-03-30 21:12 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 09:26 - 2014-03-29 09:26 - 00000000 __SHD () C:\$$PendingFiles
2014-03-23 15:34 - 2014-03-23 15:34 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-23 15:34 - 2014-03-04 03:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-03-23 15:29 - 2014-03-04 06:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2014-03-23 15:29 - 2014-03-04 06:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-23 15:29 - 2014-03-04 06:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2014-03-23 15:29 - 2014-03-04 06:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-23 15:29 - 2014-03-04 06:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2014-03-23 15:29 - 2014-03-04 06:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2014-03-23 15:29 - 2014-03-04 06:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2014-03-23 15:29 - 2014-03-04 06:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-23 15:29 - 2014-03-04 06:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-23 15:29 - 2014-03-04 06:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2014-03-23 15:29 - 2014-03-04 06:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-23 15:29 - 2014-03-04 06:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2014-03-23 15:29 - 2014-03-04 06:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-23 15:29 - 2014-03-04 06:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433523.dll
2014-03-23 15:29 - 2014-03-04 06:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433523.dll
2014-03-23 15:29 - 2014-03-04 06:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2014-03-23 15:29 - 2014-03-04 06:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2014-03-23 15:29 - 2014-03-04 06:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-23 15:29 - 2014-03-04 06:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-23 15:29 - 2014-03-04 06:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-23 15:29 - 2014-03-04 06:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2014-03-23 15:29 - 2014-03-04 06:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-23 15:29 - 2014-03-04 06:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2014-03-23 15:29 - 2014-03-04 06:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-23 15:29 - 2013-12-27 10:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2014-03-23 15:29 - 2013-12-27 10:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-03-23 15:03 - 2014-03-23 15:23 - 232480872 _____ (NVIDIA Corporation) C:\Users\Devin\Desktop\335.23-desktop-win8-win7-winvista-64bit-english-whql.exe
2014-03-23 14:36 - 2014-03-23 14:36 - 00000000 ____D () C:\Users\Devin\Desktop\memtest86+-5.01.iso
2014-03-23 14:35 - 2014-03-23 14:35 - 00059435 _____ () C:\Users\Devin\Desktop\memtest86+-5.01.iso.zip
2014-03-21 18:14 - 2014-03-21 18:14 - 00000000 ____D () C:\Users\Devin\AppData\Roaming\Milestone
2014-03-20 01:31 - 2014-03-20 01:31 - 00228864 ____H () C:\Windows\client.dll
2014-03-20 01:31 - 2014-03-20 01:31 - 00059904 ____H () C:\Windows\zlib1.dll
2014-03-20 01:31 - 2014-03-20 01:31 - 00012800 ____H () C:\Windows\aplib64.dll
2014-03-20 01:31 - 2014-03-20 01:31 - 00011264 ____H () C:\Windows\aplib.dll
 
==================== One Month Modified Files and Folders =======
 
2014-04-18 00:26 - 2014-04-16 07:36 - 00000000 ____D () C:\FRST
2014-04-16 21:58 - 2013-02-17 08:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-16 20:31 - 2013-02-17 08:43 - 00054556 _____ () C:\Windows\PFRO.log
2014-04-16 20:06 - 2013-02-17 10:28 - 01871956 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 20:05 - 2014-04-16 20:05 - 00000000 ____D () C:\Users\Devin\Desktop\FRST-OlderVersion
2014-04-16 20:05 - 2014-04-16 07:36 - 02158592 _____ (Farbar) C:\Users\Devin\Desktop\FRST64.exe
2014-04-16 20:02 - 2009-07-13 20:45 - 00014240 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 20:02 - 2009-07-13 20:45 - 00014240 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 19:59 - 2009-07-13 21:13 - 00778834 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-16 19:55 - 2014-04-15 13:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-04-16 19:55 - 2013-02-19 07:02 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-16 19:53 - 2014-03-30 21:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-16 19:53 - 2013-02-18 08:42 - 00131109 _____ () C:\Windows\setupact.log
2014-04-16 19:52 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-16 08:18 - 2014-03-30 21:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-16 07:41 - 2014-04-16 07:40 - 00000906 _____ () C:\Users\Devin\Desktop\Search.txt
2014-04-16 07:37 - 2014-04-16 07:36 - 00026451 _____ () C:\Users\Devin\Desktop\FRST.txt
2014-04-16 07:37 - 2014-04-16 07:36 - 00020067 _____ () C:\Users\Devin\Desktop\Addition.txt
2014-04-15 15:19 - 2014-04-15 15:19 - 00291616 _____ () C:\Windows\Minidump\041514-41558-01.dmp
2014-04-15 15:19 - 2014-04-08 16:07 - 646863697 _____ () C:\Windows\MEMORY.DMP
2014-04-15 15:19 - 2013-02-17 08:43 - 00000000 ____D () C:\Windows\Minidump
2014-04-15 14:40 - 2014-04-15 14:37 - 00016690 _____ () C:\Users\Devin\Desktop\attach.txt
2014-04-15 14:39 - 2014-04-15 14:37 - 00009903 _____ () C:\Users\Devin\Desktop\dds.txt
2014-04-15 14:34 - 2014-04-15 14:33 - 00688992 ____R (Swearware) C:\Users\Devin\Downloads\dds.com
2014-04-15 14:27 - 2014-04-15 14:27 - 00291584 _____ () C:\Windows\Minidump\041514-44772-01.dmp
2014-04-15 14:24 - 2014-03-07 17:40 - 00000000 ____D () C:\Users\Devin\AppData\Roaming\uTorrent
2014-04-15 14:19 - 2014-04-15 14:18 - 00688992 _____ (Swearware) C:\Users\Devin\Downloads\dds_com (1)
2014-04-15 14:19 - 2013-02-17 08:26 - 00000000 ____D () C:\Users\Devin\AppData\Local\Apps\2.0
2014-04-15 14:05 - 2014-04-15 14:04 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Devin\Downloads\cbSetup_exe
2014-04-15 13:59 - 2014-04-15 13:24 - 00000000 ____D () C:\Qoobox
2014-04-15 13:59 - 2009-07-13 19:20 - 00000000 __RHD () C:\users\Default
2014-04-15 13:44 - 2014-04-15 13:44 - 00016443 _____ () C:\ComboFix.txt
2014-04-15 13:42 - 2014-04-15 13:23 - 00000000 ____D () C:\Windows\erdnt
2014-04-15 13:42 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-15 13:27 - 2014-04-15 13:27 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Devin\Desktop\rkill.com
2014-04-15 13:24 - 2009-07-13 21:08 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-15 13:10 - 2014-04-15 13:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-15 13:10 - 2014-04-15 13:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-15 12:59 - 2013-02-17 08:26 - 00000000 ____D () C:\Users\Devin\AppData\Local\Deployment
2014-04-08 16:07 - 2014-04-08 16:07 - 00291576 _____ () C:\Windows\Minidump\040814-39000-01.dmp
2014-04-08 15:52 - 2013-12-16 15:39 - 00000000 ____D () C:\Users\Devin\AppData\Local\DayZ
2014-04-08 14:36 - 2013-03-25 21:25 - 00000000 ____D () C:\Users\Devin\AppData\Roaming\TS3Client
2014-04-07 11:25 - 2013-12-13 11:40 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-04-04 12:01 - 2014-04-04 12:01 - 00886288 _____ (Microsoft Corporation) C:\Users\Devin\Desktop\mssstool64.exe
2014-04-03 05:51 - 2014-04-15 13:10 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-03 05:51 - 2014-04-15 13:10 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-04-03 05:50 - 2014-04-15 13:10 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-04-01 21:52 - 2013-02-17 08:41 - 00000000 ____D () C:\ProgramData\Origin
2014-04-01 21:51 - 2013-02-18 21:37 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-04-01 18:21 - 2013-03-25 20:45 - 00000000 ____D () C:\Users\Devin\AppData\Local\TeamSpeak 3 Client
2014-03-30 21:12 - 2014-03-30 21:12 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 21:12 - 2014-03-30 21:12 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 09:26 - 2014-03-29 09:26 - 00000000 __SHD () C:\$$PendingFiles
2014-03-29 09:19 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-03-29 09:19 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-29 05:29 - 2013-02-17 07:35 - 00000000 ____D () C:\users\Devin
2014-03-23 15:36 - 2013-11-03 23:58 - 00001357 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-03-23 15:35 - 2013-02-17 07:46 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-23 15:34 - 2014-03-23 15:34 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-23 15:23 - 2014-03-23 15:03 - 232480872 _____ (NVIDIA Corporation) C:\Users\Devin\Desktop\335.23-desktop-win8-win7-winvista-64bit-english-whql.exe
2014-03-23 15:14 - 2013-03-16 11:34 - 00000000 ____D () C:\Users\Devin\AppData\Local\PMB Files
2014-03-23 15:02 - 2014-01-07 20:12 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-23 15:02 - 2013-09-05 18:27 - 00003232 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-03-23 14:51 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-23 14:50 - 2014-01-16 21:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-03-23 14:36 - 2014-03-23 14:36 - 00000000 ____D () C:\Users\Devin\Desktop\memtest86+-5.01.iso
2014-03-23 14:35 - 2014-03-23 14:35 - 00059435 _____ () C:\Users\Devin\Desktop\memtest86+-5.01.iso.zip
2014-03-21 19:33 - 2013-09-05 18:16 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-21 19:30 - 2014-02-08 15:35 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-03-21 18:14 - 2014-03-21 18:14 - 00000000 ____D () C:\Users\Devin\AppData\Roaming\Milestone
2014-03-20 01:31 - 2014-03-20 01:31 - 00228864 ____H () C:\Windows\client.dll
2014-03-20 01:31 - 2014-03-20 01:31 - 00059904 ____H () C:\Windows\zlib1.dll
2014-03-20 01:31 - 2014-03-20 01:31 - 00012800 ____H () C:\Windows\aplib64.dll
2014-03-20 01:31 - 2014-03-20 01:31 - 00011264 ____H () C:\Windows\aplib.dll
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2014-03-23 14:49:36
Restore point made on: 2014-03-23 14:50:50
Restore point made on: 2014-03-23 15:35:31
Restore point made on: 2014-03-24 20:22:30
Restore point made on: 2014-03-29 05:43:20
Restore point made on: 2014-04-01 16:08:10
Restore point made on: 2014-04-07 05:49:48
Restore point made on: 2014-04-15 13:01:14
Restore point made on: 2014-04-15 14:09:22
Restore point made on: 2014-04-15 14:10:30
Restore point made on: 2014-04-15 14:15:59
Restore point made on: 2014-04-15 14:32:48
 
==================== Memory info =========================== 
 
Percentage of memory in use: 12%
Total physical RAM: 8174.46 MB
Available physical RAM: 7155.07 MB
Total Pagefile: 8172.61 MB
Available Pagefile: 7155.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:452.09 GB) (Free:142.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.66 GB) (Free:6.9 GB) NTFS
Drive j: () (Removable) (Total:0.95 GB) (Free:0.94 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 3FD32B17)
Partition 00: (Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit.
Partition 1: (Active) - (Size=452 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 971 MB) (Disk ID: 000F233E)
Partition 1: (Active) - (Size=971 MB) - (Type=06)
 
 
LastRegBack: 2014-03-30 08:25
 
==================== End Of Log ============================
 
Thanks again!


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 PM

Posted 18 April 2014 - 07:03 AM


Hello DevDep

Ok lets see if we can find a replacement for the infected file

Boot back into the recovery Environment and run FRST like you did before

Type the following in the edit box after "Search:".

rpcss.dll

It then should look like:

Search: rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 DevDep

DevDep
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 18 April 2014 - 09:54 AM

Gringo,  here is the requested information - thanks!

 

Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01
Ran by SYSTEM at 2014-04-18 10:49:45
Running from F:\
Boot Mode: Recovery
 
================== Search: "rpcss.dll" ===================
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027
 
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2013-02-18 10:27] - [2010-11-20 05:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
 
X:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027
 
X:\Windows\System32\rpcss.dll
[2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027
 
====== End Of Search ======


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 PM

Posted 18 April 2014 - 02:52 PM


Hello DevDep



Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\WINDOWS\System32\rpcss.dll
TDL4: custom:26000022 <===== ATTENTION!
CMD: bootrec /FixMbr
CMD: bootrec /fixboot
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 DevDep

DevDep
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 19 April 2014 - 02:10 PM

Hey! Here is my fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-04-2014 01
Ran by SYSTEM at 2014-04-18 20:50:26 Run:2
Running from F:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\WINDOWS\System32\rpcss.dll
TDL4: custom:26000022 <===== ATTENTION!
CMD: bootrec /FixMbr
CMD: bootrec /fixboot
*****************
 
Could not find C:\WINDOWS\System32\rpcss.dll.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll copied successfully to C:\WINDOWS\System32\rpcss.dll
 
An error occurred while attempting to delete the specified data element.
Element not found.
The operation completed successfully.
 
=========  bootrec /FixMbr =========
 
??The operation completed successfully.
 
========= End of CMD: =========
 
 
=========  bootrec /fixboot =========
 
??The operation completed successfully.
 
========= End of CMD: =========
 
 
==== End of Fixlog ====
 
 
 
 
The PC started back up and seems to be running well! CPU is looking good and no more background advertisement noises.  I will run it a little today too to see if the BSODs have ceased.  Thank You!! I am curious if i need to do anything else and also what I should do to keep my PC clean?  Thanks again!!


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 PM

Posted 19 April 2014 - 04:02 PM



Hello DevDep

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 DevDep

DevDep
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 21 April 2014 - 10:49 PM

Hey Gringo! Sorry for the delay, the Holidays kept me busy over the weekend - I hope you had a good weekend!  Here is the text requested:

 

# AdwCleaner v3.103 - Report created 21/04/2014 at 23:44:38
# Updated 21/04/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Devin - DEVIN-PC
# Running from : C:\Users\Devin\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\SocialBit

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\Devin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2297 octets] - [21/04/2014 23:43:24]
AdwCleaner[S0].txt - [2092 octets] - [21/04/2014 23:44:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2152 octets] ##########

 

 

******* When I ran JRT the program mentioned a Reset was necessary in order to remove a bad module or something along those lines, during this reset my PC crashed with a Blue Screen.... I am going to run it again to see if this happens again or if it was just a random event?

 

After the Blue Screen I ran JRT again and it succeeded in giving me this .txt file:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Devin on Tue 04/22/2014 at  0:00:40.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\savevalet_ie

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/22/2014 at  0:03:54.15
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Edited by DevDep, 21 April 2014 - 11:16 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 PM

Posted 22 April 2014 - 03:15 PM


Hello DevDep,

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 DevDep

DevDep
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 25 April 2014 - 03:26 AM

ComboFix 14-04-20.01 - Devin 04/25/2014 4:06.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8174.6691 [GMT -4:00]
Running from: c:\users\Devin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2014-03-25 to 2014-04-25 )))))))))))))))))))))))))))))))
.
.
2014-04-25 08:12 . 2014-04-25 08:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-04-25 08:12 . 2014-04-25 08:12 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2014-04-25 08:12 . 2014-04-25 08:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-24 20:18 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03915DFE-10E8-42BD-BAEB-451F474E2A06}\mpengine.dll
2014-04-23 02:38 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-22 03:50 . 2014-04-22 03:50 -------- d-----w- c:\windows\ERUNT
2014-04-22 03:43 . 2014-04-22 03:44 -------- d-----w- C:\AdwCleaner
2014-04-20 03:08 . 2014-02-21 14:00 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15ABFFE5-C78E-4E30-9002-2F8EFD34BA79}\gapaengine.dll
2014-04-19 04:50 . 2009-07-14 01:41 509440 ----a-w- c:\windows\system32\rpcss.dll
2014-04-16 15:36 . 2014-04-19 04:50 -------- d-----w- C:\FRST
2014-04-15 21:11 . 2014-04-25 07:39 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-15 21:10 . 2014-04-15 21:10 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-15 21:10 . 2014-04-15 21:10 -------- d-----w- c:\programdata\Malwarebytes
2014-04-15 21:10 . 2014-04-03 13:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-15 21:10 . 2014-04-03 13:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-15 21:10 . 2014-04-03 13:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-29 17:26 . 2014-03-29 17:26 -------- d-sh--w- C:\$$PendingFiles
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-20 09:31 . 2014-03-20 09:31 59904 ---ha-w- c:\windows\zlib1.dll
2014-03-20 09:31 . 2014-03-20 09:31 12800 ---ha-w- c:\windows\aplib64.dll
2014-03-20 09:31 . 2014-03-20 09:31 11264 ---ha-w- c:\windows\aplib.dll
2014-03-04 14:35 . 2014-03-23 23:29 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-03-04 14:35 . 2014-03-23 23:29 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-03-04 14:35 . 2014-03-23 23:29 892704 ----a-w- c:\windows\system32\NvIFR64.dll
2014-03-04 14:35 . 2014-03-23 23:29 877856 ----a-w- c:\windows\system32\NvFBC64.dll
2014-03-04 14:35 . 2014-03-23 23:29 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-03-04 14:35 . 2014-03-23 23:29 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-03-04 14:35 . 2014-03-23 23:29 832936 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-03-04 14:35 . 2014-03-23 23:29 353504 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-03-04 14:35 . 2014-03-23 23:29 3143456 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-04 14:35 . 2014-03-23 23:29 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-03-04 14:35 . 2014-03-23 23:29 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-03-04 14:35 . 2014-03-23 23:29 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-04 14:35 . 2014-03-23 23:29 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-03-04 14:35 . 2014-03-23 23:29 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-03-04 14:35 . 2014-03-23 23:29 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-03-04 14:35 . 2014-03-23 23:29 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-04 14:35 . 2014-03-23 23:29 174296 ----a-w- c:\windows\system32\nvinitx.dll
2014-03-04 14:35 . 2014-03-23 23:29 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-03-04 14:35 . 2014-03-23 23:29 148016 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-03-04 14:35 . 2014-03-23 23:29 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-04 14:35 . 2014-03-23 23:29 11636176 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-04 14:35 . 2014-03-23 23:29 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-04 14:35 . 2014-03-23 23:29 25255256 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-04 14:35 . 2014-03-23 23:29 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-03-04 14:35 . 2013-10-08 00:30 31474976 ----a-w- c:\windows\system32\nvoglv64.dll
2014-03-04 14:35 . 2013-09-20 13:55 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-04 14:35 . 2013-02-17 15:45 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-04 14:35 . 2013-02-17 15:44 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-04 14:35 . 2012-10-11 02:23 947808 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-03-04 14:35 . 2012-10-11 02:23 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-04 14:35 . 2012-10-11 02:22 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-04 13:06 . 2011-01-21 00:26 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2011-01-21 00:25 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2011-01-21 00:26 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2011-01-21 00:26 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2011-01-21 00:26 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-04 13:05 . 2013-02-17 16:32 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
2014-03-04 11:32 . 2014-03-23 23:34 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-02-21 14:00 . 2014-01-23 23:59 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-05 09:31 . 2013-11-04 07:48 1048152 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-02-05 09:30 . 2013-11-04 07:48 1179576 ----a-w- c:\windows\system32\nvspcap64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-04-21 1826496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_168_ActiveX.exe" [2013-02-19 701296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
2;2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MSICDSetup;MSICDSetup;e:\cdriver64.sys;e:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMWEBACCESSCONTROL
*NewlyCreated* - MPKSLBA0B3496
*Deregistered* - MBAMWebAccessControl
*Deregistered* - MpKslba0b3496
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-16 16:18 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-17 16:38]
.
2014-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-17 16:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-08-01 8290584]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: dell.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: sony.com\account.station
TCP: DhcpNameServer = 10.0.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{09942569-D515-42BE-9F5A-A439B20F91AB}"=hex:51,66,7a,6c,4c,1d,38,12,07,26,87,
0d,27,9b,d0,07,e0,4c,e7,79,b7,51,d5,bf
"{F0F12903-DE76-4DF7-BCDC-0A0689151189}"=hex:51,66,7a,6c,4c,1d,38,12,6d,2a,e2,
f4,44,90,99,08,c3,ca,49,46,8c,4b,55,9d
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:75,4c,0a,0a,2e,19,ce,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-25 04:14:28
ComboFix-quarantined-files.txt 2014-04-25 08:14
ComboFix2.txt 2014-04-15 21:44
.
Pre-Run: 169,761,026,048 bytes free
Post-Run: 170,178,105,344 bytes free
.
- - End Of File - - 29B3B6CD9362DFA8D0C2F5CF71E15EEA
A36C5E4F47E84449FF07ED3517B43A31

 

Here is the info you requested! I have had minimal problems (virtually none except that one BSOD) since you started the process! Everything seems to be running much better and I am not having any of the main issues I was before I started the thread; it is hard for me to know for sure since I don't know exactly what to look for. Let me know if anything else needs to be done, thank you so much for your help thus far!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users