Hi,
Please post fresh DDS.txt log too.
That was okDon't know if it matters, but the .txt file it created is [S0] rather than [S1].
Hi,
Please post fresh DDS.txt log too.
That was okDon't know if it matters, but the .txt file it created is [S0] rather than [S1].
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Sorry I missed that.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by Mike at 8:13:24 on 2014-03-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8080.6293 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: ArcadeParlor Games: {39AD0726-986D-40F9-972B-E3BFA24B7745} - C:\Users\Mike\AppData\Local\ArcadeParlor\Arcadeparlor.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0725DADC-CAD9-4867-8745-00681411B8DC} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-20 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-4-20 207904]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-6 16152]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-14 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-8-14 421704]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-14 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-19 50344]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-6 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-6 161560]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-30 15129376]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-11 411936]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-6 363800]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-2-19 80184]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-6 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-6 786200]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-2-6 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-6 646248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-11 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-29 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-17 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-29 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2014-03-18 06:11:16 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{506DE174-866D-4001-9FFE-69D7B5909153}\offreg.dll
2014-03-18 06:10:35 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{506DE174-866D-4001-9FFE-69D7B5909153}\mpengine.dll
2014-03-17 17:16:31 -------- d-----w- C:\AdwCleaner
2014-03-17 04:20:35 -------- d-----w- C:\Users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo
2014-03-17 04:20:31 -------- d-----w- C:\Users\Mike\AppData\Roaming\Fighters
2014-03-17 04:20:16 -------- d-----w- C:\ProgramData\Fighters
2014-03-17 04:20:16 -------- d-----w- C:\Program Files\Fighters
2014-03-17 04:20:16 -------- d-----w- C:\Program Files (x86)\Fighters
2014-03-17 04:20:00 -------- d-----w- C:\Program Files (x86)\Yahoo!
2014-03-17 04:19:55 -------- d-----w- C:\Users\Mike\AppData\Local\ArcadeParlor
2014-03-12 01:32:13 -------- d-----w- C:\Users\Mike\AppData\Local\Skype
2014-03-12 01:32:01 -------- d-----r- C:\Program Files (x86)\Skype
2014-03-11 22:01:48 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-11 22:01:47 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-11 22:01:47 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-11 22:01:47 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-11 21:52:58 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-02-26 18:31:34 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-02-26 18:31:34 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-02-25 12:20:42 -------- d-----w- C:\Program Files (x86)\WarThunder - Copy
2014-02-19 16:32:00 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-02-17 15:20:16 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-02-17 15:20:15 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
.
==================== Find3M ====================
.
2014-03-11 20:29:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 20:29:06 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll
2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-03-04 13:05:53 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-19 16:31:59 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-02-19 16:31:59 43152 ----a-w- C:\Windows\avastSS.scr
2014-02-19 16:31:59 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-02-19 16:31:59 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-12-19 20:33:31 1884448 ----a-w- C:\Windows\System32\nvdispco6433221.dll
2013-12-19 20:33:31 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433221.dll
2013-12-19 02:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 8:13:35.51 ===============
Hi,
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/comb...o-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
- Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
ComboFix 14-03-19.01 - Mike 03/19/2014 17:36:02.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8080.6301 [GMT -4:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-02-19 to 2014-03-19 )))))))))))))))))))))))))))))))
.
.
2014-03-19 21:38 . 2014-03-19 21:38 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-03-19 21:38 . 2014-03-19 21:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-18 06:11 . 2014-03-18 06:11 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{506DE174-866D-4001-9FFE-69D7B5909153}\offreg.dll
2014-03-18 06:10 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{506DE174-866D-4001-9FFE-69D7B5909153}\mpengine.dll
2014-03-17 17:16 . 2014-03-18 02:49 -------- d-----w- C:\AdwCleaner
2014-03-17 04:59 . 2014-03-17 04:59 -------- d-----w- c:\program files (x86)\ERUNT
2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo
2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\users\Mike\AppData\Roaming\Fighters
2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\programdata\Fighters
2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\program files\Fighters
2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\program files (x86)\Fighters
2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\programdata\Yahoo! Companion
2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\program files (x86)\7-Zip
2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\programdata\Yahoo!
2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\users\Mike\AppData\Roaming\Yahoo!
2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\program files (x86)\Yahoo!
2014-03-17 04:19 . 2014-03-17 04:19 -------- d-----w- c:\users\Mike\AppData\Local\ArcadeParlor
2014-03-12 01:32 . 2014-03-12 01:32 -------- d-----w- c:\users\Mike\AppData\Local\Skype
2014-03-12 01:32 . 2014-03-17 04:15 -------- d-----w- c:\users\Mike\AppData\Roaming\Skype
2014-03-12 01:32 . 2014-03-12 01:32 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-03-12 01:32 . 2014-03-12 01:32 -------- d-----r- c:\program files (x86)\Skype
2014-03-12 01:31 . 2014-03-12 01:32 -------- d-----w- c:\programdata\Skype
2014-03-11 22:01 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-11 22:01 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-11 22:01 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-11 22:01 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-11 21:53 . 2014-03-11 21:53 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-03-11 21:52 . 2014-03-04 11:32 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-02-26 18:31 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-02-26 18:31 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-02-25 12:20 . 2014-03-19 17:07 -------- d-----w- c:\program files (x86)\WarThunder - Copy
2014-02-19 16:32 . 2014-02-19 16:31 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-11 22:22 . 2012-08-14 15:56 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-11 20:29 . 2012-08-13 21:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 20:29 . 2012-08-13 21:21 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 14:35 . 2014-02-06 22:40 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-04 14:35 . 2013-02-19 16:05 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-04 14:35 . 2012-08-27 22:02 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2012-08-06 23:29 947808 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-03-04 14:35 . 2012-08-06 23:29 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-04 14:35 . 2012-08-06 23:29 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-04 13:06 . 2012-08-06 23:29 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2012-08-06 23:29 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2012-08-06 23:29 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2012-08-06 23:29 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2012-08-06 23:29 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-04 13:05 . 2012-08-06 23:29 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
2014-02-19 16:31 . 2013-04-20 21:30 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-19 16:31 . 2012-08-14 11:35 421704 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-02-19 16:31 . 2012-08-14 11:35 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-19 16:31 . 2012-08-14 11:35 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-19 16:31 . 2012-08-14 11:35 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-19 16:31 . 2012-08-14 11:35 43152 ----a-w- c:\windows\avastSS.scr
2013-12-24 23:09 . 2014-02-13 21:00 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-13 21:00 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-12-21 09:53 . 2014-02-14 00:41 548864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-21 08:56 . 2014-02-14 00:41 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{39AD0726-986D-40F9-972B-E3BFA24B7745}]
2014-03-17 04:19 188328 ----a-w- c:\users\Mike\AppData\Local\ArcadeParlor\Arcadeparlor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-19 3767096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 17:27 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-13 20:29]
.
2014-03-19 c:\windows\Tasks\ArcadeParlor.job
- c:\users\Mike\AppData\Local\ArcadeParlor\versioncheck.exe [2014-03-17 04:19]
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-06 23:10]
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-06 23:10]
.
2014-03-19 c:\windows\Tasks\SLOW-PCfighter64-Mike-Notification.job
- c:\program files\Fighters\SLOW-PCfighter\Sync.exe [2013-08-08 16:28]
.
2014-03-18 c:\windows\Tasks\SLOW-PCfighter64-Mike-Startup.job
- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe [2013-08-08 16:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-19 16:31 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-19 17:39:49
ComboFix-quarantined-files.txt 2014-03-19 21:39
.
Pre-Run: 820,537,217,024 bytes free
Post-Run: 820,227,002,368 bytes free
.
- - End Of File - - AA313C33D3B624B8C64749500A7A446C
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by Mike at 17:42:54 on 2014-03-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8080.6176 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\SUPERAntiSpyware\1f209e4d-de84-4bff-bcfb-1ea61f039352.com
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
BHO: ArcadeParlor Games: {39AD0726-986D-40F9-972B-E3BFA24B7745} - C:\Users\Mike\AppData\Local\ArcadeParlor\Arcadeparlor.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0725DADC-CAD9-4867-8745-00681411B8DC} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-20 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-4-20 207904]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-6 16152]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-14 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-8-14 421704]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-14 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-19 50344]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-6 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-6 161560]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-30 15129376]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-11 411936]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-6 363800]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-2-19 80184]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-6 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-6 786200]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-2-6 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-6 646248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-11 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-29 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-17 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-29 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2014-03-19 21:39:52 -------- d-sh--w- C:\$RECYCLE.BIN
2014-03-19 21:35:35 98816 ----a-w- C:\Windows\sed.exe
2014-03-19 21:35:35 256000 ----a-w- C:\Windows\PEV.exe
2014-03-19 21:35:35 208896 ----a-w- C:\Windows\MBR.exe
2014-03-18 06:11:16 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{506DE174-866D-4001-9FFE-69D7B5909153}\offreg.dll
2014-03-18 06:10:35 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{506DE174-866D-4001-9FFE-69D7B5909153}\mpengine.dll
2014-03-17 17:16:31 -------- d-----w- C:\AdwCleaner
2014-03-17 04:20:35 -------- d-----w- C:\Users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo
2014-03-17 04:20:31 -------- d-----w- C:\Users\Mike\AppData\Roaming\Fighters
2014-03-17 04:20:16 -------- d-----w- C:\ProgramData\Fighters
2014-03-17 04:20:16 -------- d-----w- C:\Program Files\Fighters
2014-03-17 04:20:16 -------- d-----w- C:\Program Files (x86)\Fighters
2014-03-17 04:20:00 -------- d-----w- C:\Program Files (x86)\Yahoo!
2014-03-17 04:19:55 -------- d-----w- C:\Users\Mike\AppData\Local\ArcadeParlor
2014-03-12 01:32:13 -------- d-----w- C:\Users\Mike\AppData\Local\Skype
2014-03-12 01:32:01 -------- d-----r- C:\Program Files (x86)\Skype
2014-03-11 22:01:48 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-11 22:01:47 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-11 22:01:47 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-11 22:01:47 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-11 21:52:58 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-02-26 18:31:34 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-02-26 18:31:34 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-02-25 12:20:42 -------- d-----w- C:\Program Files (x86)\WarThunder - Copy
2014-02-19 16:32:00 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys
.
==================== Find3M ====================
.
2014-03-11 20:29:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 20:29:06 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll
2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-03-04 13:05:53 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-19 16:31:59 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-02-19 16:31:59 43152 ----a-w- C:\Windows\avastSS.scr
2014-02-19 16:31:59 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-02-19 16:31:59 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
.
============= FINISH: 17:43:00.21 ===============
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
Code:Folder:: c:\users\Mike\AppData\Local\ArcadeParlor C:\Users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo C:\Users\Mike\AppData\Roaming\Fighters C:\ProgramData\Fighters C:\Program Files\Fighters C:\Program Files (x86)\Fighters C:\Program Files (x86)\Yahoo! File:: c:\windows\Tasks\ArcadeParlor.job c:\windows\Tasks\SLOW-PCfighter64-Mike-Notification.job c:\windows\Tasks\SLOW-PCfighter64-Mike-Startup.job Registry:: [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{39AD0726-986D-40F9-972B-E3BFA24B7745}]
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.
Run also DDS again and post back its log.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hello, here you go.
ComboFix 14-03-19.01 - Mike 03/20/2014 16:11:11.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8080.6421 [GMT -4:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
Command switches used :: c:\users\Mike\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\Tasks\ArcadeParlor.job"
"c:\windows\Tasks\SLOW-PCfighter64-Mike-Notification.job"
"c:\windows\Tasks\SLOW-PCfighter64-Mike-Startup.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Fighters
c:\program files (x86)\Fighters\Tray\FightersTray.exe
c:\program files (x86)\Fighters\Tray\HTML\checking_for_updates.html
c:\program files (x86)\Fighters\Tray\HTML\done_lightbox.html
c:\program files (x86)\Fighters\Tray\HTML\error_lightbox.html
c:\program files (x86)\Fighters\Tray\HTML\gfx\bg_stretch.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\done_btn.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\done_btn_down.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_complete.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_done.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_error.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_fdf.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_info.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_info_active.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_productname.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_shield.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_slow.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_spam.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_spy.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_support.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_support_active.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_TKTRAY-UPD-RCPRO.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_TKTRAYAPP.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_virus.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\scrollbar\sb-v-scroll-next.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\scrollbar\sb-v-scroll-prev.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\spinner.gif
c:\program files (x86)\Fighters\Tray\HTML\gfx\unipb.gif
c:\program files (x86)\Fighters\Tray\HTML\gfx\unipb_install.gif
c:\program files (x86)\Fighters\Tray\HTML\popup.css
c:\program files (x86)\Fighters\Tray\HTML\popup.html
c:\program files (x86)\Fighters\Tray\HTML\restart_lightbox.html
c:\program files (x86)\Fighters\Tray\HTML\update_manager.css
c:\program files (x86)\Fighters\Tray\HTML\Update_Manager.html
c:\program files (x86)\Fighters\Tray\HTML\uptodate_lightbox.html
c:\program files (x86)\Fighters\Tray\HTML\whitelabel.css
c:\program files (x86)\Fighters\Tray\MsgSys.exe
c:\program files (x86)\Fighters\Tray\notification\gfx\icon_close.png
c:\program files (x86)\Fighters\Tray\notification\gfx\icon_productname.png
c:\program files (x86)\Fighters\Tray\notification\gfx\popup_bubble.png
c:\program files (x86)\Fighters\Tray\notification\popup.css
c:\program files (x86)\Fighters\Tray\notification\popup.html
c:\program files (x86)\Fighters\Tray\sfhtml.dll
c:\program files (x86)\Fighters\Tray\SuiteClient.dll
c:\program files (x86)\Fighters\Tray\Translations\Language_AR.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_BG.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_CS.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_DA.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_DE.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_EL.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_EN.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_ES.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_FI.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_FR.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_HE.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_HR.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_HU.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_ID.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_IT.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_JA.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_KO.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_NL.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_NO.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_PL.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_PT.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_RO.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_RU.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_SV.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_TH.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_TR.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_TW.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_VI.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_ZH.xml
c:\program files (x86)\Yahoo!
c:\program files (x86)\Yahoo!\Common\unyt.exe
c:\program files (x86)\Yahoo!\Common\unyt_wrap.exe
c:\program files (x86)\Yahoo!\Companion\Data\apps.html
c:\program files (x86)\Yahoo!\Companion\Data\cna.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_abt.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_act_ie_upg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_act_srch1.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_act_srch2.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_anstip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_anstipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_as.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_atb.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_auttip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_auttipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_bootip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_catb.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_clutip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_clutipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_cnf.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_cotb.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_ctb.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_fantip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_fantipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_fintip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_fintipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_flktip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_flktipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_grptip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_grptipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_loctip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_loctipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_logtip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_mailatip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_mailtip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_map.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_mlbtip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_mlbtipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_movtip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_movtipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_msgratip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_msgrtip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_mustip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_mustipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_nbatip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_nbatipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_newstip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_newstipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_newtip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_newtipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_nfltip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_nfltipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_opt.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_pub.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_shotip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_shotipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_srchtip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_tratip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_tratipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_upg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_upg8tip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_wctb.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_weatip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_weatipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_wp.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_wp2.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_yq.html
c:\program files (x86)\Yahoo!\Companion\Data\loading.html
c:\program files (x86)\Yahoo!\Companion\Data\settings.html
c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\visic_coupon.dll
c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\ytbb.exe
c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\ytbn.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\Uninst_AutoUpdater.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Fighters
c:\program files\Fighters\SLOW-PCfighter\CommonToolkitSuite.cts
c:\program files\Fighters\SLOW-PCfighter\CommonToolkitSuiteLight_x64.dll
c:\program files\Fighters\SLOW-PCfighter\Documents\LicenseEN.rtf
c:\program files\Fighters\SLOW-PCfighter\Languages\language_BG.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_CS.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_DA.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_DE.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_EL.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_EN-US.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_EN.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_ES.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_FI.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_FR.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_HR.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_HU.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_ID.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_IT.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\language_JA.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_KO.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_NL.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_NO.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_PL.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_PT.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_RO.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_RU.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_SV.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_TH.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\language_TR.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_TW.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_ZH.xml
c:\program files\Fighters\SLOW-PCfighter\LogFilesCollector.exe
c:\program files\Fighters\SLOW-PCfighter\MachineId.exe
c:\program files\Fighters\SLOW-PCfighter\MachineIdGatewayx64.dll
c:\program files\Fighters\SLOW-PCfighter\MsgSys.exe
c:\program files\Fighters\SLOW-PCfighter\sfhtml.dll
c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe
c:\program files\Fighters\SLOW-PCfighter\Sync.exe
c:\program files\Fighters\SLOW-PCfighter\Uninstall.exe
c:\program files\Fighters\SLOW-PCfighter\UpDates.exe
c:\programdata\Fighters
c:\programdata\Fighters\SLOW-PCfighter64\LOGS\LOGS_03_17_2014_00_30_33_AM.log
c:\programdata\Fighters\SLOW-PCfighter64\TipofDay_EN.xml
c:\programdata\Fighters\SLOW-PCfighter64\wxfdata.wxf
c:\programdata\Fighters\Tray\Configurations\RCPRO.xml
c:\programdata\Fighters\Tray\Configurations\TKTRAY.xml
c:\programdata\Fighters\Tray\Logs\CommonTrayInstaller.log.txt
c:\programdata\Fighters\Tray\Menu\DVPRO.ico
c:\programdata\Fighters\Tray\Menu\fdpro.ico
c:\programdata\Fighters\Tray\Menu\products_list.xml
c:\programdata\Fighters\Tray\Menu\pwpro.ico
c:\programdata\Fighters\Tray\Menu\rcpro.ico
c:\programdata\Fighters\Tray\Menu\sfpro.ico
c:\programdata\Fighters\Tray\Menu\swpro.ico
c:\programdata\Fighters\Tray\Menu\vfpro.ico
c:\users\Mike\AppData\Local\ArcadeParlor
c:\users\Mike\AppData\Local\ArcadeParlor\ap.config
c:\users\Mike\AppData\Local\ArcadeParlor\Arcadeparlor.dll
c:\users\Mike\AppData\Local\ArcadeParlor\broker.exe
c:\users\Mike\AppData\Local\ArcadeParlor\removal.exe
c:\users\Mike\AppData\Local\ArcadeParlor\versioncheck.exe
c:\users\Mike\AppData\Roaming\Fighters
c:\users\Mike\AppData\Roaming\Fighters\Suite\Logs\Client.log.txt
c:\users\Mike\AppData\Roaming\Fighters\Suite\Logs\MachineId.log.txt
c:\users\Mike\AppData\Roaming\Fighters\Tray\Logs\Tray.log.txt
c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\dlpro.ico
c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\dvpro.ico
c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\fdpro.ico
c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\products_list.xml
c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\pwpro.ico
c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\rcpro.ico
c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\sfpro.ico
c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\swpro.ico
c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\vfpro.ico
c:\users\Mike\AppData\Roaming\Fighters\Tray\Updates\TKTRAYINFO.list
c:\users\Mike\AppData\Roaming\Fighters\Tray\Updates\TKTRAYINFO.list_new
c:\users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo
c:\users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo\config.xml
c:\users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe
c:\users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.zip
c:\users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo\SearchProtectorMonitor.log
c:\windows\Tasks\ArcadeParlor.job
c:\windows\Tasks\SLOW-PCfighter64-Mike-Notification.job
c:\windows\Tasks\SLOW-PCfighter64-Mike-Startup.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_YahooAUService
-------\Service_YahooAUService
.
.
((((((((((((((((((((((((( Files Created from 2014-02-20 to 2014-03-20 )))))))))))))))))))))))))))))))
.
.
2014-03-20 20:14 . 2014-03-20 20:14 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-03-20 20:14 . 2014-03-20 20:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-18 06:10 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{506DE174-866D-4001-9FFE-69D7B5909153}\mpengine.dll
2014-03-17 17:16 . 2014-03-18 02:49 -------- d-----w- C:\AdwCleaner
2014-03-17 04:59 . 2014-03-17 04:59 -------- d-----w- c:\program files (x86)\ERUNT
2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\programdata\Yahoo! Companion
2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\program files (x86)\7-Zip
2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\programdata\Yahoo!
2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\users\Mike\AppData\Roaming\Yahoo!
2014-03-12 01:32 . 2014-03-12 01:32 -------- d-----w- c:\users\Mike\AppData\Local\Skype
2014-03-12 01:32 . 2014-03-20 20:04 -------- d-----w- c:\users\Mike\AppData\Roaming\Skype
2014-03-12 01:32 . 2014-03-12 01:32 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-03-12 01:32 . 2014-03-12 01:32 -------- d-----r- c:\program files (x86)\Skype
2014-03-12 01:31 . 2014-03-12 01:32 -------- d-----w- c:\programdata\Skype
2014-03-11 22:01 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-11 22:01 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-11 22:01 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-11 22:01 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-11 21:53 . 2014-03-11 21:53 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-03-11 21:52 . 2014-03-04 11:32 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-02-26 18:31 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-02-26 18:31 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-02-25 12:20 . 2014-03-20 12:22 -------- d-----w- c:\program files (x86)\WarThunder - Copy
2014-02-19 16:32 . 2014-02-19 16:31 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-11 22:22 . 2012-08-14 15:56 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-11 20:29 . 2012-08-13 21:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 20:29 . 2012-08-13 21:21 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 14:35 . 2014-02-06 22:40 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-04 14:35 . 2013-02-19 16:05 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-04 14:35 . 2012-08-27 22:02 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2012-08-06 23:29 947808 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-03-04 14:35 . 2012-08-06 23:29 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-04 14:35 . 2012-08-06 23:29 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-04 13:06 . 2012-08-06 23:29 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2012-08-06 23:29 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2012-08-06 23:29 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2012-08-06 23:29 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2012-08-06 23:29 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-04 13:05 . 2012-08-06 23:29 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
2014-02-19 16:31 . 2013-04-20 21:30 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-19 16:31 . 2012-08-14 11:35 421704 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-02-19 16:31 . 2012-08-14 11:35 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-19 16:31 . 2012-08-14 11:35 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-19 16:31 . 2012-08-14 11:35 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-19 16:31 . 2012-08-14 11:35 43152 ----a-w- c:\windows\avastSS.scr
2013-12-24 23:09 . 2014-02-13 21:00 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-13 21:00 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-12-21 09:53 . 2014-02-14 00:41 548864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-21 08:56 . 2014-02-14 00:41 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-19 3767096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 17:27 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-13 20:29]
.
2014-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-06 23:10]
.
2014-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-06 23:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-19 16:31 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{39AD0726-986D-40F9-972B-E3BFA24B7745} - c:\users\Mike\AppData\Local\ArcadeParlor\Arcadeparlor.dll
Toolbar-Locked - (no file)
AddRemove-Yahoo! Companion - c:\users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe
AddRemove-Yahoo! Toolbar - c:\progra~2\Yahoo!\Common\UNYT_W~1.EXE
AddRemove-{B74443DB-5A88-4583-860A-F0D06EF399E3} - c:\users\Mike\AppData\Local\ArcadeParlor\removal.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-03-20 16:17:43 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-20 20:17
ComboFix2.txt 2014-03-19 21:39
.
Pre-Run: 818,845,560,832 bytes free
Post-Run: 818,458,382,336 bytes free
.
- - End Of File - - 8950DF8704DA43848B5C99282595CCCE
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by Mike at 16:19:17 on 2014-03-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8080.6648 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Dwm.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
BHO: ArcadeParlor Games: {39AD0726-986D-40F9-972B-E3BFA24B7745} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0725DADC-CAD9-4867-8745-00681411B8DC} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-20 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-4-20 207904]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-6 16152]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-14 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-8-14 421704]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-14 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-19 50344]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-6 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-6 161560]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-30 15129376]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-11 411936]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-6 363800]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-6 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-6 786200]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-2-6 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-6 646248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-2-19 80184]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-11 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-29 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-17 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-29 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2014-03-20 20:15:36 -------- d-sh--w- C:\$RECYCLE.BIN
2014-03-19 21:35:35 98816 ----a-w- C:\Windows\sed.exe
2014-03-19 21:35:35 256000 ----a-w- C:\Windows\PEV.exe
2014-03-19 21:35:35 208896 ----a-w- C:\Windows\MBR.exe
2014-03-18 06:10:35 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{506DE174-866D-4001-9FFE-69D7B5909153}\mpengine.dll
2014-03-17 17:16:31 -------- d-----w- C:\AdwCleaner
2014-03-12 01:32:13 -------- d-----w- C:\Users\Mike\AppData\Local\Skype
2014-03-12 01:32:01 -------- d-----r- C:\Program Files (x86)\Skype
2014-03-11 22:01:48 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-11 22:01:47 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-11 22:01:47 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-11 22:01:47 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-11 21:52:58 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-02-26 18:31:34 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-02-26 18:31:34 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-02-25 12:20:42 -------- d-----w- C:\Program Files (x86)\WarThunder - Copy
2014-02-19 16:32:00 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys
.
==================== Find3M ====================
.
2014-03-11 20:29:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 20:29:06 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll
2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-03-04 13:05:53 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-19 16:31:59 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-02-19 16:31:59 43152 ----a-w- C:\Windows\avastSS.scr
2014-02-19 16:31:59 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-02-19 16:31:59 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
.
============= FINISH: 16:19:22.59 ===============
Hi,
Open notepad and copy/paste the text in the quotebox below into it:
Code:DDS:: BHO: ArcadeParlor Games: {39AD0726-986D-40F9-972B-E3BFA24B7745} -
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.
Run also DDS again and post back its log.
Is the problem still present?
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hi,
After clicking Start>All Programs right-click on Driver Genius and select Delete.Start>All Programs>Driver Genius>Driver Genius (broken icon), Driver Genius on the web, Uninstall, and User's Guide
You may delete those icons too.Desktop icon for Driver Genius
Desktop Icon for Slow-PCFighter
If it's 7-Zip here then it's legit program (used for archiving and extracting files).A suspicious 7-zip File Manager (not sure where it came from?)
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Deleted, rebooted and nothing came back.
Everything seems to be operating normally.
Good. Let's see the final steps then
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
A To disable the System Restore feature:
1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.
B. Reboot.
C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.
Let's uninstall adwCleaner:
- Double click on adwcleaner.exe to run the tool.
- Click on Uninstall.
- Confirm with yes.
Next, let's uninstall ComboFix:
- Click START then RUN
- Now copy-paste Combofix /uninstall in the runbox and click OK
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.