I hate Adware

bkribbs

New Member
So I'm not sure if you've heard of DayZ. I just bought the mod for Arma II and am trying it out. I heard about DayZ commander. Used to be great. Now the guy is a freaking jerk. He has crap on his website that looks like the real installer. Anyways, I think I removed everything, can you guys double check my combofix log came out clear?

ComboFix 14-04-20.01 - bkribbs 04/25/2014 23:31:50.2.8 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.16291.14074 [GMT -4:00]
Running from: C:\Users\bkribbs\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2014-03-26 to 2014-04-26 )))))))))))))))))))))))))))))))


2014-04-26 06:31:43 . 2014-04-26 02:46:48 -------- d-----w- C:\AdwCleaner
2014-04-26 03:34:39 . 2014-04-26 03:34:39 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-04-26 03:10:35 . 2014-04-26 03:10:35 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A3CCFF94-3C1C-4DA3-A54B-2453E78D76A5}\offreg.dll
2014-04-26 03:09:38 . 2014-04-26 03:09:38 -------- d-----w- C:\WINDOWS\ERUNT
2014-04-26 03:05:34 . 2014-04-26 03:05:35 -------- d-----w- C:\Users\bkribbs\AppData\Local\DayZCommander
2014-04-26 02:40:27 . 2014-04-26 02:40:27 -------- d-----w- C:\WINDOWS\Migration
2014-04-26 02:35:09 . 2014-04-26 03:29:37 119512 ----a-w- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
2014-04-26 02:35:01 . 2014-04-26 02:35:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-26 02:35:01 . 2014-04-26 02:35:01 -------- d-----w- C:\ProgramData\Malwarebytes
2014-04-26 02:35:01 . 2014-04-03 13:51:16 63192 ----a-w- C:\WINDOWS\system32\drivers\mwac.sys
2014-04-26 02:35:01 . 2014-04-03 13:51:04 88280 ----a-w- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2014-04-26 02:35:01 . 2014-04-03 13:50:58 25816 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2014-04-26 01:50:52 . 2014-04-26 01:50:52 -------- d-----w- C:\Users\bkribbs\AppData\Local\ElevatedDiagnostics
2014-04-26 01:41:47 . 2014-04-26 01:41:47 -------- d-----w- C:\Program Files (x86)\7-Zip
2014-04-26 00:53:20 . 2014-04-26 00:53:20 -------- d-----w- C:\Program Files (x86)\Common Files\BattlEye
2014-04-26 00:44:57 . 2014-04-26 00:45:07 -------- d-----w- C:\Users\bkribbs\AppData\Local\ArmA 2
2014-04-26 00:42:10 . 2014-04-26 00:51:06 -------- d-----w- C:\Users\bkribbs\AppData\Local\ArmA 2 OA
2014-04-26 00:42:10 . 2014-04-26 00:42:10 -------- d-----w- C:\ProgramData\Bohemia Interactive Studio
2014-04-26 00:41:49 . 2014-04-26 00:41:49 -------- d-----w- C:\Program Files (x86)\Bohemia Interactive
2014-04-26 00:36:26 . 2014-04-26 00:36:26 71048 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2014-04-26 00:36:26 . 2014-04-26 00:36:26 692616 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2014-04-26 00:36:26 . 2014-04-26 00:36:26 -------- d-----w- C:\WINDOWS\SysWow64\Macromed
2014-04-26 00:36:25 . 2014-04-26 00:36:25 -------- d-----w- C:\WINDOWS\system32\Macromed
2014-04-26 00:13:33 . 2014-04-26 00:13:33 -------- d-----w- C:\ProgramData\SIX Networks
2014-04-26 00:13:09 . 2014-04-26 00:13:09 -------- d-----w- C:\Users\bkribbs\AppData\Local\IsolatedStorage
2014-04-26 00:13:07 . 2014-04-26 00:42:09 -------- d-----w- C:\Users\bkribbs\AppData\Local\SIX Networks
2014-04-26 00:13:07 . 2014-04-26 00:13:07 -------- d-----w- C:\Users\bkribbs\AppData\Roaming\SIX Networks
2014-04-25 23:07:10 . 2014-04-25 23:07:13 -------- d-----w- C:\WINDOWS\rescache
2014-04-25 22:22:43 . 2014-04-25 22:22:43 -------- d-----w- C:\Users\bkribbs\AppData\Local\Downloaded Installations
2014-04-25 22:07:54 . 2014-01-31 21:54:31 99288 ----a-w- C:\WINDOWS\system32\drivers\TeeDriverx64.sys
2014-04-25 22:07:54 . 2014-01-31 21:54:31 1795952 ----a-w- C:\WINDOWS\system32\WdfCoInstaller01011.dll
2014-04-25 22:07:28 . 2013-09-06 13:35:16 39424 ----a-w- C:\WINDOWS\system32\drivers\applemtp.sys
2014-04-25 22:07:24 . 2013-10-17 12:24:15 69120 ----a-w- C:\WINDOWS\system32\CirrusAPO_x64.dll
2014-04-25 22:06:39 . 2014-01-10 13:54:39 8061648 ----a-w- C:\WINDOWS\system32\drivers\BCMWL664.SYS
2014-04-25 22:06:38 . 2014-01-10 13:54:39 96560 ----a-w- C:\WINDOWS\system32\bcmwlcoi.dll
2014-04-25 22:06:38 . 2014-01-10 13:54:39 3674408 ----a-w- C:\WINDOWS\system32\bcmihvui64.dll
2014-04-25 22:06:38 . 2014-01-10 13:54:38 4406568 ----a-w- C:\WINDOWS\system32\bcmihvsrv64.dll
2014-04-25 22:06:30 . 2014-01-14 18:06:14 31232 ----a-w- C:\WINDOWS\system32\drivers\KeyMagic.sys
2014-04-25 21:25:12 . 2014-03-21 19:43:52 40392 ----a-w- C:\WINDOWS\system32\drivers\nvvad64v.sys
2014-04-25 21:25:12 . 2014-03-21 19:43:50 33568 ----a-w- C:\WINDOWS\SysWow64\nvaudcap32v.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2014-04-02 13:27:17 . 2013-12-04 00:41:34 1081112 ----a-w- C:\WINDOWS\SysWow64\nvspcap.dll
2014-04-02 13:27:05 . 2013-12-04 00:41:34 1225920 ----a-w- C:\WINDOWS\system32\nvspcap64.dll
2014-03-21 19:43:50 . 2013-12-04 00:37:11 37320 ----a-w- C:\WINDOWS\system32\nvaudcap64v.dll
2014-03-21 15:46:46 . 2014-03-21 15:46:46 152848 ----a-w- C:\WINDOWS\SysWow64\comdlg32.ocx
2014-03-21 15:46:46 . 2014-03-21 15:46:46 1081616 ----a-w- C:\WINDOWS\SysWow64\mscomctl.ocx
2014-02-01 01:54:28 . 2013-12-03 22:55:12 59688 ----a-w- C:\WINDOWS\SysWow64\CSVer.dll
2014-01-31 22:00:02 . 2014-01-31 22:00:02 16672 ----a-w- C:\WINDOWS\system32\drivers\AppleMNT.sys
2014-01-31 22:00:00 . 2014-01-31 22:00:00 72992 ----a-w- C:\WINDOWS\system32\drivers\AppleHFS.sys
2014-01-31 21:59:56 . 2014-01-31 21:59:56 1598272 ----a-w- C:\WINDOWS\system32\AppleControlPanel.exe
2014-01-31 21:54:34 . 2013-12-03 22:55:21 48608 ----a-w- C:\WINDOWS\system32\drivers\USB3Ver.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-01-31 21:54:34 291280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DefaultLogonDomain"= BKRIBBS-BC

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

R3 applebmt;Apple Wireless Mouse;C:\WINDOWS\system32\drivers\applebmt.sys;C:\WINDOWS\SYSNATIVE\drivers\applebmt.sys [x]
R3 AppleDisplayFlt;Apple Display Driver;C:\WINDOWS\system32\drivers\aaplmonf.sys;C:\WINDOWS\SYSNATIVE\drivers\aaplmonf.sys [x]
R3 AppleODD;Apple ODD;C:\WINDOWS\system32\drivers\AppleODD.sys;C:\WINDOWS\SYSNATIVE\drivers\AppleODD.sys [x]
R3 AppleUSBEthernet;Apple USB Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AppleUSBEthernet.sys;C:\WINDOWS\SYSNATIVE\DRIVERS\AppleUSBEthernet.sys [x]
R3 applewtp;Apple Wireless Trackpad;C:\WINDOWS\system32\drivers\applewtp.sys;C:\WINDOWS\SYSNATIVE\drivers\applewtp.sys [x]
R3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 dmvsc;dmvsc;C:\WINDOWS\system32\drivers\dmvsc.sys;C:\WINDOWS\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\system32\IEEtwCollector.exe;C:\WINDOWS\SYSNATIVE\IEEtwCollector.exe [x]
R3 IRRemoteFlt;IR Receiver Filter Driver;C:\WINDOWS\system32\drivers\IRFilter.sys;C:\WINDOWS\SYSNATIVE\drivers\IRFilter.sys [x]
R3 lpasvc;Microsoft Policy Platform Local Authority;C:\Program Files\Microsoft Policy Platform\policyHost.exe;C:\Program Files\Microsoft Policy Platform\policyHost.exe [x]
R3 lppsvc;Microsoft Policy Platform Processor;C:\Program Files\Microsoft Policy Platform\policyHost.exe;C:\Program Files\Microsoft Policy Platform\policyHost.exe [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\WINDOWS\system32\drivers\nvstusb.sys;C:\WINDOWS\SYSNATIVE\drivers\nvstusb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\WINDOWS\system32\drivers\rdpvideominiport.sys;C:\WINDOWS\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;C:\WINDOWS\system32\drivers\synth3dvsc.sys;C:\WINDOWS\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;C:\WINDOWS\system32\drivers\terminpt.sys;C:\WINDOWS\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\WINDOWS\system32\drivers\tsusbflt.sys;C:\WINDOWS\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\WINDOWS\system32\drivers\TsUsbGD.sys;C:\WINDOWS\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;C:\WINDOWS\system32\drivers\tsusbhub.sys;C:\WINDOWS\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;C:\WINDOWS\system32\drivers\rdvgkmd.sys;C:\WINDOWS\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\WINDOWS\system32\Wat\WatAdminSvc.exe;C:\WINDOWS\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\bkribbs\Downloads\RealTemp_370\WinRing0x64.sys;C:\Users\bkribbs\Downloads\RealTemp_370\WinRing0x64.sys [x]
R4 CmRcService;Configuration Manager Remote Control;C:\WINDOWS\CCM\RemCtrl\CmRcService.exe;C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [x]
R4 vxlsnyaiet64;vxlsnyaiet64;C:\Program Files\003\vxlsnyaiet64.exe run options=01100010030000000000000000000000 sourceguid=6E6B36EB-9156-411B-B951-C735F4747DCF;C:\Program Files\003\vxlsnyaiet64.exe run options=01100010030000000000000000000000 sourceguid=6E6B36EB-9156-411B-B951-C735F4747DCF [x]
S0 amdkmafd;AMD Audio Bus Lower Filter;C:\WINDOWS\system32\drivers\amdkmafd.sys;C:\WINDOWS\SYSNATIVE\drivers\amdkmafd.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\WINDOWS\system32\drivers\amdkmpfd.sys;C:\WINDOWS\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\WINDOWS\system32\drivers\iusb3hcs.sys;C:\WINDOWS\SYSNATIVE\drivers\iusb3hcs.sys [x]
S2 AppleOSSMgr;Apple OS Switch Manager;C:\WINDOWS\system32\AppleOSSMgr.exe;C:\WINDOWS\SYSNATIVE\AppleOSSMgr.exe [x]
S2 AppleTimeSrv;Apple Time Service;C:\WINDOWS\system32\AppleTimeSrv.exe;C:\WINDOWS\SYSNATIVE\AppleTimeSrv.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 KeyAgent;KeyAgent;C:\WINDOWS\system32\drivers\KeyAgent.sys;C:\WINDOWS\SYSNATIVE\drivers\KeyAgent.sys [x]
S2 MacHALDriver;Mac HAL;C:\WINDOWS\system32\drivers\MacHALDriver.sys;C:\WINDOWS\SYSNATIVE\drivers\MacHALDriver.sys [x]
S2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 acpials;ALS Sensor Filter;C:\WINDOWS\system32\DRIVERS\acpials.sys;C:\WINDOWS\SYSNATIVE\DRIVERS\acpials.sys [x]
S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\WINDOWS\system32\DRIVERS\AppleBtBc.sys;C:\WINDOWS\SYSNATIVE\DRIVERS\AppleBtBc.sys [x]
S3 applemtm;Apple Multitouch Mouse;C:\WINDOWS\system32\DRIVERS\applemtm.sys;C:\WINDOWS\SYSNATIVE\DRIVERS\applemtm.sys [x]
S3 applemtp;Apple Multitouch;C:\WINDOWS\system32\DRIVERS\applemtp.sys;C:\WINDOWS\SYSNATIVE\DRIVERS\applemtp.sys [x]
S3 B57ports;Broadcom Simple Communications Device;C:\WINDOWS\system32\DRIVERS\b57ports.sys;C:\WINDOWS\SYSNATIVE\DRIVERS\b57ports.sys [x]
S3 bScsiSDa;bScsiSDa;C:\WINDOWS\system32\DRIVERS\bScsiSDa.sys;C:\WINDOWS\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 CirrusFilter;CS420xLowerFilter;C:\WINDOWS\system32\DRIVERS\CS420x64.sys;C:\WINDOWS\SYSNATIVE\DRIVERS\CS420x64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\WINDOWS\system32\DRIVERS\iusb3hub.sys;C:\WINDOWS\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\WINDOWS\system32\DRIVERS\iusb3xhc.sys;C:\WINDOWS\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 KeyMagic;USB Keyboard HID Filter;C:\WINDOWS\system32\DRIVERS\KeyMagic.sys;C:\WINDOWS\SYSNATIVE\DRIVERS\KeyMagic.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\system32\drivers\nvvad64v.sys;C:\WINDOWS\SYSNATIVE\drivers\nvvad64v.sys [x]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]

Contents of the 'Scheduled Tasks' folder

2014-04-26 C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-26 00:36:27 . 2014-04-26 00:36:27]

2014-04-25 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-490158340-1184732796-1716885235-1000Core.job
- C:\Users\bkribbs\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-03 23:22:35 . 2013-12-03 23:22:26]

2014-04-26 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-490158340-1184732796-1716885235-1000UA.job
- C:\Users\bkribbs\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-03 23:22:35 . 2013-12-03 23:22:26]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apple_KbdMgr"="C:\Program Files\Boot Camp\Bootcamp.exe" [2014-01-31 21:59:58 746816]
"ShadowPlay"="C:\WINDOWS\system32\nvspcap64.dll" [2014-04-02 13:27:05 1225920]
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-02 13:29:05 2201032]

------- Supplementary Scan -------

uLocal Page = C:\WINDOWS\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = C:\WINDOWS\system32\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:50136;https=127.0.0.1:50136
uInternet Settings,ProxyOverride = <-loopback>
TCP: DhcpNameServer = 130.127.255.250 130.127.255.251

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-BattlEye for A2 - D:\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-BrowserSafeguard - C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe
AddRemove-PunkBusterSvc - D:\Origin\Battlefield 4\pbsvc.exe
AddRemove-Steam - C:\Program Files (x86)\Steam\uninstall.exe
AddRemove-Steam App 4000 - C:\Program Files (x86)\Steam\steam.exe
 
Last edited by a moderator:

johnb35

Administrator
Staff member
Have you ran adwcleaner, junk ware removal too and malwarebytes yet? Need to run those first before running combofix.
 

bkribbs

New Member
Have you ran adwcleaner, junk ware removal too and malwarebytes yet? Need to run those first before running combofix.
Yep. Didn't think to save the logs from them though. They caught a lot. What I downloaded was kind of nasty. I think I cleaned most of it up, but it screwed with a ton of my settings. Honestly I've been meaning to reinstall anyways, so I'll just do that later.

Thanks!
 

claptonman

New Member
The logs are probably still there.

The ADWcleaner logs should be at C: -> ADWcleaner.

For Malwarebytes, if you're still on 1.75, the old version, open it up and click the log tab. It should be there. For 2.00, click the "History" tab, and then "Application Logs."
 

bkribbs

New Member
The logs are probably still there.

The ADWcleaner logs should be at C: -> ADWcleaner.

For Malwarebytes, if you're still on 1.75, the old version, open it up and click the log tab. It should be there. For 2.00, click the "History" tab, and then "Application Logs."
Yeah they were. But I had been wanting to rearrange the layout of the partitions on the hard drive, and this worked as a great opportunity!
 
Top