Over 1 million tech questions and answers.

win32/zperm Combofix Log

Q: win32/zperm Combofix Log

ComboFix 14-08-19.01 - repeat 08/20/2014  21:24:48.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32719.29329 [GMT -5:00]
Running from: c:\users\repeat\Downloads\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-21 to 2014-08-21  )))))))))))))))))))))))))))))))
.
.
2014-08-21 02:28 . 2014-08-21 02:28    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-18 03:37 . 2014-08-18 03:37    --------    d-----w-    c:\program files\Common Files\Lavasoft
2014-08-17 00:29 . 2014-08-17 00:29    --------    d-sh--w-    c:\users\repeat\AppData\Local\EmieUserList
2014-08-17 00:29 . 2014-08-17 00:29    --------    d-sh--w-    c:\users\repeat\AppData\Local\EmieSiteList
2014-08-16 23:55 . 2014-08-16 23:55    --------    d-----w-    c:\windows\system32\appmgmt
2014-08-16 23:55 . 2014-08-16 23:55    --------    d-----w-    c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-16 23:30 . 2014-08-16 23:30    --------    d-----w-    c:\windows\ERUNT
2014-08-16 23:28 . 2010-08-30 13:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-08-16 23:15 . 2014-08-16 23:15    --------    d-----w-    c:\program files\Enigma Software Group
2014-08-16 22:45 . 2014-08-18 03:38    --------    d-----w-    c:\users\repeat\AppData\Roaming\Lavasoft
2014-08-16 22:41 . 2014-08-16 22:41    --------    d-----w-    c:\program files\Lavasoft
2014-08-16 22:40 . 2014-08-16 22:40    --------    d-----w-    c:\programdata\Lavasoft
2014-08-16 14:35 . 2014-08-16 14:35    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-08-16 14:35 . 2014-08-16 14:35    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-16 00:38 . 2014-06-30 22:24    8856    ----a-w-    c:\windows\system32\icardres.dll
2014-08-16 00:38 . 2014-06-30 22:14    8856    ----a-w-    c:\windows\SysWow64\icardres.dll
2014-08-16 00:38 . 2014-03-09 21:48    171160    ----a-w-    c:\windows\system32\infocardapi.dll
2014-08-16 00:38 . 2014-03-09 21:48    1389208    ----a-w-    c:\windows\system32\icardagt.exe
2014-08-16 00:38 . 2014-03-09 21:47    99480    ----a-w-    c:\windows\SysWow64\infocardapi.dll
2014-08-16 00:38 . 2014-03-09 21:47    619672    ----a-w-    c:\windows\SysWow64\icardagt.exe
2014-08-16 00:38 . 2014-06-06 06:16    35480    ----a-w-    c:\windows\SysWow64\TsWpfWrp.exe
2014-08-16 00:38 . 2014-06-06 06:12    35480    ----a-w-    c:\windows\system32\TsWpfWrp.exe
2014-08-15 23:45 . 2014-07-16 03:23    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-08-15 23:45 . 2014-07-16 02:46    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-08-15 23:43 . 2014-08-07 02:06    529920    ----a-w-    c:\windows\system32\aepdu.dll
2014-08-15 23:43 . 2014-08-07 02:01    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-08-15 23:43 . 2014-07-14 02:02    1216000    ----a-w-    c:\windows\system32\rpcrt4.dll
2014-08-15 23:43 . 2014-07-14 01:40    664064    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2014-08-10 01:54 . 2014-08-10 01:55    --------    d-----w-    c:\users\repeat\AppData\Local\Take On Helicopters
2014-08-08 21:00 . 2014-08-21 02:28    --------    d-----w-    c:\users\repeat\AppData\Local\LogMeIn Hamachi
2014-08-08 21:00 . 2014-08-08 21:00    --------    d-----w-    c:\users\repeat\AppData\Local\LogMeIn
2014-08-08 21:00 . 2014-08-08 21:00    --------    d-----w-    c:\programdata\LogMeIn
2014-08-08 21:00 . 2014-08-08 21:00    --------    d-----w-    c:\program files (x86)\LogMeIn Hamachi
2014-08-04 15:48 . 2014-08-04 15:48    --------    d-----w-    c:\users\repeat\AppData\Local\Slopey.com
2014-08-04 15:48 . 2014-08-10 20:21    --------    d-----w-    c:\program files (x86)\Slopey's ED BPC
2014-08-03 23:37 . 2014-08-16 22:46    --------    d-----w-    c:\programdata\Tunngle
2014-08-03 23:37 . 2014-08-09 06:43    --------    d-----w-    c:\users\repeat\AppData\Roaming\Tunngle
2014-08-03 23:37 . 2014-08-03 23:37    --------    d-----w-    c:\program files (x86)\Tunngle
2014-08-03 23:37 . 2009-09-16 12:02    31232    ----a-w-    c:\windows\system32\drivers\tap0901t.sys
2014-08-02 18:39 . 2014-08-02 18:39    --------    d-----w-    c:\users\repeat\AppData\Roaming\Frontier Developments
2014-08-02 18:39 . 2014-08-02 18:39    --------    d-----w-    c:\users\repeat\AppData\Local\Frontier Developments
2014-08-02 18:23 . 2014-08-02 18:23    --------    d-----w-    c:\users\repeat\AppData\Local\Frontier_Developments
2014-08-02 18:21 . 2014-08-02 18:21    --------    d-----w-    c:\program files (x86)\Frontier
2014-08-01 16:25 . 2014-08-01 16:25    --------    d-----w-    c:\users\repeat\AppData\Local\Robot Entertainment
2014-07-31 00:27 . 2014-07-02 17:44    609240    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2014-07-31 00:18 . 2014-05-14 16:23    44512    ----a-w-    c:\windows\system32\wups2.dll
2014-07-26 06:59 . 2014-07-26 06:59    --------    d-----w-    c:\users\repeat\AppData\Local\Chromium
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-16 00:39 . 2014-03-29 22:55    99218768    ----a-w-    c:\windows\system32\MRT.exe
2014-07-25 13:50 . 2014-06-05 01:19    1291280    ----a-w-    c:\windows\SysWow64\nvspbridge.dll
2014-07-25 13:50 . 2014-03-30 04:21    1126480    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2014-07-25 13:50 . 2014-06-05 01:19    1715224    ----a-w-    c:\windows\system32\nvspbridge64.dll
2014-07-25 13:50 . 2014-03-30 04:21    1283136    ----a-w-    c:\windows\system32\nvspcap64.dll
2014-07-08 21:04 . 2014-03-30 05:05    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 21:04 . 2014-03-30 05:05    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-07 03:32 . 2014-03-31 00:37    50464    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2014-07-02 20:48 . 2014-03-30 04:21    75040    ----a-w-    c:\windows\system32\OpenCL.dll
2014-07-02 20:48 . 2014-03-30 04:21    61912    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2014-07-02 20:48 . 2014-03-30 04:21    965312    ----a-w-    c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2014-03-30 04:21    3196816    ----a-w-    c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2014-03-30 04:21    2814656    ----a-w-    c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2014-03-30 04:21    17555104    ----a-w-    c:\windows\system32\nvd3dumx.dll
2014-07-02 20:48 . 2014-03-30 04:21    14498552    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2014-07-02 20:48 . 2014-03-29 17:46    18626304    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2014-07-02 18:55 . 2014-03-30 04:21    6783776    ----a-w-    c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2014-03-30 04:21    3522392    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2014-03-30 04:21    935368    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2014-03-30 04:21    62808    ----a-w-    c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2014-03-30 04:21    386520    ----a-w-    c:\windows\system32\nvmctray.dll
2014-07-02 10:14 . 2014-03-30 04:21    3826628    ----a-w-    c:\windows\system32\nvcoproc.bin
2014-06-30 17:43 . 2014-06-30 17:43    152344    ----a-w-    c:\windows\system32\drivers\avgdiska.sys
2014-06-18 02:18 . 2014-07-08 23:06    692736    ----a-w-    c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-08 23:06    646144    ----a-w-    c:\windows\SysWow64\osk.exe
2014-06-18 01:10 . 2014-07-08 23:06    3157504    ----a-w-    c:\windows\system32\win32k.sys
2014-06-17 21:21 . 2014-06-17 21:21    235800    ----a-w-    c:\windows\system32\drivers\avgldx64.sys
2014-06-17 21:07 . 2014-06-17 21:07    328984    ----a-w-    c:\windows\system32\drivers\avgloga.sys
2014-06-17 21:06 . 2014-06-17 21:06    269080    ----a-w-    c:\windows\system32\drivers\avgtdia.sys
2014-06-17 21:06 . 2014-06-17 21:06    190744    ----a-w-    c:\windows\system32\drivers\avgidsha.sys
2014-06-17 21:06 . 2014-06-17 21:06    242968    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-17 21:06 . 2014-06-17 21:06    123672    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
2014-06-17 21:06 . 2014-06-17 21:06    31512    ----a-w-    c:\windows\system32\drivers\avgrkx64.sys
2014-06-06 10:10 . 2014-07-08 23:06    624128    ----a-w-    c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-08 23:06    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-08 23:06    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-08 23:06    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-08 23:06    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-08 23:06    210944    ----a-w-    c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-08 23:06    86528    ----a-w-    c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-08 23:06    340992    ----a-w-    c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-08 23:06    314880    ----a-w-    c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-08 23:06    307200    ----a-w-    c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-08 23:06    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-08 23:06    22016    ----a-w-    c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-08 23:06    172032    ----a-w-    c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-08 23:06    65536    ----a-w-    c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-08 23:06    247808    ----a-w-    c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-08 23:06    220160    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-08 23:06    259584    ----a-w-    c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-08 23:06    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-08 23:06    17408    ----a-w-    c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-08 23:06    497152    ----a-w-    c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-07-01 292848]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Sound Blaster Recon3Di SBX Control Panel"="c:\program files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe" [2012-11-28 976896]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-08-11 5187088]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-27 152392]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-07-21 3816784]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 vToolbarUpdater3.1.0;vToolbarUpdater3.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [x]
R3 ATHDFU;Qualcomm Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 cpuz137;cpuz137;c:\windows\TEMP\cpuz137\cpuz137_x64.sys;c:\windows\TEMP\cpuz137\cpuz137_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
R3 GPUZ;GPUZ;c:\windows\TEMP\GPUZ.sys;c:\windows\TEMP\GPUZ.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 iumsvc;Intel® Update Manager;c:\program files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 CtHdaSvc;SB Recon3D Service;c:\windows\sysWow64\CtHdaSvc.exe;c:\windows\sysWow64\CtHdaSvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 cthda;SB Recon3D HDAudio;c:\windows\system32\drivers\cthda.sys;c:\windows\SYSNATIVE\drivers\cthda.sys [x]
S3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 e1rexpress;Intel® PCI Express Network Connection Driver R;c:\windows\system32\DRIVERS\e1r62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1r62x64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio_x64.sys;c:\windows\SYSNATIVE\Drivers\npusbio_x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-16 00:16    1104200    ----a-w-    c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-30 21:04]
.
2014-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-23 03:02]
.
2014-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-23 03:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [BU]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
"BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-11-01 766080]
"BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-11-01 127616]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe" [2014-06-03 7715160]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\repeat\AppData\Roaming\Mozilla\Firefox\Profiles\kc9p8tu2.default\
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - (no file)
AddRemove-Take On Hinds - c:\program files (x86)\Steam\steamapps\common\Take On HelicoptersHinds\DataCacheRemoval.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-20  21:28:49
ComboFix-quarantined-files.txt  2014-08-21 02:28
ComboFix2.txt  2014-08-16 23:41
.
Pre-Run: 55,879,815,168 bytes free
Post-Run: 55,852,937,216 bytes free
.
- - End Of File - - FCB733964DE9A38295BE61EF3A1DA436
A36C5E4F47E84449FF07ED3517B43A31
 

RELEVANCY SCORE 200
Preferred Solution: win32/zperm Combofix Log

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: win32/zperm Combofix Log

ComboFix 14-08-15.01 - repeat 08/16/2014  18:36:07.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32719.29682 [GMT -5:00]
Running from: c:\users\repeat\Downloads\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmp5AEB.tmp
c:\windows\SysWow64\tmp5BD6.tmp
E:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-16 to 2014-08-16  )))))))))))))))))))))))))))))))
.
.
2014-08-16 23:39 . 2014-08-16 23:39    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-16 23:30 . 2014-08-16 23:30    --------    d-----w-    c:\windows\ERUNT
2014-08-16 23:28 . 2010-08-30 13:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-08-16 23:15 . 2014-08-16 23:15    110080    ----a-r-    c:\users\repeat\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconF7A21AF7.exe
2014-08-16 23:15 . 2014-08-16 23:15    110080    ----a-r-    c:\users\repeat\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconD7F16134.exe
2014-08-16 23:15 . 2014-08-16 23:15    110080    ----a-r-    c:\users\repeat\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\Icon1226A4C5.exe
2014-08-16 23:15 . 2014-08-16 23:15    --------    d-----w-    C:\sh4ldr
2014-08-16 23:15 . 2014-08-16 23:15    --------    d-----w-    c:\program files\Enigma Software Group
2014-08-16 22:45 . 2014-08-16 22:45    --------    d-----w-    c:\users\repeat\AppData\Roaming\Lavasoft
2014-08-16 22:41 . 2014-08-16 22:41    --------    d-----w-    c:\program files\Lavasoft
2014-08-16 22:40 . 2014-08-16 22:40    --------    d-----w-    c:\program files\Common Files\Lavasoft
2014-08-16 22:40 . 2014-08-16 22:40    --------    d-----w-    c:\programdata\Lavasoft
2014-08-16 14:35 . 2014-08-16 14:35    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-08-16 14:35 . 2014-08-16 14:35    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-16 00:38 . 2014-06-30 22:24    8856    ----a-w-    c:\windows\system32\icardres.dll
2014-08-16 00:38 . 2014-06-30 22:14    8856    ----a-w-    c:\windows\SysWow64\icardres.dll
2014-08-16 00:38 . 2014-03-09 21:48    171160    ----a-w-    c:\windows\system32\infocardapi.dll
2014-08-16 00:38 . 2014-03-09 21:48    1389208    ----a-w-    c:\windows\system32\icardagt.exe
2014-08-16 00:38 . 2014-03-09 21:47    99480    ----a-w-    c:\windows\SysWow64\infocardapi.dll
2014-08-16 00:38 . 2014-03-09 21:47    619672    ----a-w-    c:\windows\SysWow64\icardagt.exe
2014-08-16 00:38 . 2014-06-06 06:16    35480    ----a-w-    c:\windows\SysWow64\TsWpfWrp.exe
2014-08-16 00:38 . 2014-06-06 06:12    35480    ----a-w-    c:\windows\system32\TsWpfWrp.exe
2014-08-15 23:45 . 2014-07-16 03:23    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-08-15 23:45 . 2014-07-16 02:46    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-08-15 23:43 . 2014-08-07 02:06    529920    ----a-w-    c:\windows\system32\aepdu.dll
2014-08-15 23:43 . 2014-08-07 02:01    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-08-15 23:43 . 2014-07-14 02:02    1216000    ----a-w-    c:\windows\system32\rpcrt4.dll
2014-08-15 23:43 . 2014-07-14 01:40    664064    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2014-08-10 01:54 . 2014-08-10 01:55    --------    d-----w-    c:\users\repeat\AppData\Local\Take On Helicopters
2014-08-08 21:00 . 2014-08-16 23:32    --------    d-----w-    c:\users\repeat\AppData\Local\LogMeIn Hamachi
2014-08-08 21:00 . 2014-08-08 21:00    --------    d-----w-    c:\users\repeat\AppData\Local\LogMeIn
2014-08-08 21:00 . 2014-08-08 21:00    --------    d-----w-    c:\programdata\LogMeIn
2014-08-08 21:00 . 2014-08-08 21:00    --------    d-----w-    c:\program files (x86)\LogMeIn Hamachi
2014-08-04 15:48 . 2014-08-04 15:48    --------    d-----w-    c:\users\repeat\AppData\Local\Slopey.com
2014-08-04 15:48 . 2014-08-10 20:21    --------    d-----w-    c:\program files (x86)\Slopey's ED BPC
2014-08-03 23:37 . 2014-08-16 22:46    --------    d-----w-    c:\programdata\Tunngle
2014-08-03 23:37 . 2014-08-09 06:43    --------    d-----w-    c:\users\repeat\AppData\Roaming\Tunngle
2014-08-03 23:37 . 2014-08-03 23:37    --------    d-----w-    c:\program files (x86)\Tunngle
2014-08-03 23:37 . 2009-09-16 12:02    31232    ----a-w-    c:\windows\system32\drivers\tap0901t.sys
2014-08-02 18:39 . 2014-08-02 18:39    --------    d-----w-    c:\users\repeat\AppData\Roaming\Frontier Developments
2014-08-02 18:39 . 2014-08-02 18:39    --------    d-----w-    c:\users\repeat\AppData\Local\Frontier Developments
2014-08-02 18:23 . 2014-08-02 18:23    --------    d-----w-    c:\users\repeat\AppData\Local\Frontier_Developments
2014-08-02 18:21 . 2014-08-02 18:21    --------    d-----w-    c:\program files (x86)\Frontier
2014-08-01 16:25 . 2014-08-01 16:25    --------    d-----w-    c:\users\repeat\AppData\Local\Robot Entertainment
2014-07-31 00:27 . 2014-07-02 17:44    609240    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2014-07-31 00:18 . 2014-05-14 16:23    44512    ----a-w-    c:\windows\system32\wups2.dll
2014-07-26 06:59 . 2014-07-26 06:59    --------    d-----w-    c:\users\repeat\AppData\Local\Chromium
2014-07-19 02:55 . 2014-07-19 02:55    --------    d-----w-    c:\users\repeat\AppData\Roaming\HeroesAndGeneralsDesktop
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-16 00:39 . 2014-03-29 22:55    99218768    ----a-w-    c:\windows\system32\MRT.exe
2014-07-25 13:50 . 2014-06-05 01:19    1291280    ----a-w-    c:\windows\SysWow64\nvspbridge.dll
2014-07-25 13:50 . 2014-03-30 04:21    1126480    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2014-07-25 13:50 . 2014-06-05 01:19    1715224    ----a-w-    c:\windows\system32\nvspbridge64.dll
2014-07-25 13:50 . 2014-03-30 04:21    1283136    ----a-w-    c:\windows\system32\nvspcap64.dll
2014-07-08 21:04 . 2014-03-30 05:05    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 21:04 . 2014-03-30 05:05    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-07 03:32 . 2014-03-31 00:37    50464    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2014-07-02 20:48 . 2014-03-30 04:21    75040    ----a-w-    c:\windows\system32\OpenCL.dll
2014-07-02 20:48 . 2014-03-30 04:21    61912    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2014-07-02 20:48 . 2014-03-30 04:21    965312    ----a-w-    c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2014-03-30 04:21    3196816    ----a-w-    c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2014-03-30 04:21    2814656    ----a-w-    c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2014-03-30 04:21    17555104    ----a-w-    c:\windows\system32\nvd3dumx.dll
2014-07-02 20:48 . 2014-03-30 04:21    14498552    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2014-07-02 20:48 . 2014-03-29 17:46    18626304    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2014-07-02 18:55 . 2014-03-30 04:21    6783776    ----a-w-    c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2014-03-30 04:21    3522392    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2014-03-30 04:21    935368    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2014-03-30 04:21    62808    ----a-w-    c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2014-03-30 04:21    386520    ----a-w-    c:\windows\system32\nvmctray.dll
2014-07-02 10:14 . 2014-03-30 04:21    3826628    ----a-w-    c:\windows\system32\nvcoproc.bin
2014-06-30 17:43 . 2014-06-30 17:43    152344    ----a-w-    c:\windows\system32\drivers\avgdiska.sys
2014-06-18 02:18 . 2014-07-08 23:06    692736    ----a-w-    c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-08 23:06    646144    ----a-w-    c:\windows\SysWow64\osk.exe
2014-06-18 01:10 . 2014-07-08 23:06    3157504    ----a-w-    c:\windows\system32\win32k.sys
2014-06-17 21:21 . 2014-06-17 21:21    235800    ----a-w-    c:\windows\system32\drivers\avgldx64.sys
2014-06-17 21:07 . 2014-06-17 21:07    328984    ----a-w-    c:\windows\system32\drivers\avgloga.sys
2014-06-17 21:06 . 2014-06-17 21:06    269080    ----a-w-    c:\windows\system32\drivers\avgtdia.sys
2014-06-17 21:06 . 2014-06-17 21:06    190744    ----a-w-    c:\windows\system32\drivers\avgidsha.sys
2014-06-17 21:06 . 2014-06-17 21:06    242968    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-17 21:06 . 2014-06-17 21:06    123672    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
2014-06-17 21:06 . 2014-06-17 21:06    31512    ----a-w-    c:\windows\system32\drivers\avgrkx64.sys
2014-06-06 10:10 . 2014-07-08 23:06    624128    ----a-w-    c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-08 23:06    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-08 23:06    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-08 23:06    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-08 23:06    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-08 23:06    210944    ----a-w-    c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-08 23:06    86528    ----a-w-    c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-08 23:06    340992    ----a-w-    c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-08 23:06    314880    ----a-w-    c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-08 23:06    307200    ----a-w-    c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-08 23:06    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-08 23:06    22016    ----a-w-    c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-08 23:06    172032    ----a-w-    c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-08 23:06    65536    ----a-w-    c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-08 23:06    247808    ----a-w-    c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-08 23:06    220160    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-08 23:06    259584    ----a-w-    c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-08 23:06    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-08 23:06    17408    ----a-w-    c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-08 23:06    497152    ----a-w-    c:\windows\system32\drivers\afd.sys
2014-05-20 02:44 . 2014-05-27 23:11    1889112    ----a-w-    c:\windows\system32\nvdispco6433788.dll
2014-05-20 02:44 . 2014-05-27 23:11    1541576    ----a-w-    c:\windows\system32\nvdispgenco6433788.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-07-01 292848]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Sound Blaster Recon3Di SBX Control Panel"="c:\program files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe" [2012-11-28 976896]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-08-11 5187088]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-27 152392]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-07-21 3816784]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 vToolbarUpdater3.1.0;vToolbarUpdater3.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [x]
R3 ATHDFU;Qualcomm Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 cpuz137;cpuz137;c:\windows\TEMP\cpuz137\cpuz137_x64.sys;c:\windows\TEMP\cpuz137\cpuz137_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
R3 GPUZ;GPUZ;c:\windows\TEMP\GPUZ.sys;c:\windows\TEMP\GPUZ.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 iumsvc;Intel® Update Manager;c:\program files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 CtHdaSvc;SB Recon3D Service;c:\windows\sysWow64\CtHdaSvc.exe;c:\windows\sysWow64\CtHdaSvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 cthda;SB Recon3D HDAudio;c:\windows\system32\drivers\cthda.sys;c:\windows\SYSNATIVE\drivers\cthda.sys [x]
S3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 e1rexpress;Intel® PCI Express Network Connection Driver R;c:\windows\system32\DRIVERS\e1r62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1r62x64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio_x64.sys;c:\windows\SYSNATIVE\Drivers\npusbio_x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-16 00:16    1104200    ----a-w-    c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-30 21:04]
.
2014-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-23 03:02]
.
2014-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-23 03:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
"BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-11-01 766080]
"BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-11-01 127616]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe" [2014-06-03 7715160]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\repeat\AppData\Roaming\Mozilla\Firefox\Profiles\kc9p8tu2.default\
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - (no file)
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_0214c - c:\users\repeat\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-Take On Hinds - c:\program files (x86)\Steam\steamapps\common\Take On HelicoptersHinds\DataCacheRemoval.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-16  18:41:03
ComboFix-quarantined-files.txt  2014-08-16 23:41
.
Pre-Run: 41,463,672,832 bytes free
Post-Run: 42,727,227,392 bytes free
.
- - End Of File - - 177777640FFCB5CB4B683CC9520E4D0C
A36C5E4F47E84449FF07ED3517B43A31
 

Read other 12 answers
RELEVANCY SCORE 69.2

Hello!
 
I have had an internet connectivity problem for about a week now. First off, my internet connection randomly disconnects, goes silent for 5-10 seconds every few minutes, and then reconnects. Secondly, and I don't know if this is related, but I have two active connections now, which I never noticed before. My first connection is to my wireless router, and other than the aforementioned problems it behaves normally. My second connection is to Network 3, which I don't remember ever having and cannot control; it acts kind of like a hard line connection from a router in that I can't turn it off, but has no network access and serves no known purpose - I have no wired connection.
 
I ran AVG free, which detected win32/zperm, quaranteened it and removed it. I ran it again and it found it again. I then ran Ad-Aware which found and removed it several more times. Then I ran AdwCleaner, Junkware Removal Tool and finally ComboFix. The problem seemed to go away for about two days, then the internet connectivity issues returned, and now AVG nor Adaware can seem to find win32/zperm, but the problem persists.

A:win32/zperm

Hello having run ComboFix on your own we will need to see that log to determine what it removed. Please repost here ....Virus, Trojan, Spyware, and Malware Removal Logs. Include your above info and the CF log.

Read other 5 answers
RELEVANCY SCORE 68.4

Hello everyone. Recently AVG quarantined a file called Win32\Zperm. Should i be worried about this? Also, i noticed that when i watch a video online, it's not uncommon for the video to freeze. I than have to close the program and restart internet explorer to get it to work. I orginally started another thread with a Rkill log and was kindly directed, to the proper procedure of starting a thread.

This is the original post: http://www.bleepingcomputer.com/forums/topic480398.html/page__pid__2937102#entry2937102

Here is the DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16448
Run by Elan at 21:23:28 on 2013-01-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3999.1711 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestric... Read more

A:AVG quarantined Win32\Zperm

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 16 answers
RELEVANCY SCORE 68.4

Hi,
I ve been wrestling with the removal of the win32/Zperm virus and came across the posting from Gabrielrock nov12 2013 that seems to be a similar problem to mine. see http://www.bleepingcomputer.com/forum/t/513821/infected-with-win32/zperm
As with above, Ad-Aware detects the win32/Zperm virus and appears to deal with it only for it to re-instates itself in a windows/temp/file. Please advise how I can get rid of it.
I am operating on windows Vista and being relatively PC niave would appreciate guidance.
Many Thanks
 

A:Infected with win32/Zperm

Hello DaidaftI'm Seedy21 and I will be helping you with your issues.Please note the following information about the malware forum:From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by mePlease do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactiveIf you are using Cracked or Illegal software your thread will be closedLastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.Note:There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.If you are unsure what you're system bit type is..... click Here for help.For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.Double-click the downloaded icon to run the tool.When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it also makes another log (Addition.txt).... Read more

Read other 21 answers
RELEVANCY SCORE 68.4

I have a pretty similar problem like another user, but decided to post here, because I am not sure if the same fix applies to me (his thread was: http://www.bleepingcomputer.com/forums/t/480470/avg-quarantined-win32zperm/)
 
My problem is same or similar. I have an AVG and ad-aware. Whenever I scan with AVG alone (even in safe mode), it doesn't  find anything, but whenever I scan with ad-aware, my AVG finds win32/zperm, detects it as a virus and quarantines it. However, each time I scan, each time I find it there, so it keeps on being there. The file, which gets quarantined is in C:\Windows\Temp\(folder with many numbers, which every time are different)\(folder tmp with more numbers)\(tmp with more numbers). 
 
I am not sure if it's a false positive or not, but I'd rather hear the opinion of professionals. Another thing is that my videos online also freeze from time to time. Maybe this might be the cause... Issue started just a few days ago.
 
 
My DDS log:
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by home-pc at 17:51:08 on 2013-11-12
Microsoft Windows 7 Ultimate   6.1.7601.1.1257.370.1033.18.16259.14133 [GMT 0:00]
.
AV: AVG AntiVirus 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D56... Read more

A:Infected with Win32/Zperm

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifica... Read more

Read other 10 answers
RELEVANCY SCORE 67.6

My AVG anti virus has been periodically flagging with a 'threat' called win32/zperm. It appears to be in C:\Windows\temp\ I always click remove it and it says its successful but periodically it returns.

I also have the issue of various popups while browsing the internet in Firefox (Its the only browser I use). Anything from this computer has been locked due to suspicious activity call this number to reactivate to various random popups.

Before coming here I've tried updating + running in safe mode AVG Anti Virus. Malware bytes, Spybot S&D and Adaware. They either don't find a threat or one of them find 'tracking cookies' which it removes but doesn't fix the problem.



I ran DDS and attached the two required text files. I've moved since I purchased this computers so I'm not entirely sure where my Window's disk is. I'm on Windows 10 Home 64bit if it matters. Any help would be appreciated, thanks.

Read other answers
RELEVANCY SCORE 67.6

My AVG anti virus has been periodically flagging with a 'threat' called win32/zperm. It appears to be in C:\Windows\temp\ I always click remove it and it says its successful but periodically it returns.

I also have the issue of various popups while browsing the internet in Firefox (Its the only browser I use). Anything from this computer has been locked due to suspicious activity call this number to reactivate to various random popups.

Before coming here I've tried updating + running in safe mode AVG Anti Virus. Malware bytes, Spybot S&D and Adaware. They either don't find a threat or one of them find 'tracking cookies' which it removes but doesn't fix the problem.


I ran DDS and attached the two required text files. I've moved since I purchased this computers so I'm not entirely sure where my Window's disk is. I'm on Windows 10 Home 64bit if it matters. Any help would be appreciated, thanks.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0 BrowserJavaVersion: 11.91.2
Run by Nicholas at 12:28:54 on 2016-12-22
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.8102.2929 [GMT -6:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Spybot - Search and Destroy *Enabled/Outdated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG ... Read more

A:Win32/Zperm virus & popups.

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.Run AdwCleaner and select Scan
Once the Scan is done, select Clean
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------

Read other 11 answers
RELEVANCY SCORE 66.8

Hello,
 
I have both AVG and Ad-Aware installed (Ad-Aware is in compatibility mode so the real-time protection is off). AVG resident shield keeps reporting that Win32/Zperm has been found in the temp folder and this is due to the Ad-Aware Service. I choose the action to remove it, which it says is successful but then it reports the same thing again a little while later. An actual scan by AVG does not find anything, neither does a scan by Ad-Aware.
 
AVG resident shield report: Virus found Win32/Zperm, c:\Windows\Temp\... (actual folder and file changes every time)
 
The process name: C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
 
I have also tried scanning with Malwarebytes Anti-Malware and that too doesn't give any postives. Could you help me remove it please or is it a compatabilty issue between AVG and Ad-Aware?
 
Thanks
 
My DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520  BrowserJavaVersion: 10.45.2
Run by Paulette at 13:17:06 on 2013-11-22
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2038.701 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Enabled/... Read more

A:AVG keeps finding Win32/Zperm in temp folder

Actually, I forgot that Malwarebytes did find some PUPs which I deleted but ir didn't seem to have any affect.
 
Here is the log:
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org
Database version: v2013.11.20.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Paulette :: PAULETTE-PC [administrator]
Protection: Enabled
20/11/2013 10:50:45
mbam-log-2013-11-20 (10-50-45).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201716
Time elapsed: 13 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\Users\Paulette\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Paulette\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
Files Detected: 9
C:\ProgramData\YouTube Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\ProgramData\YTD Video Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Paulette\Local Settings\Tempo... Read more

Read other 22 answers
RELEVANCY SCORE 66.8

A few weeks ago you aided me in cleaning an infection off my computer and I thought it was clean.  However, the last week strange things have been happening.  Here is the original thread http://www.bleepingcomputer.com/forums/t/508728/dds-and-combofix-logs-as-requested/?hl=requested#entry3174075
 
I am running Windows XP Pro SP3, AVG internet security, Ad-Aware antivirus in compatibility mode and from time to time I run I-obit antivirus and Mal-warebytes free version.
 
Within the last week,

1.  I several times got a boot disk not found error while booting.  I thought it was the hard drive going bad but after a couple of days it was fine.
 
2.  AVG has several times detected and quarentined Win32/Zperm.  It seems to come back.
 
The last full system virus scans with I-Obit picked up a few things, I think Trojans, most of which I think are false positive, in old data files in an external backup.   These files have not been accessed for years except for copying them from one place to another.
 
3 This morning WinPatrol informed me that a number of things had been removed from my startup.  These included WinPatrol, AVG Toolbar, RTHDCPL.exe, Ad-Aware AV (set in compatiblity mode), spybot search and destroy's tea timer and maybe some more that I can't remember.
 
The programs were still in my system tray but I am reinstalling them just in case now.
 
Any help would be appreciated.
Thank you in advance... Read more

A:Strange disk behavior and Win32\Zperm

Hi -
Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.Note: If a security program requests permission to access the Internet, allow it to do so.
 
 
Download MiniToolBox, Save it to your desktop and run it.
Checkmark the following boxes:
•Flush DNS
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 Click Go and copy / paste the result (Result.txt).
 
 
Please download Malwarebytes Anti-Malware Free (a.k.a. MBAM) and save it to your desktop.NOTE : Do not accept the Free Trial Version at this time
* Follow these instructions for doing a Quick Scan in Normal Mode.
* Check for database Updates through the program's interface before scanning.
* Click on Scanner > Place a dot in Perform Quick Scan > Click Scan
* After completing the scan, a log report will open in Notepad.
* The log is automatically saved and can be viewed by clicking the Logs tab .
* Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
* Exit Malwarebytes when done.
* Note: If Malwarebytes encounters a file that is difficult to remove, y... Read more

Read other 11 answers
RELEVANCY SCORE 47.6

i keep getting a virus called zperm. i ran AVG and ad-aware. here is a copy of hijackthis. do i need to do anything else?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:41 PM, on 2/7/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\svchost.ex... Read more

A:zperm virus

Read other 6 answers
RELEVANCY SCORE 45.6

Dear Techguys,

I've had the most frightening 3 days with the trojan win32.sirefef.o that had hijacked nearly everything related to security and internet on my computer.

While reading posts in the forum, I found a few almost exactly similar problems and decided to take the risk of running TDSSKiller and Combofix, as was suggested in those posts, because I was already mentally prepared for getting my hard disc formatted.

The TDSSKiller did show two high-risk threats but was eventually unable to deal with them. Then as a last resort, I downloaded and ran Combofix. It took a long while but I think it has worked - earlier, the windows defender was constantly showing me the presence of the trojan whenever I ran a quick scan. But now it is giving me the message that my computer is running properly. My internet connection was lost and I had to take technical help to reset it. The endless series of admirablesearchsystem.com, marveloussearchsystem.com, spelndidsearchsystem.com...has also vanished from the browser.

I need your help in knowing how to interpret the Combofix log. Could you please help me with this? I only need to know if I can safely assume that my computer is totally clean now. Is it safe for me to access my email from this machine? Can there still be a danger of identity theft or theft of confidential data? I'd be really grateful for the information. Here is the Combofix log:

******************************************************************************

C... Read more

Read other answers
RELEVANCY SCORE 45.6

I cant download combofix.
C:\Users\----\Downloads\ComboFix.exe could not be saved, because you cannot change the contents of that folder.

Change the folder properties and try again, or try saving in a different location.

I think that AVG fix something and by doing that prevents me to download combofix.

also im always getting this win32/cryp problem. combofix fix it and then comes back.
Help
thank you

A:combofix and win32/cryp

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

Read other 2 answers
RELEVANCY SCORE 45.6

received "win32/bredolad.aa" warning and it got on my computer.It infected my blog and Hostgator told me to run comboFix.I cannot get DDS to run, though because of conflict with Auto CAD script file extensionHere is the log:ComboFix 10-06-07.04 - Administrator 06/08/2010 9:53.1.4 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2894 [GMT -7:00]Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exeAV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Administrator\Application Data\avdrn.datc:\documents and settings\Administrator\g2mdlhlpx.exec:\documents and settings\Administrator\Local Settings\Application Data\{CD7B47E5-7E47-450C-BAA9-E9F1609A2D7F}c:\documents and settings\Administrator\Local Settings\Application Data\{CD7B47E5-7E47-450C-BAA9-E9F1609A2D7F}\chrome.manifestc:\documents and settings\Administrator\Local Settings\Application Data\{CD7B47E5-7E47-450C-BAA9-E9F1609A2D7F}\chrome\content\_cfg.jsc:\documents and settings\Administrator\Local Settings\Application Data\{CD7B47E5-7E47-450C-BAA9-E9F1609A2D7F}\chrome\content\overlay.xulc:\... Read more

A:win32/bredolab.aa - combofix log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 45.6

This topic has a bit of history, if you would like to see it, the thread is
 
http://www.bleepingcomputer.com/forums/t/512145/strange-disk-behavior-and-win32zperm/
 
I had been using AVG internet security as my primary defense and Ad-aware anti-virus in its compatibility setting which Ad-aware says is okay with AVG.  I also use WinPatrol and SpybodSD's tea timer.
 
There was an infection a month or so ago that I thought we had delt with but now I am not so sure.
http://www.bleepingcomputer.com/forums/t/508728/dds-and-combofix-logs-as-requested/?hl=requested#entry3174075
About a week ago my primary hard drive started giving a "boot disk not found error".  I ran chkdsk and it seemed okay.  I got the error a second time the next day, powered down the computer and rebooted and have had no problem since.
 
However, yesterday I got a recurring virus detection of win32/zperm from AVG.  I cleaned it several times and it came back.
 
Next, WinPatrol gave me messages that AdAware AV, WinPatrol, Spybot Search and Destroy Tea Timer, AVG Toolbar and RTHDCPL.exe had been removed from my startup.  Since that time I have had no virus detections.
 
On instruction by the previous person, I removed AdAware AV, Gomez Peer, Antimalware engine (a part of AdAware), uTorrent and some other things.
 
The AdAware AV. I had a tremendous amount of trouble removing.  I uninstalled, deleted the folder, scoured the system every way I could th... Read more

A:Virus scanner probably not working and have detected zperm in the past

Your previous logs are clean.Totally uninstall [Ad-Aware], using the Revo Uninstaller.Download and run the free version of Revo Uninstaller.Select [Ad-Aware] and click Uninstall.Set it to 'Advanced' and click Scan.Revo will do this:Step 1. Create restore point.Step 2. Run the official [Ad-Aware] uninstaller.Step 3. When uninstaller finishes, click Scan in Revo and it will search for remnants. Delete everything found (Select All, Delete All).Reboot if asked to.===Please download ComboFix from one of these locations:Link 1Link 2IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.Some Rookit infection may damage your boot sector. The Windows Re... Read more

Read other 13 answers
RELEVANCY SCORE 45.2

when i try to run the combofix i m stuck cause it told me that the package is modified due to a win32.virut.ce and the combofix icon on the desktop disapear any idea what i can do ?

Thanks

A:unable to run combofix due to win32.virut.ce

Welcome to BCThis is not the correct forum for CombofixYou should not use it unless under the supervision of a HJT team memberAll of this is for naught anywaysYou have Virut - The nastiest virus out thereIt is recommended that you reformat and do not backup or save anythingAt the very least, if you use online banking and such, you need to contact them about being compromised

Read other 5 answers
RELEVANCY SCORE 45.2

i have a combofix report that i would like to submit. i am still encountering issues with programs not opening and reporting "...not a valid win 32 program".Combofix readme said to still post my logfile just in case!thanks!eleeegee-------------ComboFix 08-12-24.01 - dirt 2008-12-25 21:56:25.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.186 [GMT 2:00]Running from: c:\documents and settings\dirt\Desktop\tool.exeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\dirt\Application Data\drivers\downldc:\documents and settings\dirt\Application Data\drivers\winupgro.exec:\program files\RMClock\RMClockLauncher.exec:\windows\system32\ban_list.txtc:\windows\system32\drivers\downldc:\windows\system32\mdelk.exe.((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 ))))))))))))))))))))))))))))))).2008-12-25 19:44 . 2008-12-25 19:44 <DIR> d-------- c:\program files\XoftSpySE2008-12-25 16:53 . 2008-12-25 21:57 <DIR> d--h----- c:\documents and settings\dirt\Application Data\drivers2008-12-25 16:35 . 2008-12-25 16:40 <DIR> d-------- c:\program files\Plagiarism2008-12-25 16:35 . ... Read more

A:win32.bagle combofix request

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

Read other 2 answers
RELEVANCY SCORE 45.2

i had a bug related to antivirus 2010, i tried to run combofix to fix the issues (which worked great in the past)

but i constantly would get a CA antivius warning (win32/sillydl.prr) that the file was infected, and would instantly be deleted regardless of where the combofix was saved

i was able run malwarebytes, but the problem persisted ... eventually, i got combofix to run completely but the CA antivius warning (win32/sillydl.prr) popped up

i tried the combofix on another PC, and i got the same CA antivius warning (win32/sillydl.prr)

any ideas ...?

A:win32/sillydl.prr / combofix issue

I too have the identical issue. It just started two days ago. Can't seem to clean the win32/SillyDI.PRR infection.

Read other 3 answers
RELEVANCY SCORE 45.2

I have seen a couple threads for this virus, and I tried following the method of running ComboFix and then SDFix (in safe mode) but Spybot continues to find Win32.agent.pz after every start up. I followed the instructions closely, turning off my Internet connection and turning off any anti-spyware or firewalls that might interfere while running the removal programs. First, I tried running Spybot, and it found a few things. It fixed them except a few files which it said could not be fixed. I then ran Ad-aware and Trendo Micro Pc-cillin scans to remove anything. Upon restart Spybot only found Win32.agent.pz and when told to fix the problems, it said the problems were fixed. But every restart, if I run Spybot, there it is again. I tell it to fix it, it says it does, but it comes back every start up. I'd really appreciate some help! Here's my hijackthis log and thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:30 AM, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WI... Read more

Read other answers
RELEVANCY SCORE 45.2

Hey all!

Thanks in advance for your time!!

Got myself a funky virus that I think they are stealing my passwords, my profile on the computer is super slow, slower than the other ones even and my Outlook is phunked as well, constantly having issues which apparently this virus is known for in addition to password stealing. I ran an Avast scan at the suggestion of my web hosting company who disabled my account this morning b/c so much spam was being sent from my email address..plus had a Facebook hack and possibly a Paypal as well. Anyway I stumbled on to a great post on techsupportforum about the same virus and it mentioned combofix and the whole 9 yards of how to use it. When it linked me to Bleeping computer to download itstared fine, but at the last second before installation it says "cannot rename cobofix as combofix1" (I didnt try to rename anything) and my only option is to hit ok or cancel.

So, I not only need help with the issue, I need help downloading the software to fix it!

Thanks peeps!!

Bg

A:Help with Win32.Conflicker.- can't install combofix!

Ok, got combofix installed...won't somebunny please lend a hand here? Did I write my question in the wrong place? I see a lot of answers for people who wrote after I did. Feel like I'm back in grade school not getting picked for dodgeball! Hellllp a girl out

Read other 3 answers
RELEVANCY SCORE 45.2

Hello,

I unfortunately became infected with win32.tdss.rtk, and I followed the instructions using combofix, and it appears that the problem has been solved. However, it recommends that I post the log for the specialist to have a look, would I be able to do that?
Thanks

Darcy

A:win32.TDSS.rtk removed (i think) with combofix

ComboFix logs should not to be posted or discussed outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic in the Am I Infected forum.http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/Explain the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.This topic is now closed. The BC Staff

Read other 1 answers
RELEVANCY SCORE 45.2

I use a HP Pavillion dv6000 shared by the entire family; some members use Firefox and some use IE7. I'm currently using another computer to post this.While using Word 2000 and Firefox, a Windows Security risk came up telling about a high risk alert called WIN32/FOTOMOTO. I selected it and clicked on Remove All. Then the toolbar disappeared. I logged off and logged back on and the toolbar was back. I opened up Firefox and looked for solutions to WIN32/FOTOMOTO. I found this page.http://www.techspot.com/vb/topic94087.htmlI followed the instructions there and ran ComboFix. Instead of getting a logfile, though, it mentioned something about deleting some things and closed. Then the internet on the computer stopped working. The wireless adapter seemed to be working fine and wireless worked on other computers, too. Spybot S&D had a window come up asking about access to a certain file, but then closed on its own. Then an error window came up and then closed itself. The computer then restarted on its own.After restart, I opened the HP Total Care Advisor and found that my hardrive went from being 97% full to 45%.What have I done?!Please help. Thanks so much.

A:Win32/fotomoto + Big Problem After Using Combofix

ComboFix is a very powerfol tool and can really mess your system up. If you've lost over 1/2 the contents of your hard drive I'd suggest backing up your data and then using the HP restore disks to restore your computer to it's original factory specifications.

Read other 1 answers
RELEVANCY SCORE 45.2

Hello! New to the community here, hope someone can help sort out what the problem is or if I am in the right place.. This had been going on for a while. I had tried to research and fix my laptop using first AVG, then MalwareBytes, and ESET Online, and the 3 simultaneously. but never complete success(i.e. one day one of the scans would find 1 threat, unable to remove, another day finds 4, and 3 removed, etc. etc. I have most of the log files if needed.one month ago I followed another link(can't remember which.. great... I know...) and changed some reg keys. but i did save them prior to modification.. Today I found this topic similar to my issue, so I tried what it suggested: TDSSKiller and ComboFix, but now upon opening programs(chrome, minesweeper, pdf file, seems like everything) an error msg shows "Illegal operation attempted on a registry key that has been marked for deletion."In terms of my preparation..1. Back up- pretty sure I did a back up last year before installing AVG2011...but it was not showing up?5. can't change firewall settings - error code 0x800704246. laptop is on Windows 7 Home edition, so does that mean theres no need to disable CD Emulation software?? 7. DDS can't open it, same illegal operation msg "8. Gmer.. can't either, same deal.attached combofix, tdss, and earlier today's eset scan logs... any thoughts any one?oh yeah and happy holidays

A:from Win32/Sirefef.CH to ComboFix, now, not very lively

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/435067 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 45.2

Hello,Recently my computer got infected from USB stick. I have kaspersky antivirus (KIS), but for some reason it didn't kill or notice the virus. When I have done manual scan, Kaspersky reported infection: Trojan-PSW.Win32.OnLineGames.qzl and worm.Win32.AutoRun.cub and delete files. Unfortunately virus recreated this files and hence I cannot get rid of virus.Running ComboFix fixed the problem. As stated in ComboFix howto I am posting log files:ComboFix 08-06-04.1 - loziek 2008-06-05 0:54:08.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.632 [GMT 2:00]Running from: C:\Documents and Settings\loziek\Pulpit\ComboFix.exe * Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 ))))))))))))))))))))))))))))))).2008-06-04 00:20 . 2008-06-04 00:20 <DIR> d-------- C:\Program Files\Google2008-05-18 23:59 . 2008-05-18 23:59 63 --a------ C:\pdfinfo.ini2008-05-18 23:58 . 2008-05-18 23:58 1,024 --a------ C:\WINDOWS\system32\pwdremover.dat2008-05-18 23:58 . 2008-05-18 23:58 36 --a------ C:\WINDOWS\verypdf.ini2008-05-16 21:11 . 2008-05-16 21:11 1,501,379 --a------ C:\WINDOWS\WANEUninstaller.exe2008-05-11 16:27 . 2004-08-04 08:38 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys2008-05-11 16:27 . 2004-08-04 08:38 14,848 --a--c--- C:\WINDOWS&#... Read more

A:Trojan-psw.win32.onlinegames.qzl - Combofix Log

Welcome to the BleepingComputer Forums. If you are still having problems, please post a new HijackThis log. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Read other 2 answers
RELEVANCY SCORE 45.2

I can't open any one of this programss, can you hel;p me whit that problem? Where can I found checking my disk programme? plz, help i need it fast. Also my sount driver isn't working

Read other answers
RELEVANCY SCORE 44.8

Hello There,

Thaks for taking the time to read this post.

I have a 3.4G single processor running XP.

My Free AVG 8.5 has been quite busy reporting the Win32/Heur infections that seem to be ongoing and unrelenting. I had some porn icon links put on the desktop but they have not re-appeared as yet.

I have not restarted my system since the initial infection but am due to.

I have followed the: Win32/Heur virus (In Progress) post from
Pedro88 and have some logs to include.

I started with HijackThis and then MBAM and then ran Spybot - Search and Destroy, then tried to run ComboFix.

My issue is that each time I download and invoke Combofix, it tells me that it has been compromised and deletes itself with a message about a possible file patching virus 'virut'

What should my next step be...?

Logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:26 AM, on 13-09-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Phot... Read more

Read other answers
RELEVANCY SCORE 44.8

Hello everybody.My pc is really slow,google won't search,can' turn on automatic updates,IE goes offline,mozilla sometimes open but is slow.Didn't try to run other apps as my pc is slow.Kaspersky antivirus found the trojan so i ran combofix.The log file follows.Any help is much appreciated!!

ComboFix 08-05-21.3 - Petran 2008-05-24 19:48:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.202 [GMT 3:00]
Running from: C:\Documents and Settings\Petran\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\a.zip
C:\Program Files\winupdates
C:\Program Files\winupdates\winupdates.exe
C:\Recyclers
C:\Recyclers\svchost.exe
C:\s.tmp
C:\WINDOWS\BM7765ffa2.xml
C:\WINDOWS\knight.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\recover.reg
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\ggOWDJjl.ini
C:\WINDOWS\system32\ggOWDJjl.ini2
C:\WINDOWS\system32\ljJDWOgg.dll
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\skjbidjo.ini
C:\WINDOWS\system32\venrhxuf.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_Mesengger
-------\Service_Mesengger


((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.

2008-05-24 20:04 .... Read more

A:Combofix log file for trojan.win32.monder.gen

Hello and welcome to TSF

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

-------------------------------------

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.

Please print out or save the following instructions in Notepad. Please also stay with me until I declare you clean.

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

---------------------------------------

I see you have P2P software (uTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you unins... Read more

Read other 14 answers
RELEVANCY SCORE 44.8

Hello,I am having an issue downloading ComboFix.exe for the BleepingComputer site. I logged onto BleepingComputer a few minutes ago and when I downloaded ComboFix.exe to my PC, my virus protection software, CA (Computer Associates), blocked it saying that it was infected with the "Win32/SillyDI.PRR" virus.Any suggestions? I am running Windows XP Prof., 32 bit.Any help would be appreciated.spnEdit: Moved topic from XP to the more appropriate forum. ~ Animal

A:ComboFix.exe Downloads With Win32/SillyDI.PRR Virus

Combofix is not infected - the result is just a false positive.

You really shouldn't run Combofix except under the guidance of an expert.

Read other 7 answers
RELEVANCY SCORE 44.8

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.We need to create a New FULL OTL ReportPlease download OTL from here if you have not done so already:
Main MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "SafeList"Push the button.Two reports will open, copy and paste them in a reply here:
OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedAfter downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconne... Read more

A:Remove Win32/Olmarik.AJL trojan using combofix

Do you still need help?

Read other 3 answers
RELEVANCY SCORE 44.8

I just downloaded Combofix (January 29th 2013 at 13.30 o'clock West-European time) and Microsoft Security Essentials detected the WIN32/Sality.AT virus inside the downloaded file; see the follwing picture for the MSE warning:https://skydrive.live.com/redir?resid=681F5E0CC962B14A!608&authkey=!f5EYQ7ms3k8%24I have been using Combofix for many, many years and never experienced this before: HOW is this possible ???? This should NEVER happen !!!!

A:Combofix infected by WIN32/Sality.AT virus

Yes I can confirm that indeed the ComboFix Installer does contain the sality virus within its iexplore.exe file. This needs to be replaced with a clean version of iexplore.exe as soon as possible.

Read other 3 answers
RELEVANCY SCORE 44.4

G'day,
 
Today after downloading what I was expecting to be a picture gallery was an exe file so I right clicked it in order to select the option to scan the file with kaspersky but the file immediately vanished the moment I right clicked it. I thought woops great ! I began full scan with kaspersky which found and deleted heur.trojan.win32.generic. I then started a Malwarebytes scan which didn't find anything. I ran Tdsskiller which also did not find anything. 
 
And dont' know why, call me paranoid I guess but I also grabbed latest combofix from Bleepingcomputer and ran that. It took a good hour to complete and the report indicates it done some stuff but the information in the combofix.txt log is out of my league and I don't understand what the outcome was.
 
Would someone be kind enough to analyse it for me ? 
 
Thanking You in advance

A:Need help analysing combofix.txt log after trojan.win32.generic removal

. . . Anyhow I guess providing the actual combofix.txt would be somewhat helpful. I was thinking perhaps I should wait until asked to post it?  I'll paste it here now. Also I've noticed there is also a ComboFix-quarantined-files.txt which I'll provide after this one.
 
 
ComboFix 13-05-05.01 - MikeJnr 06/05/2013  12:17:45.1.8 - x64
 
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.8066.3545 [GMT 8:00]
Running from: c:\users\MikeJnr\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\iun6002.exe
c:\windows\SysWow64\d2d1debug1.dll
c:\windows\SysWow64\tmp7FAB.tmp
c:\windows\SysWow64\tmp7FAC.tmp
c:\windows\SysWow64\tmp9FE6.tmp
c:\windows\SysWow64\tmpCCC.tmp
c:\windows\UNWISE.EXE
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-06 to 2013-05-06  )))))))))))))))))))))))))))))))
.
.
2013-05-06 05:02 . 2013-05-06 05:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-06 05:02 . 2013-05-06 05:02 -------- d-----w- c:\users\UpdatusUser\AppData\Loc... Read more

Read other 5 answers
RELEVANCY SCORE 44.4

Hi
 
Avast found the win32 winpatch virus on my laptop which has infected the winlogon.exe and explorer.exe files. Avast can't clean these as they are protected.
 
I did a search and found someone who fixed it using combofix which I have tried running but doesn't produce a log becuase explorer doesn't work anymore after running combofix. I did this without contacting you which was probably a mistake.
 
Would appreciate any advice where to go from here.
 
Thanks

A:win32 winpatch virus combofix does not create a log file

Moving topic to Am I Infected, where the more knowledgeable can attempt to assist you with your suspicion of malware.
 
Louis

Read other 1 answers
RELEVANCY SCORE 44.4

Hi, I got infected with the Win32/Heur infection. My antivirus (AVG 9) is disabled and cannot run Spybot. My Win XP sometimes froze. After reading a few forums, i ran ComboFix and did a HijackThis scan after.
Windows seems more stable now.
Can someone go over the logs and see if I have anything else that needs to be cleaned?
Your assistance will be greatly appreciated

Read other answers
RELEVANCY SCORE 44.4

I got the windows police pro system defender virus. I was able to get to safe mode and remove most of the files so I can run malwarebyets. Found the virus files..deleted.

But the virus has still hijacked my regedit, msconfig, etc

I tried to use combofix but i get the error above during the scanning phase. Is it because my registry is hijacked?

I've looked for TDSSserv.sys under non plug and play...it's notthere.

I installed registry explorer 1.4 to use as my regedit...that works.

please help.

A:Getting c:\combofix\regt.cfxxe is not a valid win32 application

I was able to run combo fix even if access was denied to the registry.

It found the virus "rotscxehesruxo.sys" but it can't modify the registry files.

it removed the bad files...but can't edit the registry...what should I do?

how can I make combofix edit the registry?

Read other 2 answers
RELEVANCY SCORE 44.4

Hello. Thanks in advance for your help. About a week ago, my computer became infected with win32.tdss.rtk plus a host of other viruses and trojans. I had Windows firewall, PC Tools, & Spybot running at the time of the infection. After pop ups started taking over my PC, I ran PC Tools 5.0.1.1 and it found and removed a host of viruses. I also ran Spybot and it found a host of problems including win32.tdss.rtk and fixed. I restarted and re-ran both. PC Tools was clean but Spybot found win32.tdss.rtk again and fixed. After about an hour, pop ups started again plus a program called Malware Doctor somehow loaded itself onto my PC. My PC became unuseable! I shut it off and used my notebook to search win32.tdss. I found this site and after reading some of the posts, I burned combofix to a CD and booted my PC in safe mode and ran it while disconnected from the internet. After combofix finished running, I was able to use my PC for the 1st time in days. I re-ran combofix while connected to the net and with my USB drives connected (disconnected them before the first run) and everthing seems fine. After reading how difficult this trojan can be to remove, I wanted to ensure my PC is clean. I have since installed Ad-Ware Free AE & ZoneAlarm firewall. The only problem I've found is that Windows Update is disabled and I cannot enabled it from the security center or using services.msc. I keep getting "Acess Denied". Below is my DDS.txt file.
DDS (Ver_... Read more

A:Verify win32.tdss.rtk removal after unsupervised combofix run

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 42.8

Hello forum moderators,My laptop was infected with AntiSpy Safeguard malware. After browsing through various Google results, I ran Malwarebyte and Super Anti Spyware after killing the process using eXplorer.exe. However, I felt that the malware was not completely removed even though the AntiSpy Safeguard did not start on starting my laptop. This was followed by problems where after about 10 minutes of starting my laptop I would receive the message "Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience." which would make work impossible. Hence, I downloaded and ran ComboFix that generated the following report.Please help me with the next steps.Thank you,Vinay ----------------------------------ComboFix 10-09-30.05 - Vinay 10/06/2010 21:25:15.1.2 - x86 NETWORKMicrosoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.688 [GMT -4:00]Running from: c:\documents and settings\TEMP\Desktop\Malware\AntiMalware\ComboFix.exeAV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\TEMP\Application Data\hotfix.exec:\windows&#... Read more

A:Request for help with ComboFix log for AntiSpy Safeguard and Generic Host Process for Win32 Services

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 22 answers
RELEVANCY SCORE 42.8

My Avast antivirus recently started detecting a whole host of viruses. I ran a thorough scan of all files and deleted every infected file until the scanner turned up a hit in the operating memory. It then suggested I run a boot sector scan - I did so. Upon rebooting Avast started detecting more viruses. This time I rebooted into Safe Mode and ran the scanner there, deleting everything I found. Apparently one of the files I deleted was important, because after that my computer Blue-Screened during boot-up and I had to do a system restore to a save point from a few days ago (before the virus was contracted). Since then the virus has continued to crop up, and I haven't the foggiest notion of how to get rid of it.

The title is a list of the virus descriptions that my Avast scanner gave me. I ran all the programs the walkthrough on this site instructed me to, but the RootRepeal program crashed and generated an error message and crash report, both attached (error message in .png image format - I took a screenshot of it).

Thanks for your help!

__________________________________________________________________________________
DDS (Ver_09-12-01.01) - NTFSx86
Run by Bryan at 18:56:06.09 on Wed 12/02/2009
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1546 [GMT -5:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32&... Read more

A:Infected with js: downloader-FT Win32:Banload-GLR Win32:Malware-gen Win32:Refpron-AW Win32:Rootkit-gen Win32:VB-NWC

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 41.2

Hi,Please help me in getting rid of the pop ups which keep coming up.trojan downloader win32 agent bqtrojan clicker win32 tiny htrojan spy win32 key logger.aatrojan spy win32 green screentrojan spy html bankfraud.dqHijakThis log file.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:00:40, on 9/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Hewlett-Pac... Read more

A:Infected With Trojan Clicker Win32 Tiny.h / Downloader Win32 Agent Bq / Spy Win32 Key Logger.aa/spy Win32 Green Screen / Html B...

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

Read other 1 answers
RELEVANCY SCORE 40.8

hello. sorry about this mess. im afraid i dont really know what im doing. my nephew asked me to help get rid of a red circle with a white cross telling him he had spyware but its turned into something much worse. he only used windows firewall and nothing else saying he only uses world of warcraft and msn and music and doesnt surf the web!! i tried to scan with avg but it was aborted and the windows firewall was continually turned off no matter how many times i put it on. tried other antivirus progs but all were turned off. eventually i managed to do online scan on microsoft safety centre and deleted quite a few v high threat trojans but many unable to clean. i also ran sophos rootkit and nearly gave myself a heart attack - 938 hidden things that recommend not to clean. i resorted to you now. i followed the tutorial for posting hijack this and here are the resultskaspersky report for critical areas--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORT Saturday, November 29, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Saturday, November 29, 2008 12:40:36 Records in database: 1426420--------------------------------------------------------------------------------Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yesScan area - Critical Areas: C:\Do... Read more

A:win32/alureon.gen, win32/Eldycow.en!A, win32/Small, win32/Olmafik, winNT/Xantvi.gen!A, Trojan-Game Thief and more

i think i have sorted this. i ran SDFix which cleaned up enough for me to install antivirus. avast caught lots of trojans and i have now been able to onlinescan and spybot s/d etc. all logs now coming back clean so can u delete this post please

Read other 3 answers
RELEVANCY SCORE 40.8

Hello,My computer became infected last night, and It's pretty bad. I became infected with Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, and the others listed (maybe more). Long story short, I'd just watched Harry Potter on dvd, and logged onto the computer to see who he married in the end. I ended up at a Harry Potter encyclipdiea website, and looked it up. Avast went nuts after a few minutes, and showed 4 different virus alerts, and Windows Defender showed 1 as well after I shut down.The virus listed by Defender was Trojan:Win32/Alureon.BT. Avast listed Win32:Jifas-CY, I didn't get the others in time.The last 2 I listed in the title, a "security center alert" claimed it detected these programs trying to acess the internet. It listed one more, but I didn't get it's name in time.I know Alureon is a downloader and backdoor for other viruses, and it basically shuts down security systems, which it's trying to do since windows now thinks I have no anti-virus installed.All of these trojans are listed as "server" and "high risk." I'm not sure a root kit didn't try to make it's way in too.EDIT: I wanted to add a few things in. First, I have XP SP3 set up with multiple accouts, one admin "owner" account and then 1 limited access "user" account. The Viruses came in while the user account was logged on (I am not dumb enough to connect to the internet with an admin account). It seems the Viruses we... Read more

A:Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, Backdoor.Win32.Kbot.al, Net-Worm.Win32.Mytob.t

Hello again.I booted into Safe Mode and ran an Avast scan (which took forever) and it was a waste of time. The stupid thing found nothing wrong, and said the system was clean (which is the opposite it says when you log into the limited user account). The computer (and specially that account at least) is definitely infected. Could the viruses be hiding themselves when in safe mode?Should I scan from a Pre-install environment like BartPE? Or from the Regular "Owner" Admin account? I waited 2 days for the stupid program to scan 700gb (painfully slow for a qaud core, though to be excepted in safe mode), and it was useless.Other than running windows defender (which I'm doing now), and maybe trying MBAM, I'm not sure what to do. I'm not expect enough to dive into programs like OTViewIT and Combofix, so I'll need help here. Please, ANY HELP is appreciated. I would rather NOT wipe the drive and reinstall the whole system, but I need to get this figured out.Does no one have any ideas???

Read other 5 answers
RELEVANCY SCORE 40

Hello,Please help if you can .I ran free Avast! version 5.0.677 on my Windows XP desktop computer (Pentium 4, 1.5 Ghz CPU, 1 gb ram), and came up with the following virus warnings. Unfortunately the Avast! software internal tools to remove it are grayed out and not functioning. I tried a couple of things to remove viruses from help online and then realized I was in way over my head. I found this forum and am now requesting help.Avast! says I am affected with:JS:Downloader-AT, Win32:Nimda, Win32:Small-GWM, Win32:VB-EIJ, Win32:WinSpy-CK, JS:ScriptSH-inf, and Win32:VirutAttached a screen shot of Avast! with viruses and partial path to them. Computer's Symptoms (not sure if these are all due to old slow processor or malware):Computer is freezing often;When it is in sleep mode it is turning itself on;Seems to be downloading stuff often and slowing down;Monitor is going black forcing reboots often;Couple weeks back I began getting floating ads that pop up when browsing online;I get an error message daily that says AdAware has shut down unexpectedly, do I want to send a report? I have been ignoring this, not knowing if it was important, been several weeks.Ok, I think that is all I can think of to share. Please help if you can. I appreciate it.Thanks,Dancer~~~~~~~~~~DDS (Ver_10-03-17.01) - NTFSx86 Run by ljk at 15:52:28.93 on Mon 09/20/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.102... Read more

A:Please Help ~ Infected with JS:Downloader-AT, Win32:Nimda, Win32:Small-GWM, Win32:VB-EIJ, Win32:WinSpy-CK, JS:ScriptSH-inf, and...

Hello, and to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.I ask that you please refrain from running tools other than those I su... Read more

Read other 42 answers
RELEVANCY SCORE 40

Hi,I am wondering whether combofix.net and combofix.org are GENUINE sites to download ComboFix.There's no Impressum and the whois-info is private registered.Just wanted to know.Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum. ~ Animal

A:Is combofix.net and combofix.org GENUINE Site to download ComboFix?

Please Take a look here: ComboFix usage, Questions, Help? - Look hereSpecifically the link to the combofix disclaimer image. AlsoThere are only two sites that are authorized for combofix, which are shown in red in the last quote box.

Read other 3 answers
RELEVANCY SCORE 39.6

Avast continually blocks the following threats: - Win32:Malware-gen - WIn32:Downloader-PKU [Trj] - Win32:DNSChanger-VJ [Trj]Avast scans and detects Win32:Sirefef-PL [Rtk], cannot remove it though.Malwarebytes scan detects BCminer, quarantines it, though never seems to get rid of BCminer. Other issues of possible note: - Windows Firewall not running 0x80070424 - Backup & Restore - last backup did not complete successfully - server execution failed - 0x80080005Ran both DDS and GMER (GMER did not have all the options available as per the preparation guide, and did not log anything when the scan was complete). .DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by Family-pc at 12:37:05 on 2012-08-05Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.16383.13888 [GMT -4:00].SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\sy... Read more

A:Win32:Sirefef-PL, Win32:Malware-gen, WIn32:Downloader-PKU [Trj], Win32:DNSChanger-VJ [Trj], BCMiner need help

Hello Njals, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
I will be analyzing your log. I will get back to you with instructions.Do you have a USB Flash Drive you can use?

Read other 21 answers
RELEVANCY SCORE 38.8

Originally Virus Heat installed itself onto my computer then we added CA Security anti virus and anti spyware protection. This cleaned up some of the problem but I had to download spybot search and destroy to find more spyware. There was a lot of Z lob spyware on the computer. I have spent countless hours on the phone with tech support with Time Warner who is my internet provider who suggested the CA Security that isn't picking up on everything. Now when I run a full scan with CA on my computer it says there are no infections but I keep getting a pop up from CA saying there are 33 infected items. The pop up is random- it isn't in connection with the anti-virus scan. They aren't deleted or quarentened, the pop up just states the file name, infection name, type which is "file" and status which is infected. There are 10 win32/vmalum.ccpy, 19 win32/crushpy!generic, 1 win32/vmalum.ccqd, 2 win32/bewschy.d and 1 vmalum.ccqa. The files aren't quarentened so I can't go in and delete them and when I run the scan to clean them up it isn't picking up on them. So CA anti virus scan isn't picking up on these infected files but then again it is because the pop up knows they are there? Does this make sense? Almost like it knows they are there but it can't do anything with them? Time Warner suggested I get a trojan hunter, is this appropriate? Are you familiar with these infection types? I have googled the names but nothing comes u... Read more

A:Win32/bewschy.d, Win32/vmalum.ccpy, Win32/vmalum.ccqa,win32/crushpy!generic, Win32/vmalum.ccqd

What OS (Win 2K, XPsp1, XPsp2, Vista) are you using? Have you tried doing your scans in "Safe Mode"? Are you doing scans while logged into the "Administrator Account" or an "account with administrator privileges"? You need to start there first. If rescanning in Safe Mode does not help, then do this:Please perform an online scan with Kaspersky WebScannerClick on You will be promted to install an ActiveX component from Kaspersky, Click The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on Now click on In the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)
Scan Options:Scan Archives
Scan Mail BasesClick Now under select a target to scan:Select My ComputerThis will program will start and scan your system.The scan will take a while so be patient and let it run.Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:Save the file to your desktop.Copy and paste the scan results in your next reply.

Read other 11 answers
RELEVANCY SCORE 38.4

Hi!

Please help. Along with the above virus? names I have an icon down in the bottom right corner that flashes from a yellow X to a yellow ? with a message telling me I have a Critical System error and to go to that site and download software....

I have AVAST and ran a full scan and did come up with several files with virus/trojan names; these files went into the Virus Chest. I deleted the Temp ones but decided not to delete anything else until I know what is going on. I have since ran the Clean Up through Avast and rescanned twice. Did not show any new stuff although there were 6 files that it was not able to scan. It appears that my C drive has all the problems.

One other thing I did notice was that when I went into Device Manager there is the big yellow question mark next to something identified as optional device and below that another question mark as RAID something. Also, down below the volume game controller file? there are several things that have a big yellow exclamation marks......

Someone showed me last night the process to remove the Adware(??) and the icon and clean this up and but I was not at home so I just reviewed the info, decided that I should be able to do it and just wrote down this website address. So, now I have here but do not know where to get started.................

Thanks for you help!

A:Win32:zlob; Win32:ageng-a; Win32:adan-007; Win32:enumplus And On And On

Sorry you didn't get a reply sooner.Here's what to do.Follow the directions in this topic: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Then post a new topic with your HJT log here: http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/Provide a brief description of your problem, and provide a title similar to the one you have here.Please be patient, as the HJT team is very busy. Do not bump your log as the team may think that someone is already helping you. If you have not had a response in five days add a reply to this topic: http://www.bleepingcomputer.com/forums/topic14717.html and paste in the link to your HJT topic there.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 36.8

Hi,I'm running Windows XP - Internet Explorer v. 6.00, SP3. Yesterday Avast alerted me to a virus on my computer (I neglected to write down the exact message). At the time, only Gmail was open and an email was being written. I've had some issues with Avast occasionally reporting a false positive, and since nothing was being downloaded at that time, I took no action with Avast. Instead, I immediately did a Quick Scan with MalwareBytes to see if it would find anything. MalwareBytes found and deleted the following: C:\Documents and Settings\HP_Owner\application data\Sun\Java\deployment\cache\\6.0\44\61b86cac-3c0c0928Trojan.FakeAlert.VGenC:\Documents and Settings\HP_Owner\local settings\temp\0.506697477033.exeTrojan.FakeAlert.VGenA second MalwareBytes scan was clean.I looked "Trojan.FakeAlert.VGen" up on Google and then it clicked: for the past few days, Adobe Flash Player has been crashing an awful lot. When it crashes (on Youtube, for example), it tells me the program is out of date and needs to be updated. The weird thing was that sometimes it worked for a while before it crashed, but I dismissed that as being some strange computer quirk. I went to the Adobe web site and tried to install the newest version of Flash Player, but was unable to. I feel foolish, but it never even occurred to me that a virus could be to blame. It concerns me that (assuming the Adobe Flash Pla... Read more

A:Trojan.FakeAlert.VGen, SpyInstall_HPPre.exe, Win32: Mirc-z [PUP], Win32: Kill App-W [PUP] & Win32: Agent-AMXO (Trj)

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Document... Read more

Read other 13 answers
RELEVANCY SCORE 36.8

Hi, My laptop is running on Windows XP Home Edition Ver 2002 SP3. I also have CA Anti-virus software and Malwarebytes installed.

Recently, my laptop is infected by the malwares Win32/ZAcesss.AC, Win32/Karagany.ZAAE and Win32/Fosniw.ZABA. The CA Anti-virus software detected and quarantined them but it came back again after reboot. Also, Google search results are also redirected to the website xa.com.

I would be most grateful if you could help to solve this issue. The DDS log is pasted below. For your info, I received the following message when GMER completed scanning: WARNING!!! GMER has found system modification caused by ROOTKIT activity.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by CST at 4:20:34 on 2011-11-25
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.1033.18.2047.1291 [GMT 8:00]
.
AV: CA Anti-Virus Plus *Enabled/Updated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\Zcfg... Read more

A:Google redirect to xa.com and malware Win32/ZAcesss.AC, Win32/Karagany.ZAAE and Win32/Fosniw.ZABA

Hi,Please do the following:Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\C... Read more

Read other 16 answers