Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Re-direct Virus, windows 7


  • This topic is locked This topic is locked
30 replies to this topic

#1 XanatosNemos

XanatosNemos

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 24 June 2014 - 09:45 PM

Keep getting re-directed sometimes when I click a link online. Also seems to be slowing my computer a little maybe the memory? As always thank you very much for your time and help.

 

-------------

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by Dustin at 22:39:20 on 2014-06-24
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8183.5927 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\AIM7\aim.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Kingsoft\Kingsoft Office\office6\et.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us21.grepolis.com/game/index?login=1&p=800149&ts=1384060286
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
uRun: [Aim] "C:\Program Files (x86)\AIM7\aim.exe" /d locale=en-US
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Dustin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MIGHTA~1.LNK - C:\Program Files (x86)\3DO\Might and Magic VIII\Register\Remind32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{BD651E83-A3B7-4B2D-9636-715E83652720} : NameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: saVe onn: {0ECC61CA-0188-D90B-0DAF-77ECD21AEBEA} -
x64-BHO: Adblocker: {89DEEE98-FC36-7E3A-9714-02B40A7D2834} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\9q1isgst.default\
FF - prefs.js: browser.startup.homepage - hxxp://chaturbate.com/affiliates/stats/?stats_breakdown=date&campaign=&search_criteria=1&period=0&date_month=4&date_day=28&date_year=2014&start_date_month=4&start_date_day=16&start_date_year=2014&end_date_month=4&end_date_day=30&end_date_year=2014|https://coinbase.com/charts|http://www.merial.us/Contactus/Pages/default.aspx|http://www.pornhub.com/playlist/279987621394629355|http://greensboro.craigslist.org/fuo/4497784799.html|http://greensboro.craigslist.org/search/sss?query=hot+tub&maxAsk=1000&sort=rel|http://greensboro.craigslist.org/hsh/4496097422.html|http://greensboro.craigslist.org/spo/4498695476.html|http://www.zillow.com/homedetails/2240-Old-Liberty-Rd-Randleman-NC-27317/50063211_zpid/|https://www.goodreads.com/work/quotes/1858012-the-picture-of-dorian-gray|https://www.onlinebanking.pnc.com/alservlet/OnlineBankingServlet#llblock|https://btcjam.com/my_account/payments|http://www.bankrate.com/calculators/mortgages/mortgage-calculator-c.aspx?loanAmount=90000&years=30&terms=360&interestRate=4&loanStartDate=06%2F01%2F2014&monthlyPayments=456.02&monthlyAdditionalAmount=0&yearlyAdditionalAmount=0&yearlyPaymentMonth=+Jun+&oneTimeAdditionalPayment=0&oneTimeAdditionalPaymentInMY=+Jul+2014&pDate=Jun+01%2C+2044&show=false#|http://www.motherearthnews.com/diy/how-to-build-a-bamboo-fence-zmaz00aszgoe.aspx?PageId=2#axzz33QYTQakC|https://www.google.com/search?q=Making+bamboo+fence&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=sb|http://www.xvideos.com/video2354469/hot_breasts_girl_friend_makes_porn_movie|http://www.watchgot.net/2014/05/game-of-thrones-season-4-episode-8-got.html
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1618888]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-2 21009352]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-5-26 413128]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-14 5316448]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2013-1-31 294064]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-26 19744]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-26 40392]
S2 29850aa3;SO_Sustainer;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2012-1-5 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 133928]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 RD9700;RD9700 USB2.0 To Fast Ethernet Adapter;C:\Windows\System32\drivers\RD9700.sys [2013-8-1 21504]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-7 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-7 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-2 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-06-24 16:50:01    10779000    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A3452535-AD39-459F-B30C-AC734F467414}\mpengine.dll
2014-06-24 16:10:38    --------    d-----w-    C:\Users\Dustin\AppData\Roaming\SUPERAntiSpyware.com
2014-06-24 16:10:26    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2014-06-24 16:10:26    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2014-06-24 15:56:07    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-06-23 15:32:07    10779000    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-23 02:44:14    --------    d-----w-    C:\Program Files (x86)\3DO
2014-06-23 02:43:32    0    ----a-w-    C:\Windows\DXT7374.tmp
2014-06-23 02:43:32    --------    d-----w-    C:\Program Files (x86)\directx
2014-06-22 00:49:20    --------    d-----w-    C:\ProgramData\AppSnow
2014-06-22 00:49:13    --------    d-----w-    C:\Program Files (x86)\SO_Booster
2014-06-22 00:48:57    --------    d-----w-    C:\ProgramData\Adblocker
2014-06-22 00:48:51    --------    d-----w-    C:\Users\Dustin\AppData\Local\Packages
2014-06-22 00:48:45    --------    d-----w-    C:\Users\Dustin\AppData\Local\Torch
2014-06-22 00:48:45    --------    d-----w-    C:\Users\Dustin\AppData\Local\Comodo
2014-06-22 00:48:45    --------    d-----w-    C:\Users\Dustin\AppData\Local\Chromatic Browser
2014-06-22 00:48:45    --------    d-----w-    C:\ProgramData\ed16c6a8e9ef29b7
2014-06-22 00:48:03    --------    d-----w-    C:\ProgramData\InstallMate
2014-06-13 18:32:41    1031560    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{951E33B1-0A67-4B70-BDB0-72DB54279960}\gapaengine.dll
2014-05-26 18:04:27    601432    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2014-05-26 17:55:43    40392    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2014-05-26 17:55:43    34760    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2014-05-26 07:24:23    --------    d-----w-    C:\Users\Dustin\Library
2014-05-26 07:24:22    --------    d-----w-    C:\Users\Dustin\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
2014-05-26 07:10:15    --------    d-----w-    C:\Users\Dustin\AppData\Roaming\MechCAD
.
==================== Find3M  ====================
.
2014-06-08 09:13:05    506368    ----a-w-    C:\Windows\System32\aepdu.dll
2014-06-08 09:08:04    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-05-30 10:02:37    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22    5782528    ----a-w-    C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22    2040832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56    2266112    ----a-w-    C:\Windows\System32\wininet.dll
2014-05-30 07:56:50    4244992    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38    1964544    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10    1790976    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-05-25 22:26:20    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-20 01:25:42    6769096    ----a-w-    C:\Windows\System32\nvcpl.dll
2014-05-20 01:25:42    3514144    ----a-w-    C:\Windows\System32\nvsvc64.dll
2014-05-20 01:25:39    927520    ----a-w-    C:\Windows\System32\nvvsvc.exe
2014-05-20 01:25:38    62808    ----a-w-    C:\Windows\System32\nvshext.dll
2014-05-20 01:25:38    387528    ----a-w-    C:\Windows\System32\nvmctray.dll
2014-05-14 23:49:42    3774821    ----a-w-    C:\Windows\System32\nvcoproc.bin
2014-05-14 07:26:19    70832    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 07:26:19    692400    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-08 09:32:11    3178496    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11    16384    ----a-w-    C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-04-30 18:29:25    1081112    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2014-04-30 18:29:03    1225920    ----a-w-    C:\Windows\System32\nvspcap64.dll
2014-04-25 02:34:59    801280    ----a-w-    C:\Windows\System32\usp10.dll
2014-04-25 02:06:17    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
2014-04-12 02:22:05    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05    155072    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37    28160    ----a-w-    C:\Windows\System32\secur32.dll
2014-04-12 02:19:32    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05    31232    ----a-w-    C:\Windows\System32\lsass.exe
2014-04-12 02:12:06    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09    288192    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-03-31 16:42:42    37320    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2014-03-29 05:18:09    21840    ----a-w-    C:\Windows\SysWow64\SIntfNT.dll
2014-03-29 05:18:09    17212    ----a-w-    C:\Windows\SysWow64\SIntf32.dll
2014-03-29 05:18:09    12067    ----a-w-    C:\Windows\SysWow64\SIntf16.dll
2014-03-29 05:01:48    2829    ----a-w-    C:\Windows\DIIUnin.pif
2014-03-29 05:01:47    94208    ----a-w-    C:\Windows\DIIUnin.exe
.
============= FINISH: 22:40:07.46 ===============
 

 

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 AM

Posted 25 June 2014 - 03:53 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

Please upload the attach.txt by DDS and do the following:

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 XanatosNemos

XanatosNemos
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 25 June 2014 - 12:28 PM

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-06-25 13:12:16
-----------------------------
13:12:16.852    OS Version: Windows x64 6.1.7601 Service Pack 1
13:12:16.852    Number of processors: 8 586 0x1E05
13:12:16.853    ComputerName: CYBERPOWER  UserName: Dustin
13:12:18.509    Initialize success
13:12:18.526    VM: initialized successfully
13:12:20.466    VM: Intel CPU BiosDisabled
13:12:24.969    VM: disk I/O atapi.sys
13:15:56.897    AVAST engine defs: 14062500
13:17:24.122    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
13:17:24.123    Disk 0 Vendor: ST3750528AS CC38 Size: 715404MB BusType: 3
13:17:24.140    Disk 0 MBR read successfully
13:17:24.142    Disk 0 MBR scan
13:17:24.146    Disk 0 Windows 7 default MBR code
13:17:24.154    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:17:24.163    Disk 0 default boot code
13:17:24.198    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       715302 MB offset 206848
13:17:24.249    Disk 0 scanning C:\Windows\system32\drivers
13:17:37.693    Service scanning
13:18:03.158    Modules scanning
13:18:03.163    Disk 0 trace - called modules:
13:18:03.173    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80076892c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:18:03.176    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d8a790]
13:18:03.179    3 CLASSPNP.SYS[fffff88001b9243f] -> nt!IofCallDriver -> [0xfffffa8007b33580]
13:18:03.182    5 ACPI.sys[fffff88000f2d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007b35060]
13:18:03.186    \Driver\atapi[0xfffffa8007b1c6c0] -> IRP_MJ_CREATE -> 0xfffffa80076892c0
13:18:05.363    AVAST engine scan C:\Windows
13:18:09.683    AVAST engine scan C:\Windows\system32
13:22:08.690    AVAST engine scan C:\Windows\system32\drivers
13:22:30.964    AVAST engine scan C:\Users\Dustin
13:26:31.119    Disk 0 MBR has been saved successfully to "C:\Users\Dustin\Desktop\MBR.dat"
13:26:31.151    The log file has been saved successfully to "C:\Users\Dustin\Desktop\aswMBR.txt"

 


Thought I had attached it before but here it is.

Attached Files



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 AM

Posted 26 June 2014 - 03:24 AM

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

 

 

 

Disable CD Emulation with DeFogger

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers.
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK


IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 XanatosNemos

XanatosNemos
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 26 June 2014 - 01:36 PM

ComboFix 14-06-24.01 - Dustin 06/26/2014  14:26:44.3.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8183.6534 [GMT -4:00]
Running from: c:\users\Dustin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-26 to 2014-06-26  )))))))))))))))))))))))))))))))
.
.
2014-06-26 18:33 . 2014-06-26 18:33    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-06-26 18:33 . 2014-06-26 18:33    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-06-26 04:47 . 2014-06-26 04:51    --------    d-----w-    C:\SNES
2014-06-25 16:49 . 2014-05-02 17:30    1031560    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79AC9042-2FDD-4153-9D59-C042F2AB257E}\gapaengine.dll
2014-06-25 16:49 . 2014-06-05 10:54    10779000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80EF9CC7-7D69-4DD8-A863-8A2B95E12D18}\mpengine.dll
2014-06-24 16:50 . 2014-06-05 10:54    10779000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-24 16:10 . 2014-06-24 16:10    --------    d-----w-    c:\users\Dustin\AppData\Roaming\SUPERAntiSpyware.com
2014-06-24 16:10 . 2014-06-24 16:10    --------    d-----w-    c:\program files\SUPERAntiSpyware
2014-06-24 16:10 . 2014-06-24 16:10    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2014-06-23 02:44 . 2014-06-23 03:14    --------    d-----w-    c:\program files (x86)\3DO
2014-06-23 02:43 . 2014-06-23 02:43    0    ----a-w-    c:\windows\DXT7374.tmp
2014-06-23 02:43 . 2014-06-23 02:43    --------    d-----w-    c:\program files (x86)\directx
2014-06-22 00:49 . 2014-06-22 01:01    --------    d-----w-    c:\programdata\AppSnow
2014-06-22 00:49 . 2014-06-22 01:01    --------    d-----w-    c:\program files (x86)\SO_Booster
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\programdata\Adblocker
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\users\Dustin\AppData\Local\Packages
2014-06-22 00:48 . 2014-06-22 00:49    --------    d-----w-    c:\programdata\ed16c6a8e9ef29b7
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\users\HomeGroupUser$
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\users\Guest
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\users\Dustin\AppData\Local\Torch
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\users\Dustin\AppData\Local\Comodo
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\users\Dustin\AppData\Local\Chromatic Browser
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\users\Administrator
2014-06-22 00:48 . 2014-06-22 00:49    --------    d-----w-    c:\programdata\InstallMate
2014-06-11 15:17 . 2014-05-30 09:46    570368    ----a-w-    c:\program files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-12 05:44 . 2013-08-07 05:05    95414520    ----a-w-    c:\windows\system32\MRT.exe
2014-05-25 22:26 . 2014-05-25 22:26    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-20 02:44 . 2014-05-26 18:00    9735256    ----a-w-    c:\windows\SysWow64\nvcuda.dll
2014-05-20 02:44 . 2014-05-26 18:00    9697640    ----a-w-    c:\windows\SysWow64\nvopencl.dll
2014-05-20 02:44 . 2014-05-26 18:00    895776    ----a-w-    c:\windows\system32\NvIFR64.dll
2014-05-20 02:44 . 2014-05-26 18:00    892704    ----a-w-    c:\windows\system32\NvFBC64.dll
2014-05-20 02:44 . 2014-05-26 18:00    867784    ----a-w-    c:\windows\SysWow64\NvIFR.dll
2014-05-20 02:44 . 2014-05-26 18:00    861128    ----a-w-    c:\windows\SysWow64\NvFBC.dll
2014-05-20 02:44 . 2014-05-26 18:00    837056    ----a-w-    c:\windows\SysWow64\nvumdshim.dll
2014-05-20 02:44 . 2014-05-26 18:00    492376    ----a-w-    c:\windows\system32\nvEncodeAPI64.dll
2014-05-20 02:44 . 2014-05-26 18:00    416712    ----a-w-    c:\windows\SysWow64\nvEncodeAPI.dll
2014-05-20 02:44 . 2014-05-26 18:00    382240    ----a-w-    c:\windows\system32\NvIFROpenGL.dll
2014-05-20 02:44 . 2014-05-26 18:00    354016    ----a-w-    c:\windows\system32\nvoglshim64.dll
2014-05-20 02:44 . 2014-05-26 18:00    335704    ----a-w-    c:\windows\SysWow64\NvIFROpenGL.dll
2014-05-20 02:44 . 2014-05-26 18:00    31520    ----a-w-    c:\windows\system32\nvhdap64.dll
2014-05-20 02:44 . 2014-05-26 18:00    3141976    ----a-w-    c:\windows\system32\nvcuvid.dll
2014-05-20 02:44 . 2014-05-26 18:00    31387936    ----a-w-    c:\windows\system32\nvoglv64.dll
2014-05-20 02:44 . 2014-05-26 18:00    305600    ----a-w-    c:\windows\SysWow64\nvoglshim32.dll
2014-05-20 02:44 . 2014-05-26 18:00    2953672    ----a-w-    c:\windows\SysWow64\nvcuvid.dll
2014-05-20 02:44 . 2014-05-26 18:00    2785568    ----a-w-    c:\windows\system32\nvcuvenc.dll
2014-05-20 02:44 . 2014-05-26 18:00    2412376    ----a-w-    c:\windows\SysWow64\nvcuvenc.dll
2014-05-20 02:44 . 2014-05-26 18:00    24025376    ----a-w-    c:\windows\SysWow64\nvoglv32.dll
2014-05-20 02:44 . 2014-05-26 18:00    197408    ----a-w-    c:\windows\system32\drivers\nvhda64v.sys
2014-05-20 02:44 . 2014-05-26 18:00    1889112    ----a-w-    c:\windows\system32\nvdispco6433788.dll
2014-05-20 02:44 . 2014-05-26 18:00    18531568    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2014-05-20 02:44 . 2014-05-26 18:00    17480432    ----a-w-    c:\windows\system32\nvd3dumx.dll
2014-05-20 02:44 . 2014-05-26 18:00    166568    ----a-w-    c:\windows\system32\nvinitx.dll
2014-05-20 02:44 . 2014-05-26 18:00    1541576    ----a-w-    c:\windows\system32\nvdispgenco6433788.dll
2014-05-20 02:44 . 2014-05-26 18:00    146480    ----a-w-    c:\windows\SysWow64\nvinit.dll
2014-05-20 02:44 . 2014-05-26 18:00    12688328    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
2014-05-20 02:44 . 2014-05-26 18:00    11644928    ----a-w-    c:\windows\system32\nvcuda.dll
2014-05-20 02:44 . 2014-05-26 18:00    11599072    ----a-w-    c:\windows\system32\nvopencl.dll
2014-05-20 02:44 . 2014-05-26 18:00    25256224    ----a-w-    c:\windows\system32\nvcompiler.dll
2014-05-20 02:44 . 2014-05-26 18:00    17561544    ----a-w-    c:\windows\SysWow64\nvcompiler.dll
2014-05-20 02:44 . 2014-05-21 17:32    952952    ----a-w-    c:\windows\system32\nvumdshimx.dll
2014-05-20 02:44 . 2014-05-21 17:32    16003912    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2014-05-20 02:44 . 2014-05-21 17:32    14434704    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2014-05-20 02:44 . 2014-05-21 17:32    3109248    ----a-w-    c:\windows\system32\nvapi64.dll
2014-05-20 02:44 . 2014-05-21 17:32    2730208    ----a-w-    c:\windows\SysWow64\nvapi.dll
2014-05-20 02:44 . 2014-03-21 03:02    1515296    ----a-w-    c:\windows\system32\nvhdagenco6420103.dll
2014-05-20 02:44 . 2013-08-01 20:48    61216    ----a-w-    c:\windows\system32\OpenCL.dll
2014-05-20 02:44 . 2013-08-01 20:48    52056    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2014-05-20 01:25 . 2013-08-01 20:49    6769096    ----a-w-    c:\windows\system32\nvcpl.dll
2014-05-20 01:25 . 2013-08-01 20:49    3514144    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-05-20 01:25 . 2013-08-01 20:49    927520    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-05-20 01:25 . 2013-08-01 20:49    62808    ----a-w-    c:\windows\system32\nvshext.dll
2014-05-20 01:25 . 2013-08-01 20:49    387528    ----a-w-    c:\windows\system32\nvmctray.dll
2014-05-19 23:10 . 2014-05-26 18:04    601432    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2014-05-14 23:49 . 2014-05-21 17:08    3774821    ----a-w-    c:\windows\system32\nvcoproc.bin
2014-05-14 07:26 . 2013-08-14 00:19    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 07:26 . 2013-08-14 00:19    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-02 17:30 . 2013-08-22 22:59    1031560    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-30 18:29 . 2013-12-02 22:13    1081112    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2014-04-30 18:29 . 2013-12-02 22:13    1225920    ----a-w-    c:\windows\system32\nvspcap64.dll
2014-04-12 02:22 . 2014-05-14 04:20    155072    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 04:20    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 04:20    29184    ----a-w-    c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 04:20    136192    ----a-w-    c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 04:20    28160    ----a-w-    c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 04:20    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 04:20    31232    ----a-w-    c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 04:20    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 04:20    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-03-31 16:42 . 2014-05-26 17:55    40392    ----a-w-    c:\windows\system32\drivers\nvvad64v.sys
2014-03-31 16:42 . 2013-12-02 22:13    37320    ----a-w-    c:\windows\system32\nvaudcap64v.dll
2014-03-31 16:42 . 2014-05-26 17:55    34760    ----a-w-    c:\windows\SysWow64\nvaudcap32v.dll
2014-03-29 05:18 . 2014-03-29 05:18    21840    ----a-w-    c:\windows\SysWow64\SIntfNT.dll
2014-03-29 05:18 . 2014-03-29 05:18    17212    ----a-w-    c:\windows\SysWow64\SIntf32.dll
2014-03-29 05:18 . 2014-03-29 05:18    12067    ----a-w-    c:\windows\SysWow64\SIntf16.dll
2014-03-29 05:01 . 2014-03-29 05:01    2829    ----a-w-    c:\windows\DIIUnin.pif
2014-03-29 05:01 . 2014-03-29 05:01    94208    ----a-w-    c:\windows\DIIUnin.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files (x86)\AIM7\aim.exe" [2011-05-03 4321112]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21445248]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2014-03-14 2611808]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-06-04 6564120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-07-25 1985824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Might and Magic VIII.lnk - c:\program files (x86)\3DO\Might and Magic VIII\Register\Remind32.exe [2014-6-22 67584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 29850aa3;SO_Sustainer;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Dustin\AppData\Local\Temp\ALSysIO64.sys;c:\users\Dustin\AppData\Local\Temp\ALSysIO64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RD9700;RD9700 USB2.0 To Fast Ethernet Adapter;c:\windows\system32\DRIVERS\RD9700.sys;c:\windows\SYSNATIVE\DRIVERS\RD9700.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 16:30    1091912    ----a-w-    c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-14 07:26]
.
2014-06-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7eab16a2-b82e-413c-9e19-408b502d7f73.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2014-06-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ffdfa308-8b03-4144-966f-1aa4d98f9bcc.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2014-06-26 c:\windows\Tasks\WpsUpdateTask_Dustin.job
- c:\program files (x86)\Kingsoft\Kingsoft Office\office6\wpsupdate.exe [2011-11-03 16:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ECC61CA-0188-D90B-0DAF-77ECD21AEBEA}]
c:\program files (x86)\saVe onn\rYo3J2sMl.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89DEEE98-FC36-7E3A-9714-02B40A7D2834}]
c:\program files (x86)\Adblocker\kLyPf5pnvG.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [BU]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-30 1225920]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://us21.grepolis.com/game/index?login=1&p=800149&ts=1384060286
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{BD651E83-A3B7-4B2D-9636-715E83652720}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\9q1isgst.default\
FF - prefs.js: browser.startup.homepage - hxxp://chaturbate.com/affiliates/stats/?stats_breakdown=date&campaign=&search_criteria=1&period=0&date_month=4&date_day=28&date_year=2014&start_date_month=4&start_date_day=16&start_date_year=2014&end_date_month=4&end_date_day=30&end_date_year=2014|https://coinbase.com/charts|http://www.merial.us/Contactus/Pages/default.aspx|http://www.pornhub.com/playlist/279987621394629355|http://greensboro.craigslist.org/fuo/4497784799.html|http://greensboro.craigslist.org/search/sss?query=hot+tub&maxAsk=1000&sort=rel|http://greensboro.craigslist.org/hsh/4496097422.html|http://greensboro.craigslist.org/spo/4498695476.html|http://www.zillow.com/homedetails/2240-Old-Liberty-Rd-Randleman-NC-27317/50063211_zpid/|https://www.goodreads.com/work/quotes/1858012-the-picture-of-dorian-gray|https://www.onlinebanking.pnc.com/alservlet/OnlineBankingServlet#llblock|https://btcjam.com/my_account/payments|http://www.bankrate.com/calculators/mortgages/mortgage-calculator-c.aspx?loanAmount=90000&years=30&terms=360&interestRate=4&loanStartDate=06%2F01%2F2014&monthlyPayments=456.02&monthlyAdditionalAmount=0&yearlyAdditionalAmount=0&yearlyPaymentMonth=+Jun+&oneTimeAdditionalPayment=0&oneTimeAdditionalPaymentInMY=+Jul+2014&pDate=Jun+01%2C+2044&show=false#|http://www.motherearthnews.com/diy/how-to-build-a-bamboo-fence-zmaz00aszgoe.aspx?PageId=2#axzz33QYTQakC|https://www.google.com/search?q=Making+bamboo+fence&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=sb|http://www.xvideos.com/video2354469/hot_breasts_girl_friend_makes_porn_movie|http://www.watchgot.net/2014/05/game-of-thrones-season-4-episode-8-got.html
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-AceMoney_is1 - c:\program files (x86)\AceMoney\unins000.exe
AddRemove-com.ynab.YNAB4.LiveCaptive_is1 - c:\program files (x86)\YNAB 4\unins000.exe
AddRemove-PlugY, The Survival Kit - c:\program files (x86)\Diablo II\Mod PlugY\PlugY Uninstaller.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{29850aa3} - c:\progra~2\SO_BOO~1\ASSIST~1.DLL
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-06-26  14:35:22
ComboFix-quarantined-files.txt  2014-06-26 18:35
ComboFix2.txt  2014-06-24 15:56
ComboFix3.txt  2014-05-22 18:09
.
Pre-Run: 74,593,034,240 bytes free
Post-Run: 74,382,749,696 bytes free
.
- - End Of File - - 4133D7CDD43446C10D61D10E25E4C74C
A36C5E4F47E84449FF07ED3517B43A31
 



#6 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 AM

Posted 29 June 2014 - 09:50 PM

------------------------------


Edited by TB-Psychotic, 30 June 2014 - 05:52 AM.


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 AM

Posted 30 June 2014 - 05:56 AM

Disable CD Emulation with DeFogger

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
 

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers.
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

 

 

 

 

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 XanatosNemos

XanatosNemos
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 02 July 2014 - 03:56 PM

Please be patient and do not close the topic I am currently out of town until monday. I will reply as soon as I get home with requested results



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 AM

Posted 03 July 2014 - 01:17 AM

OK! :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 XanatosNemos

XanatosNemos
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 07 July 2014 - 08:42 PM

ComboFix 14-07-07.01 - Dustin 07/07/2014  20:17:18.4.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8183.6715 [GMT -4:00]
Running from: c:\users\Dustin\Desktop\ComboFix.exe
Command switches used :: c:\users\Dustin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_29850aa3
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-08 to 2014-07-08  )))))))))))))))))))))))))))))))
.
.
2014-07-08 00:23 . 2014-07-08 00:23    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-07-08 00:23 . 2014-07-08 00:23    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-07-07 20:05 . 2014-05-02 17:30    1031560    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE6392F5-2B4A-469E-B8D3-E1472E510C5A}\gapaengine.dll
2014-07-07 19:54 . 2014-06-05 10:54    10779000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8250CE43-CA01-4F62-A11E-C8DE16260937}\mpengine.dll
2014-06-28 03:56 . 2014-06-05 10:54    10779000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-26 04:47 . 2014-06-26 04:51    --------    d-----w-    C:\SNES
2014-06-24 16:10 . 2014-06-24 16:10    --------    d-----w-    c:\users\Dustin\AppData\Roaming\SUPERAntiSpyware.com
2014-06-24 16:10 . 2014-06-24 16:10    --------    d-----w-    c:\program files\SUPERAntiSpyware
2014-06-24 16:10 . 2014-06-24 16:10    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2014-06-23 02:44 . 2014-06-23 03:14    --------    d-----w-    c:\program files (x86)\3DO
2014-06-23 02:43 . 2014-06-23 02:43    0    ----a-w-    c:\windows\DXT7374.tmp
2014-06-23 02:43 . 2014-06-23 02:43    --------    d-----w-    c:\program files (x86)\directx
2014-06-22 00:49 . 2014-06-22 01:01    --------    d-----w-    c:\programdata\AppSnow
2014-06-22 00:49 . 2014-06-22 01:01    --------    d-----w-    c:\program files (x86)\SO_Booster
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\programdata\Adblocker
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\users\Dustin\AppData\Local\Packages
2014-06-22 00:48 . 2014-06-22 00:49    --------    d-----w-    c:\programdata\ed16c6a8e9ef29b7
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\users\HomeGroupUser$
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\users\Guest
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\users\Dustin\AppData\Local\Torch
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\users\Dustin\AppData\Local\Comodo
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\users\Dustin\AppData\Local\Chromatic Browser
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\users\Administrator
2014-06-22 00:48 . 2014-06-22 00:49    --------    d-----w-    c:\programdata\InstallMate
2014-06-11 15:17 . 2014-05-30 09:46    570368    ----a-w-    c:\program files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-12 05:44 . 2013-08-07 05:05    95414520    ----a-w-    c:\windows\system32\MRT.exe
2014-05-25 22:26 . 2014-05-25 22:26    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-20 02:44 . 2014-05-26 18:00    9735256    ----a-w-    c:\windows\SysWow64\nvcuda.dll
2014-05-20 02:44 . 2014-05-26 18:00    9697640    ----a-w-    c:\windows\SysWow64\nvopencl.dll
2014-05-20 02:44 . 2014-05-26 18:00    895776    ----a-w-    c:\windows\system32\NvIFR64.dll
2014-05-20 02:44 . 2014-05-26 18:00    892704    ----a-w-    c:\windows\system32\NvFBC64.dll
2014-05-20 02:44 . 2014-05-26 18:00    867784    ----a-w-    c:\windows\SysWow64\NvIFR.dll
2014-05-20 02:44 . 2014-05-26 18:00    861128    ----a-w-    c:\windows\SysWow64\NvFBC.dll
2014-05-20 02:44 . 2014-05-26 18:00    837056    ----a-w-    c:\windows\SysWow64\nvumdshim.dll
2014-05-20 02:44 . 2014-05-26 18:00    492376    ----a-w-    c:\windows\system32\nvEncodeAPI64.dll
2014-05-20 02:44 . 2014-05-26 18:00    416712    ----a-w-    c:\windows\SysWow64\nvEncodeAPI.dll
2014-05-20 02:44 . 2014-05-26 18:00    382240    ----a-w-    c:\windows\system32\NvIFROpenGL.dll
2014-05-20 02:44 . 2014-05-26 18:00    354016    ----a-w-    c:\windows\system32\nvoglshim64.dll
2014-05-20 02:44 . 2014-05-26 18:00    335704    ----a-w-    c:\windows\SysWow64\NvIFROpenGL.dll
2014-05-20 02:44 . 2014-05-26 18:00    31520    ----a-w-    c:\windows\system32\nvhdap64.dll
2014-05-20 02:44 . 2014-05-26 18:00    3141976    ----a-w-    c:\windows\system32\nvcuvid.dll
2014-05-20 02:44 . 2014-05-26 18:00    31387936    ----a-w-    c:\windows\system32\nvoglv64.dll
2014-05-20 02:44 . 2014-05-26 18:00    305600    ----a-w-    c:\windows\SysWow64\nvoglshim32.dll
2014-05-20 02:44 . 2014-05-26 18:00    2953672    ----a-w-    c:\windows\SysWow64\nvcuvid.dll
2014-05-20 02:44 . 2014-05-26 18:00    2785568    ----a-w-    c:\windows\system32\nvcuvenc.dll
2014-05-20 02:44 . 2014-05-26 18:00    2412376    ----a-w-    c:\windows\SysWow64\nvcuvenc.dll
2014-05-20 02:44 . 2014-05-26 18:00    24025376    ----a-w-    c:\windows\SysWow64\nvoglv32.dll
2014-05-20 02:44 . 2014-05-26 18:00    197408    ----a-w-    c:\windows\system32\drivers\nvhda64v.sys
2014-05-20 02:44 . 2014-05-26 18:00    1889112    ----a-w-    c:\windows\system32\nvdispco6433788.dll
2014-05-20 02:44 . 2014-05-26 18:00    18531568    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2014-05-20 02:44 . 2014-05-26 18:00    17480432    ----a-w-    c:\windows\system32\nvd3dumx.dll
2014-05-20 02:44 . 2014-05-26 18:00    166568    ----a-w-    c:\windows\system32\nvinitx.dll
2014-05-20 02:44 . 2014-05-26 18:00    1541576    ----a-w-    c:\windows\system32\nvdispgenco6433788.dll
2014-05-20 02:44 . 2014-05-26 18:00    146480    ----a-w-    c:\windows\SysWow64\nvinit.dll
2014-05-20 02:44 . 2014-05-26 18:00    12688328    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
2014-05-20 02:44 . 2014-05-26 18:00    11644928    ----a-w-    c:\windows\system32\nvcuda.dll
2014-05-20 02:44 . 2014-05-26 18:00    11599072    ----a-w-    c:\windows\system32\nvopencl.dll
2014-05-20 02:44 . 2014-05-26 18:00    25256224    ----a-w-    c:\windows\system32\nvcompiler.dll
2014-05-20 02:44 . 2014-05-26 18:00    17561544    ----a-w-    c:\windows\SysWow64\nvcompiler.dll
2014-05-20 02:44 . 2014-05-21 17:32    952952    ----a-w-    c:\windows\system32\nvumdshimx.dll
2014-05-20 02:44 . 2014-05-21 17:32    16003912    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2014-05-20 02:44 . 2014-05-21 17:32    14434704    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2014-05-20 02:44 . 2014-05-21 17:32    3109248    ----a-w-    c:\windows\system32\nvapi64.dll
2014-05-20 02:44 . 2014-05-21 17:32    2730208    ----a-w-    c:\windows\SysWow64\nvapi.dll
2014-05-20 02:44 . 2014-03-21 03:02    1515296    ----a-w-    c:\windows\system32\nvhdagenco6420103.dll
2014-05-20 02:44 . 2013-08-01 20:48    61216    ----a-w-    c:\windows\system32\OpenCL.dll
2014-05-20 02:44 . 2013-08-01 20:48    52056    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2014-05-20 01:25 . 2013-08-01 20:49    6769096    ----a-w-    c:\windows\system32\nvcpl.dll
2014-05-20 01:25 . 2013-08-01 20:49    3514144    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-05-20 01:25 . 2013-08-01 20:49    927520    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-05-20 01:25 . 2013-08-01 20:49    62808    ----a-w-    c:\windows\system32\nvshext.dll
2014-05-20 01:25 . 2013-08-01 20:49    387528    ----a-w-    c:\windows\system32\nvmctray.dll
2014-05-19 23:10 . 2014-05-26 18:04    601432    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2014-05-14 23:49 . 2014-05-21 17:08    3774821    ----a-w-    c:\windows\system32\nvcoproc.bin
2014-05-14 07:26 . 2013-08-14 00:19    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 07:26 . 2013-08-14 00:19    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-02 17:30 . 2013-08-22 22:59    1031560    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-30 18:29 . 2013-12-02 22:13    1081112    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2014-04-30 18:29 . 2013-12-02 22:13    1225920    ----a-w-    c:\windows\system32\nvspcap64.dll
2014-04-12 02:22 . 2014-05-14 04:20    155072    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 04:20    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 04:20    29184    ----a-w-    c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 04:20    136192    ----a-w-    c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 04:20    28160    ----a-w-    c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 04:20    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 04:20    31232    ----a-w-    c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 04:20    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 04:20    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files (x86)\AIM7\aim.exe" [2011-05-03 4321112]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21445248]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2014-03-14 2611808]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-06-04 6564120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-07-25 1985824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Might and Magic VIII.lnk - c:\program files (x86)\3DO\Might and Magic VIII\Register\Remind32.exe [2014-6-22 67584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Dustin\AppData\Local\Temp\ALSysIO64.sys;c:\users\Dustin\AppData\Local\Temp\ALSysIO64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RD9700;RD9700 USB2.0 To Fast Ethernet Adapter;c:\windows\system32\DRIVERS\RD9700.sys;c:\windows\SYSNATIVE\DRIVERS\RD9700.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 16:30    1091912    ----a-w-    c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-14 07:26]
.
2014-06-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7eab16a2-b82e-413c-9e19-408b502d7f73.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2014-06-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ffdfa308-8b03-4144-966f-1aa4d98f9bcc.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2014-07-07 c:\windows\Tasks\WpsUpdateTask_Dustin.job
- c:\program files (x86)\Kingsoft\Kingsoft Office\office6\wpsupdate.exe [2011-11-03 16:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ECC61CA-0188-D90B-0DAF-77ECD21AEBEA}]
c:\program files (x86)\saVe onn\rYo3J2sMl.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89DEEE98-FC36-7E3A-9714-02B40A7D2834}]
c:\program files (x86)\Adblocker\kLyPf5pnvG.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [BU]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-30 1225920]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://us21.grepolis.com/game/index?login=1&p=800149&ts=1384060286
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{BD651E83-A3B7-4B2D-9636-715E83652720}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\9q1isgst.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-AceMoney_is1 - c:\program files (x86)\AceMoney\unins000.exe
AddRemove-com.ynab.YNAB4.LiveCaptive_is1 - c:\program files (x86)\YNAB 4\unins000.exe
AddRemove-PlugY, The Survival Kit - c:\program files (x86)\Diablo II\Mod PlugY\PlugY Uninstaller.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{29850aa3} - c:\progra~2\SO_BOO~1\ASSIST~1.DLL
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Completion time: 2014-07-07  20:29:52 - machine was rebooted
ComboFix-quarantined-files.txt  2014-07-08 00:29
ComboFix2.txt  2014-06-26 18:35
ComboFix3.txt  2014-06-24 15:56
ComboFix4.txt  2014-05-22 18:09
.
Pre-Run: 73,394,921,472 bytes free
Post-Run: 72,929,669,120 bytes free
.
- - End Of File - - B22C93281F840085B9AD35AAED39EFEF
A36C5E4F47E84449FF07ED3517B43A31
 



#11 XanatosNemos

XanatosNemos
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 07 July 2014 - 08:59 PM

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 7/7/2014 9:43:36 PM, SYSTEM, CYBERPOWER, Protection, Malware Protection, Starting,
Protection, 7/7/2014 9:43:36 PM, SYSTEM, CYBERPOWER, Protection, Malware Protection, Started,
Protection, 7/7/2014 9:43:36 PM, SYSTEM, CYBERPOWER, Protection, Malicious Website Protection, Starting,
Update, 7/7/2014 9:43:39 PM, SYSTEM, CYBERPOWER, Manual, Rootkit Database, 2014.2.20.1, 2014.7.7.1,
Update, 7/7/2014 9:43:41 PM, SYSTEM, CYBERPOWER, Manual, Malware Database, 2014.3.4.9, 2014.7.7.9,
Protection, 7/7/2014 9:43:41 PM, SYSTEM, CYBERPOWER, Protection, Refresh, Starting,
Protection, 7/7/2014 9:43:54 PM, SYSTEM, CYBERPOWER, Protection, Malicious Website Protection, Started,
Protection, 7/7/2014 9:43:55 PM, SYSTEM, CYBERPOWER, Protection, Malicious Website Protection, Stopping,
Protection, 7/7/2014 9:43:56 PM, SYSTEM, CYBERPOWER, Protection, Malicious Website Protection, Stopped,
Protection, 7/7/2014 9:44:00 PM, SYSTEM, CYBERPOWER, Protection, Refresh, Success,
Protection, 7/7/2014 9:44:01 PM, SYSTEM, CYBERPOWER, Protection, Malicious Website Protection, Starting,
Protection, 7/7/2014 9:44:01 PM, SYSTEM, CYBERPOWER, Protection, Malicious Website Protection, Started,
Protection, 7/7/2014 9:55:24 PM, SYSTEM, CYBERPOWER, Protection, Malware Protection, Starting,
Protection, 7/7/2014 9:55:24 PM, SYSTEM, CYBERPOWER, Protection, Malware Protection, Started,
Protection, 7/7/2014 9:55:24 PM, SYSTEM, CYBERPOWER, Protection, Malicious Website Protection, Starting,
Protection, 7/7/2014 9:57:01 PM, SYSTEM, CYBERPOWER, Protection, Malicious Website Protection, Started,

(end)



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 AM

Posted 08 July 2014 - 11:21 AM

You´ve posted the protection log. I need the scan log.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 XanatosNemos

XanatosNemos
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 08 July 2014 - 11:50 AM

ComboFix 14-07-07.01 - Dustin 07/07/2014  20:17:18.4.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8183.6715 [GMT -4:00]
Running from: c:\users\Dustin\Desktop\ComboFix.exe
Command switches used :: c:\users\Dustin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_29850aa3
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-08 to 2014-07-08  )))))))))))))))))))))))))))))))
.
.
2014-07-08 00:23 . 2014-07-08 00:23    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-07-08 00:23 . 2014-07-08 00:23    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-07-07 20:05 . 2014-05-02 17:30    1031560    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE6392F5-2B4A-469E-B8D3-E1472E510C5A}\gapaengine.dll
2014-07-07 19:54 . 2014-06-05 10:54    10779000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8250CE43-CA01-4F62-A11E-C8DE16260937}\mpengine.dll
2014-06-28 03:56 . 2014-06-05 10:54    10779000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-26 04:47 . 2014-06-26 04:51    --------    d-----w-    C:\SNES
2014-06-24 16:10 . 2014-06-24 16:10    --------    d-----w-    c:\users\Dustin\AppData\Roaming\SUPERAntiSpyware.com
2014-06-24 16:10 . 2014-06-24 16:10    --------    d-----w-    c:\program files\SUPERAntiSpyware
2014-06-24 16:10 . 2014-06-24 16:10    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2014-06-23 02:44 . 2014-06-23 03:14    --------    d-----w-    c:\program files (x86)\3DO
2014-06-23 02:43 . 2014-06-23 02:43    0    ----a-w-    c:\windows\DXT7374.tmp
2014-06-23 02:43 . 2014-06-23 02:43    --------    d-----w-    c:\program files (x86)\directx
2014-06-22 00:49 . 2014-06-22 01:01    --------    d-----w-    c:\programdata\AppSnow
2014-06-22 00:49 . 2014-06-22 01:01    --------    d-----w-    c:\program files (x86)\SO_Booster
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\programdata\Adblocker
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\users\Dustin\AppData\Local\Packages
2014-06-22 00:48 . 2014-06-22 00:49    --------    d-----w-    c:\programdata\ed16c6a8e9ef29b7
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\users\HomeGroupUser$
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\users\Guest
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\users\Dustin\AppData\Local\Torch
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\users\Dustin\AppData\Local\Comodo
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\users\Dustin\AppData\Local\Chromatic Browser
2014-06-22 00:48 . 2014-06-22 00:48    --------    d-----w-    c:\users\Administrator
2014-06-22 00:48 . 2014-06-22 00:49    --------    d-----w-    c:\programdata\InstallMate
2014-06-11 15:17 . 2014-05-30 09:46    570368    ----a-w-    c:\program files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-12 05:44 . 2013-08-07 05:05    95414520    ----a-w-    c:\windows\system32\MRT.exe
2014-05-25 22:26 . 2014-05-25 22:26    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-20 02:44 . 2014-05-26 18:00    9735256    ----a-w-    c:\windows\SysWow64\nvcuda.dll
2014-05-20 02:44 . 2014-05-26 18:00    9697640    ----a-w-    c:\windows\SysWow64\nvopencl.dll
2014-05-20 02:44 . 2014-05-26 18:00    895776    ----a-w-    c:\windows\system32\NvIFR64.dll
2014-05-20 02:44 . 2014-05-26 18:00    892704    ----a-w-    c:\windows\system32\NvFBC64.dll
2014-05-20 02:44 . 2014-05-26 18:00    867784    ----a-w-    c:\windows\SysWow64\NvIFR.dll
2014-05-20 02:44 . 2014-05-26 18:00    861128    ----a-w-    c:\windows\SysWow64\NvFBC.dll
2014-05-20 02:44 . 2014-05-26 18:00    837056    ----a-w-    c:\windows\SysWow64\nvumdshim.dll
2014-05-20 02:44 . 2014-05-26 18:00    492376    ----a-w-    c:\windows\system32\nvEncodeAPI64.dll
2014-05-20 02:44 . 2014-05-26 18:00    416712    ----a-w-    c:\windows\SysWow64\nvEncodeAPI.dll
2014-05-20 02:44 . 2014-05-26 18:00    382240    ----a-w-    c:\windows\system32\NvIFROpenGL.dll
2014-05-20 02:44 . 2014-05-26 18:00    354016    ----a-w-    c:\windows\system32\nvoglshim64.dll
2014-05-20 02:44 . 2014-05-26 18:00    335704    ----a-w-    c:\windows\SysWow64\NvIFROpenGL.dll
2014-05-20 02:44 . 2014-05-26 18:00    31520    ----a-w-    c:\windows\system32\nvhdap64.dll
2014-05-20 02:44 . 2014-05-26 18:00    3141976    ----a-w-    c:\windows\system32\nvcuvid.dll
2014-05-20 02:44 . 2014-05-26 18:00    31387936    ----a-w-    c:\windows\system32\nvoglv64.dll
2014-05-20 02:44 . 2014-05-26 18:00    305600    ----a-w-    c:\windows\SysWow64\nvoglshim32.dll
2014-05-20 02:44 . 2014-05-26 18:00    2953672    ----a-w-    c:\windows\SysWow64\nvcuvid.dll
2014-05-20 02:44 . 2014-05-26 18:00    2785568    ----a-w-    c:\windows\system32\nvcuvenc.dll
2014-05-20 02:44 . 2014-05-26 18:00    2412376    ----a-w-    c:\windows\SysWow64\nvcuvenc.dll
2014-05-20 02:44 . 2014-05-26 18:00    24025376    ----a-w-    c:\windows\SysWow64\nvoglv32.dll
2014-05-20 02:44 . 2014-05-26 18:00    197408    ----a-w-    c:\windows\system32\drivers\nvhda64v.sys
2014-05-20 02:44 . 2014-05-26 18:00    1889112    ----a-w-    c:\windows\system32\nvdispco6433788.dll
2014-05-20 02:44 . 2014-05-26 18:00    18531568    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2014-05-20 02:44 . 2014-05-26 18:00    17480432    ----a-w-    c:\windows\system32\nvd3dumx.dll
2014-05-20 02:44 . 2014-05-26 18:00    166568    ----a-w-    c:\windows\system32\nvinitx.dll
2014-05-20 02:44 . 2014-05-26 18:00    1541576    ----a-w-    c:\windows\system32\nvdispgenco6433788.dll
2014-05-20 02:44 . 2014-05-26 18:00    146480    ----a-w-    c:\windows\SysWow64\nvinit.dll
2014-05-20 02:44 . 2014-05-26 18:00    12688328    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
2014-05-20 02:44 . 2014-05-26 18:00    11644928    ----a-w-    c:\windows\system32\nvcuda.dll
2014-05-20 02:44 . 2014-05-26 18:00    11599072    ----a-w-    c:\windows\system32\nvopencl.dll
2014-05-20 02:44 . 2014-05-26 18:00    25256224    ----a-w-    c:\windows\system32\nvcompiler.dll
2014-05-20 02:44 . 2014-05-26 18:00    17561544    ----a-w-    c:\windows\SysWow64\nvcompiler.dll
2014-05-20 02:44 . 2014-05-21 17:32    952952    ----a-w-    c:\windows\system32\nvumdshimx.dll
2014-05-20 02:44 . 2014-05-21 17:32    16003912    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2014-05-20 02:44 . 2014-05-21 17:32    14434704    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2014-05-20 02:44 . 2014-05-21 17:32    3109248    ----a-w-    c:\windows\system32\nvapi64.dll
2014-05-20 02:44 . 2014-05-21 17:32    2730208    ----a-w-    c:\windows\SysWow64\nvapi.dll
2014-05-20 02:44 . 2014-03-21 03:02    1515296    ----a-w-    c:\windows\system32\nvhdagenco6420103.dll
2014-05-20 02:44 . 2013-08-01 20:48    61216    ----a-w-    c:\windows\system32\OpenCL.dll
2014-05-20 02:44 . 2013-08-01 20:48    52056    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2014-05-20 01:25 . 2013-08-01 20:49    6769096    ----a-w-    c:\windows\system32\nvcpl.dll
2014-05-20 01:25 . 2013-08-01 20:49    3514144    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-05-20 01:25 . 2013-08-01 20:49    927520    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-05-20 01:25 . 2013-08-01 20:49    62808    ----a-w-    c:\windows\system32\nvshext.dll
2014-05-20 01:25 . 2013-08-01 20:49    387528    ----a-w-    c:\windows\system32\nvmctray.dll
2014-05-19 23:10 . 2014-05-26 18:04    601432    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2014-05-14 23:49 . 2014-05-21 17:08    3774821    ----a-w-    c:\windows\system32\nvcoproc.bin
2014-05-14 07:26 . 2013-08-14 00:19    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 07:26 . 2013-08-14 00:19    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-02 17:30 . 2013-08-22 22:59    1031560    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-30 18:29 . 2013-12-02 22:13    1081112    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2014-04-30 18:29 . 2013-12-02 22:13    1225920    ----a-w-    c:\windows\system32\nvspcap64.dll
2014-04-12 02:22 . 2014-05-14 04:20    155072    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 04:20    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 04:20    29184    ----a-w-    c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 04:20    136192    ----a-w-    c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 04:20    28160    ----a-w-    c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 04:20    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 04:20    31232    ----a-w-    c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 04:20    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 04:20    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files (x86)\AIM7\aim.exe" [2011-05-03 4321112]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21445248]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2014-03-14 2611808]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-06-04 6564120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-07-25 1985824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Might and Magic VIII.lnk - c:\program files (x86)\3DO\Might and Magic VIII\Register\Remind32.exe [2014-6-22 67584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Dustin\AppData\Local\Temp\ALSysIO64.sys;c:\users\Dustin\AppData\Local\Temp\ALSysIO64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RD9700;RD9700 USB2.0 To Fast Ethernet Adapter;c:\windows\system32\DRIVERS\RD9700.sys;c:\windows\SYSNATIVE\DRIVERS\RD9700.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 16:30    1091912    ----a-w-    c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-14 07:26]
.
2014-06-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7eab16a2-b82e-413c-9e19-408b502d7f73.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2014-06-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ffdfa308-8b03-4144-966f-1aa4d98f9bcc.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2014-07-07 c:\windows\Tasks\WpsUpdateTask_Dustin.job
- c:\program files (x86)\Kingsoft\Kingsoft Office\office6\wpsupdate.exe [2011-11-03 16:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ECC61CA-0188-D90B-0DAF-77ECD21AEBEA}]
c:\program files (x86)\saVe onn\rYo3J2sMl.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89DEEE98-FC36-7E3A-9714-02B40A7D2834}]
c:\program files (x86)\Adblocker\kLyPf5pnvG.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [BU]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-30 1225920]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://us21.grepolis.com/game/index?login=1&p=800149&ts=1384060286
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{BD651E83-A3B7-4B2D-9636-715E83652720}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\9q1isgst.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-AceMoney_is1 - c:\program files (x86)\AceMoney\unins000.exe
AddRemove-com.ynab.YNAB4.LiveCaptive_is1 - c:\program files (x86)\YNAB 4\unins000.exe
AddRemove-PlugY, The Survival Kit - c:\program files (x86)\Diablo II\Mod PlugY\PlugY Uninstaller.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{29850aa3} - c:\progra~2\SO_BOO~1\ASSIST~1.DLL
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Completion time: 2014-07-07  20:29:52 - machine was rebooted
ComboFix-quarantined-files.txt  2014-07-08 00:29
ComboFix2.txt  2014-06-26 18:35
ComboFix3.txt  2014-06-24 15:56
ComboFix4.txt  2014-05-22 18:09
.
Pre-Run: 73,394,921,472 bytes free
Post-Run: 72,929,669,120 bytes free
.
- - End Of File - - B22C93281F840085B9AD35AAED39EFEF
A36C5E4F47E84449FF07ED3517B43A31
 



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 AM

Posted 08 July 2014 - 12:12 PM

Please post the log by malwarebytes.

If you don´t know how to locate it, please let me know.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 XanatosNemos

XanatosNemos
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 08 July 2014 - 12:25 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/8/2014
Scan Time: 8:39:12 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.08.04
Rootkit Database: v2014.07.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dustin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 307569
Time Elapsed: 13 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users