unwanted windows poping up

**bobbym** · 2014-10-20, 14:10

your combofix report

ComboFix 14-10-15.01 - bob 10/20/2014 13:01:09.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4086.2712 [GMT 1:00]
Running from: c:\users\bob\Desktop\ComboFix.exe
Command switches used :: c:\users\bob\Desktop\CFScript.txt
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\bob\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-09-20 to 2014-10-20 )))))))))))))))))))))))))))))))
.
.
2014-10-20 12:04 . 2014-10-20 12:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-19 19:19 . 2014-10-19 19:19 -------- d-----w- C:\SUPERDelete
2014-10-19 19:11 . 2014-10-19 19:11 -------- d-----w- c:\users\bob\AppData\Roaming\SUPERAntiSpyware.com
2014-10-19 19:11 . 2014-10-19 19:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-10-19 18:19 . 2014-10-19 18:23 -------- d-----w- c:\windows\system32\catroot2
2014-10-19 17:51 . 2014-10-19 18:15 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-10-19 13:14 . 2014-10-19 13:14 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-10-19 13:10 . 2014-10-19 13:24 -------- d-----w- c:\programdata\HitmanPro
2014-10-19 09:59 . 2014-10-19 10:14 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-10-18 12:35 . 2014-10-20 11:04 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-10-18 12:35 . 2014-10-18 12:35 -------- d-----w- c:\programdata\RogueKiller
2014-10-17 13:43 . 2014-10-17 13:43 -------- d-----w- c:\windows\ERUNT
2014-10-17 13:33 . 2014-10-17 13:36 -------- d-----w- C:\AdwCleaner
2014-10-17 13:10 . 2014-10-17 13:10 -------- d-----w- c:\windows\system32\appmgmt
2014-10-16 17:55 . 2014-09-19 01:26 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-10-16 17:54 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-16 17:54 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-16 17:36 . 2014-10-19 13:01 -------- d-----w- C:\FRST
2014-10-16 17:27 . 2014-10-16 17:27 -------- d-----w- C:\RegBackup
2014-10-15 09:13 . 2014-10-15 09:13 -------- d-----w- c:\program files\CCleaner
2014-10-14 17:08 . 2014-10-14 17:08 -------- d-----w- c:\users\bob\AppData\Local\CheckCode
2014-10-13 17:09 . 2014-10-13 17:09 -------- d-----w- c:\users\bob\AppData\Local\Deployment
2014-10-13 17:08 . 2014-10-19 19:28 -------- d-----w- c:\windows\SysWow64\Direct3dTextWin32
2014-10-13 17:07 . 2014-10-13 18:05 -------- d-----w- c:\users\bob\AppData\Local\MetafileODBCRoot
2014-10-13 09:54 . 2014-10-13 09:54 -------- d-----w- c:\users\bob\AppData\Local\com
2014-10-06 10:50 . 2014-10-06 10:50 -------- d-----w- c:\users\bob\AppData\Local\Apps
2014-10-01 21:04 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-10-01 21:04 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-28 16:30 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-28 16:30 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-19 09:59 . 2014-08-06 21:26 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-19 09:58 . 2014-08-06 21:25 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-16 17:56 . 2014-08-05 20:52 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-10-16 17:14 . 2014-08-12 16:45 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-10-16 17:14 . 2014-08-11 17:13 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-10-16 17:14 . 2014-08-11 17:13 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-09-10 16:51 . 2014-08-06 17:24 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 16:51 . 2014-08-06 17:24 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-23 02:07 . 2014-08-28 16:00 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 16:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-06 11:53 . 2014-08-06 11:53 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-08-06 11:53 . 2014-08-06 11:53 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-08-06 11:53 . 2014-08-06 11:53 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-08-06 11:53 . 2014-08-06 11:53 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-08-06 11:53 . 2014-08-06 11:53 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-08-06 11:53 . 2014-08-06 11:53 81408 ----a-w- c:\windows\system32\icardie.dll
2014-08-06 11:53 . 2014-08-06 11:53 774144 ----a-w- c:\windows\system32\jscript.dll
2014-08-06 11:53 . 2014-08-06 11:53 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-08-06 11:53 . 2014-08-06 11:53 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-08-06 11:53 . 2014-08-06 11:53 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-08-06 11:53 . 2014-08-06 11:53 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-08-06 11:53 . 2014-08-06 11:53 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-08-06 11:53 . 2014-08-06 11:53 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-08-06 11:53 . 2014-08-06 11:53 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-08-06 11:53 . 2014-08-06 11:53 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-08-06 11:53 . 2014-08-06 11:53 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-08-06 11:53 . 2014-08-06 11:53 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-08-06 11:53 . 2014-08-06 11:53 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-08-06 11:53 . 2014-08-06 11:53 413696 ----a-w- c:\windows\system32\html.iec
2014-08-06 11:53 . 2014-08-06 11:53 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-08-06 11:53 . 2014-08-06 11:53 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-08-06 11:53 . 2014-08-06 11:53 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-08-06 11:53 . 2014-08-06 11:53 247808 ----a-w- c:\windows\system32\msls31.dll
2014-08-06 11:53 . 2014-08-06 11:53 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-08-06 11:53 . 2014-08-06 11:53 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-08-06 11:53 . 2014-08-06 11:53 235520 ----a-w- c:\windows\system32\url.dll
2014-08-06 11:53 . 2014-08-06 11:53 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-08-06 11:53 . 2014-08-06 11:53 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-08-06 11:53 . 2014-08-06 11:53 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-08-06 11:53 . 2014-08-06 11:53 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-08-06 11:53 . 2014-08-06 11:53 147968 ----a-w- c:\windows\system32\occache.dll
2014-08-06 11:53 . 2014-08-06 11:53 143872 ----a-w- c:\windows\system32\wextract.exe
2014-08-06 11:53 . 2014-08-06 11:53 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-08-06 11:53 . 2014-08-06 11:53 13824 ----a-w- c:\windows\system32\mshta.exe
2014-08-06 11:53 . 2014-08-06 11:53 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-08-06 11:53 . 2014-08-06 11:53 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-08-06 11:53 . 2014-08-06 11:53 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-08-06 11:53 . 2014-08-06 11:53 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-08-06 11:53 . 2014-08-06 11:53 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-08-06 11:53 . 2014-08-06 11:53 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-08-06 11:53 . 2014-08-06 11:53 101376 ----a-w- c:\windows\system32\inseng.dll
2014-08-06 11:51 . 2014-08-06 11:51 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-08-06 11:51 . 2014-08-06 11:51 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-08-06 11:51 . 2014-08-06 11:51 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-08-06 11:51 . 2014-08-06 11:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-08-06 11:51 . 2014-08-06 11:51 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-08-06 11:51 . 2014-08-06 11:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-08-06 11:51 . 2014-08-06 11:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-08-06 11:51 . 2014-08-06 11:51 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2014-08-06 11:51 . 2014-08-06 11:51 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-08-06 11:51 . 2014-08-06 11:51 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-08-06 11:51 . 2014-08-06 11:51 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2014-08-06 11:51 . 2014-08-06 11:51 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-08-06 11:51 . 2014-08-06 11:51 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-08-06 11:51 . 2014-08-06 11:51 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-08-06 11:51 . 2014-08-06 11:51 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2014-08-06 11:51 . 2014-08-06 11:51 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-08-06 11:51 . 2014-08-06 11:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2014-08-06 11:51 . 2014-08-06 11:51 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2014-08-06 11:51 . 2014-08-06 11:51 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-08-06 11:51 . 2014-08-06 11:51 1238528 ----a-w- c:\windows\system32\d3d10.dll
2014-08-06 11:51 . 2014-08-06 11:51 1175552 ----a-w- c:\windows\system32\FntCache.dll
2014-08-06 11:51 . 2014-08-06 11:51 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2014-08-06 11:51 . 2014-08-06 11:51 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2014-08-06 11:51 . 2014-08-06 11:51 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-08-06 10:36 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2014-08-06 10:36 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2014-08-01 11:53 . 2014-09-10 16:33 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-10 16:33 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-07-25 01:35 . 2014-07-25 01:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 22:47 . 2014-07-24 22:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-23 12:29 . 2014-08-11 17:13 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-07-23 09:52 . 2014-08-05 20:37 270496 ----a-w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="e:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-06-24 4566952]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-09-26 6482200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-10-16 703736]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-09-23 165168]
"SDTray"="e:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - e:\office\OSA9.EXE -b -l [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MetafileODBCRoot.exe;MetafileODBCRoot.exe;c:\users\bob\AppData\Local\MetafileODBCRoot\MetafileODBCRoot.exe;c:\users\bob\AppData\Local\MetafileODBCRoot\MetafileODBCRoot.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 SASKUTIL;SASKUTIL;h:\superantispyware\SASKUTIL64.SYS;h:\superantispyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;h:\superantispyware\SASCORE64.EXE;h:\superantispyware\SASCORE64.EXE [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;e:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;e:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;e:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;e:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;e:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;e:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-06 16:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\finki56m.default-1413643555328\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
Toolbar-Locked - (no file)
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Completion time: 2014-10-20 13:08:13 - machine was rebooted
ComboFix-quarantined-files.txt 2014-10-20 12:08
ComboFix2.txt 2014-10-17 22:08
.
Pre-Run: 2,541,838,336 bytes free
Post-Run: 2,453,569,536 bytes free
.
- - End Of File - - 139B7F49CDECBB27F2EF2A8EB362B1EE
A36C5E4F47E84449FF07ED3517B43A31

right I'm off get back to you later. thanks

**bobbym** · 2014-10-20, 14:13

sorry forgot to say No I did not knowingly install this I thought it might have been windows 7 software.

C:\Users\bob\AppData
Application Data folder

C:\Users\bob\AppData\Local\MetafileODBCRoot\MetafileODBCRoot.exe
Is this something you downloaded or was it preinstalled?
Open Database Connectivity (ODBC)

C:\Users\bob\AppData\Local\MetafileODBCRoot\JAVAKeyboardNative.exe
Is this something you downloaded or was it preinstalled?

**Juliet** · 2014-10-20, 14:50

C:\Users\bob\AppData\Local\MetafileODBCRoot\JAVAKeyboardNative.exe
The above, all I could find was related to a game?, perhaps Android?

When the computer was run up, I checked the* Proxy* settings, I was able to change the settings to Auto and it stayed that way, interesting as they are still grayed out. but hay at least it worked.
I have tried the normal things that causes the unwanted windows to open and as yet no unwanted windows!!!!.
So can I/we delete all the *Metafile ODBCRoot.EXE* entries or are they "needed".?

Let's keep our fingers crossed here......
The goal of ODBC is to make it possible to access any data from any application. Could be later on you'll have something not connecting but if it gives this type of problems I wouldn't want it.

Let's see if ComboFix can take it out.

Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Driver::
MetafileODBCRoot.exe
MetafileODBCRoot
File::
C:\Users\bob\AppData\Local\MetafileODBCRoot\JAVAKeyboardNative.exe
c:\users\bob\AppData\Local\MetafileODBCRoot\MetafileODBCRoot.exe
Folder::
c:\users\bob\AppData\Local\MetafileODBCRoot

Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

**Juliet** · 2014-10-20, 14:55

Forgot

Run Rogue Killer again
If these entries are there click Delete on the right hand column under Options

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MetafileODBCRoot.exe (C:\Users\bob\AppData\Local\MetafileODBCRoot\MetafileODBCRoot.exe) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MetafileODBCRoot.exe (C:\Users\bob\AppData\Local\MetafileODBCRoot\MetafileODBCRoot.exe) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MetafileODBCRoot.exe (C:\Users\bob\AppData\Local\MetafileODBCRoot\MetafileODBCRoot.exe) -> Found

**bobbym** · 2014-10-20, 19:08

hi

second attempt

there were no \MetafileODBCRoot.exe in the Rogue Killer file

ComboFix 14-10-15.01 - bob 10/20/2014 17:37:13.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4086.2748 [GMT 1:00]
Running from: c:\users\bob\Desktop\ComboFix.exe
Command switches used :: c:\users\bob\Desktop\CFScript.txt
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\bob\AppData\Local\MetafileODBCRoot\JAVAKeyboardNative.exe"
"c:\users\bob\AppData\Local\MetafileODBCRoot\MetafileODBCRoot.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\bob\AppData\Local\MetafileODBCRoot
c:\users\bob\AppData\Local\MetafileODBCRoot\desktop\JAVAKeyboardNative.exe-(PID-2816)-1445156\adwcleaner_4.000.exe-(PID-848).dmp_PROCESS_SUBMITTED
c:\users\bob\AppData\Local\MetafileODBCRoot\desktop\JAVAKeyboardNative.exe-(PID-2816)-1445156\JAVAKeyboardNative.exe-(PID-2816).dmp
c:\users\bob\AppData\Local\MetafileODBCRoot\desktop\JAVAKeyboardNative.exe-(PID-3316)-16994015\FRST64.exe-(PID-3668).dmp_PROCESS_SUBMITTED
c:\users\bob\AppData\Local\MetafileODBCRoot\desktop\JAVAKeyboardNative.exe-(PID-3316)-16994015\JAVAKeyboardNative.exe-(PID-3316).dmp
c:\users\bob\AppData\Local\MetafileODBCRoot\desktop\JAVAKeyboardNative.exe-(PID-3884)-1017218\AdwCleaner.exe-(PID-3376).dmp_PROCESS_SUBMITTED
c:\users\bob\AppData\Local\MetafileODBCRoot\desktop\JAVAKeyboardNative.exe-(PID-3884)-1017218\JAVAKeyboardNative.exe-(PID-3884).dmp
c:\users\bob\AppData\Local\MetafileODBCRoot\JAVAKeyboardNative.exe
c:\users\bob\AppData\Local\MetafileODBCRoot\MetafileODBCRoot.exe
c:\users\bob\AppData\Local\MetafileODBCRoot\msvcp100.dll
c:\users\bob\AppData\Local\MetafileODBCRoot\msvcr100.dll
c:\users\bob\AppData\Local\MetafileODBCRoot\QtCore4.dll
c:\users\bob\AppData\Local\MetafileODBCRoot\QtNetwork4.dll
c:\users\bob\AppData\Local\MetafileODBCRoot\service\MetafileODBCRoot.exe-(PID-1764)-16993734\FRST64.exe-(PID-3668).dmp
c:\users\bob\AppData\Local\MetafileODBCRoot\service\MetafileODBCRoot.exe-(PID-1764)-16993734\MetafileODBCRoot.exe-(PID-1764).dmp
c:\users\bob\AppData\Local\MetafileODBCRoot\SrDt.exe
c:\users\bob\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MetafileODBCRoot.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-09-20 to 2014-10-20 )))))))))))))))))))))))))))))))
.
.
2014-10-20 16:40 . 2014-10-20 16:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-19 19:19 . 2014-10-19 19:19 -------- d-----w- C:\SUPERDelete
2014-10-19 19:11 . 2014-10-19 19:11 -------- d-----w- c:\users\bob\AppData\Roaming\SUPERAntiSpyware.com
2014-10-19 19:11 . 2014-10-19 19:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-10-19 18:19 . 2014-10-19 18:23 -------- d-----w- c:\windows\system32\catroot2
2014-10-19 17:51 . 2014-10-19 18:15 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-10-19 13:14 . 2014-10-19 13:14 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-10-19 13:10 . 2014-10-19 13:24 -------- d-----w- c:\programdata\HitmanPro
2014-10-19 09:59 . 2014-10-19 10:14 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-10-18 12:35 . 2014-10-20 16:26 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-10-18 12:35 . 2014-10-18 12:35 -------- d-----w- c:\programdata\RogueKiller
2014-10-17 13:43 . 2014-10-17 13:43 -------- d-----w- c:\windows\ERUNT
2014-10-17 13:33 . 2014-10-17 13:36 -------- d-----w- C:\AdwCleaner
2014-10-17 13:10 . 2014-10-17 13:10 -------- d-----w- c:\windows\system32\appmgmt
2014-10-16 17:55 . 2014-09-19 01:26 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-10-16 17:54 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-16 17:54 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-16 17:36 . 2014-10-19 13:01 -------- d-----w- C:\FRST
2014-10-16 17:27 . 2014-10-16 17:27 -------- d-----w- C:\RegBackup
2014-10-15 09:13 . 2014-10-15 09:13 -------- d-----w- c:\program files\CCleaner
2014-10-14 17:08 . 2014-10-14 17:08 -------- d-----w- c:\users\bob\AppData\Local\CheckCode
2014-10-13 17:09 . 2014-10-13 17:09 -------- d-----w- c:\users\bob\AppData\Local\Deployment
2014-10-13 17:08 . 2014-10-19 19:28 -------- d-----w- c:\windows\SysWow64\Direct3dTextWin32
2014-10-13 09:54 . 2014-10-13 09:54 -------- d-----w- c:\users\bob\AppData\Local\com
2014-10-06 10:50 . 2014-10-06 10:50 -------- d-----w- c:\users\bob\AppData\Local\Apps
2014-10-01 21:04 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-10-01 21:04 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-28 16:30 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-28 16:30 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-19 09:59 . 2014-08-06 21:26 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-19 09:58 . 2014-08-06 21:25 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-16 17:56 . 2014-08-05 20:52 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-10-16 17:14 . 2014-08-12 16:45 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-10-16 17:14 . 2014-08-11 17:13 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-10-16 17:14 . 2014-08-11 17:13 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-09-10 16:51 . 2014-08-06 17:24 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 16:51 . 2014-08-06 17:24 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-23 02:07 . 2014-08-28 16:00 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 16:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-06 11:53 . 2014-08-06 11:53 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-08-06 11:53 . 2014-08-06 11:53 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-08-06 11:53 . 2014-08-06 11:53 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-08-06 11:53 . 2014-08-06 11:53 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-08-06 11:53 . 2014-08-06 11:53 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-08-06 11:53 . 2014-08-06 11:53 81408 ----a-w- c:\windows\system32\icardie.dll
2014-08-06 11:53 . 2014-08-06 11:53 774144 ----a-w- c:\windows\system32\jscript.dll
2014-08-06 11:53 . 2014-08-06 11:53 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-08-06 11:53 . 2014-08-06 11:53 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-08-06 11:53 . 2014-08-06 11:53 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-08-06 11:53 . 2014-08-06 11:53 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-08-06 11:53 . 2014-08-06 11:53 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-08-06 11:53 . 2014-08-06 11:53 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-08-06 11:53 . 2014-08-06 11:53 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-08-06 11:53 . 2014-08-06 11:53 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-08-06 11:53 . 2014-08-06 11:53 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-08-06 11:53 . 2014-08-06 11:53 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-08-06 11:53 . 2014-08-06 11:53 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-08-06 11:53 . 2014-08-06 11:53 413696 ----a-w- c:\windows\system32\html.iec
2014-08-06 11:53 . 2014-08-06 11:53 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-08-06 11:53 . 2014-08-06 11:53 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-08-06 11:53 . 2014-08-06 11:53 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-08-06 11:53 . 2014-08-06 11:53 247808 ----a-w- c:\windows\system32\msls31.dll
2014-08-06 11:53 . 2014-08-06 11:53 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-08-06 11:53 . 2014-08-06 11:53 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-08-06 11:53 . 2014-08-06 11:53 235520 ----a-w- c:\windows\system32\url.dll
2014-08-06 11:53 . 2014-08-06 11:53 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-08-06 11:53 . 2014-08-06 11:53 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-08-06 11:53 . 2014-08-06 11:53 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-08-06 11:53 . 2014-08-06 11:53 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-08-06 11:53 . 2014-08-06 11:53 147968 ----a-w- c:\windows\system32\occache.dll
2014-08-06 11:53 . 2014-08-06 11:53 143872 ----a-w- c:\windows\system32\wextract.exe
2014-08-06 11:53 . 2014-08-06 11:53 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-08-06 11:53 . 2014-08-06 11:53 13824 ----a-w- c:\windows\system32\mshta.exe
2014-08-06 11:53 . 2014-08-06 11:53 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-08-06 11:53 . 2014-08-06 11:53 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-08-06 11:53 . 2014-08-06 11:53 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-08-06 11:53 . 2014-08-06 11:53 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-08-06 11:53 . 2014-08-06 11:53 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-08-06 11:53 . 2014-08-06 11:53 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-08-06 11:53 . 2014-08-06 11:53 101376 ----a-w- c:\windows\system32\inseng.dll
2014-08-06 11:51 . 2014-08-06 11:51 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-08-06 11:51 . 2014-08-06 11:51 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-08-06 11:51 . 2014-08-06 11:51 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-08-06 11:51 . 2014-08-06 11:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-08-06 11:51 . 2014-08-06 11:51 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-08-06 11:51 . 2014-08-06 11:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-08-06 11:51 . 2014-08-06 11:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-08-06 11:51 . 2014-08-06 11:51 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2014-08-06 11:51 . 2014-08-06 11:51 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-08-06 11:51 . 2014-08-06 11:51 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-08-06 11:51 . 2014-08-06 11:51 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2014-08-06 11:51 . 2014-08-06 11:51 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-08-06 11:51 . 2014-08-06 11:51 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-08-06 11:51 . 2014-08-06 11:51 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-08-06 11:51 . 2014-08-06 11:51 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2014-08-06 11:51 . 2014-08-06 11:51 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-08-06 11:51 . 2014-08-06 11:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2014-08-06 11:51 . 2014-08-06 11:51 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2014-08-06 11:51 . 2014-08-06 11:51 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-08-06 11:51 . 2014-08-06 11:51 1238528 ----a-w- c:\windows\system32\d3d10.dll
2014-08-06 11:51 . 2014-08-06 11:51 1175552 ----a-w- c:\windows\system32\FntCache.dll
2014-08-06 11:51 . 2014-08-06 11:51 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2014-08-06 11:51 . 2014-08-06 11:51 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2014-08-06 11:51 . 2014-08-06 11:51 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-08-06 11:51 . 2014-08-06 11:51 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-08-06 10:36 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2014-08-06 10:36 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2014-08-01 11:53 . 2014-09-10 16:33 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-10 16:33 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-07-25 01:35 . 2014-07-25 01:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 22:47 . 2014-07-24 22:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-23 12:29 . 2014-08-11 17:13 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-07-23 09:52 . 2014-08-05 20:37 270496 ----a-w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="e:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-06-24 4566952]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-09-26 6482200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-10-16 703736]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-09-23 165168]
"SDTray"="e:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - e:\office\OSA9.EXE -b -l [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 SASKUTIL;SASKUTIL;h:\superantispyware\SASKUTIL64.SYS;h:\superantispyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;h:\superantispyware\SASCORE64.EXE;h:\superantispyware\SASCORE64.EXE [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;e:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;e:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;e:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;e:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;e:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;e:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-06 16:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\finki56m.default-1413643555328\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Completion time: 2014-10-20 17:44:22 - machine was rebooted
ComboFix-quarantined-files.txt 2014-10-20 16:44
ComboFix2.txt 2014-10-20 12:08
ComboFix3.txt 2014-10-17 22:08
.
Pre-Run: 2,539,266,048 bytes free
Post-Run: 2,304,655,360 bytes free
.
- - End Of File - - C195CD3A8DCD5DA41B54E81144EFAD16
A36C5E4F47E84449FF07ED3517B43A31

RogueKiller V10.0.2.0 [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : bob [Administrator]
Mode : Scan -- Date : 10/20/2014 17:56:46

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir...=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir...=ie&ar=msnhome -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir...=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir...=ie&ar=msnhome -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3320820AS ATA Device +++++
--- User ---
[MBR] 5c9708733e9b452cc48320213f13fd39
[BSP] 1e9ea23df4c4414dd7ff862a4a5d7113 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305242 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SanDisk SSD U100 32GB ATA Device +++++
--- User ---
[MBR] 7a5d0d242e4d9af2c9f0abf73bf47d7f
[BSP] 6a55d54d7b50f1f1c8a0c5c3ebd99098 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 30431 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: MAXTOR 4K060H3 ATA Device +++++
--- User ---
[MBR] c42bf55c8aa642f79c12ce36efc311de
[BSP] 757b538851286eecb987a35b30da53b8 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 26999 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 55296000 | Size: 30257 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_DEL_10182014_154241.log - RKreport_DEL_10182014_155320.log - RKreport_DEL_10182014_194914.log - RKreport_DEL_10182014_194947.log
RKreport_DEL_10182014_195013.log - RKreport_DEL_10202014_122325.log - RKreport_SCN_10182014_135103.log - RKreport_SCN_10182014_153708.log
RKreport_SCN_10182014_155304.log - RKreport_SCN_10182014_194825.log - RKreport_SCN_10202014_095634.log - RKreport_SCN_10202014_121900.log
RKreport_SCN_10202014_123611.log

**bobbym** · 2014-10-20, 19:28

Hi

looking good I can even see my emails again

**Juliet** · 2014-10-20, 21:53

Originally Posted by bobbym

Hi

looking good I can even see my emails again

wooohoooo!

there were no \MetafileODBCRoot.exe in the Rogue Killer file

ComboFix took them out.

what a journey!

Think we're ready to remove tools and quarantine folders?

**bobbym** · 2014-10-20, 21:55

ok
how do we do that

**Juliet** · 2014-10-20, 22:12

Thank you so much for being patient and your readiness to travel into the registry, sometimes malware is a bugger to resolve.

Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

Go to Start > Run > copy and paste the full text path in the run box

ComboFix /Uninstall

Note the space between the x and the /U, it needs to be there.

~~~~~~~~~~~~~~~~~~~~~~~~

Download Delfix from here
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Click Run
Purge system restore

Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.

~~~~~~~~~~~~~~~~~~~~~~~

Your good to go, good job!

Please take the time to read over a few of my preventive tips.

Computer Security
http://malwareremoval.com/forum/view...557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know

CryptoLocker Ransomware Information Guide and FAQ

to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

AdblockPlus

AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

Green should be good to go
Yellow for caution
Red to stop

~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseack...-disable-java/
and this article (http://www.nbcnews.com/technology/te...late-1B7938755

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to...r-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-un...m-the-browser/))

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
USAToday
infoworld

*********************************************
Please read the following safe computing articles..

Secure My Computer: A Layered Approach

Free Antivirus-AntiSpyware-Firewall Software

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

**bobbym** · 2014-10-20, 22:30

Hi

Thank you very much for all your help. I hope you have gained something from all this I have. I am sorry if I mucked up your weekend.

Thread: unwanted windows poping up

Thread Tools

Display

Posting Permissions