Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Believe to be infected with an MBR virus


  • Please log in to reply
3 replies to this topic

#1 jbebout

jbebout

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 02 July 2013 - 08:08 PM

I just can't kill this thing.  I have even done a low level format and them reinstalled windows from the factory disks.  Internet explorer or firefox will launch by itself.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:   BrowserJavaVersion: 10.25.2
Run by Alex at 17:59:56 on 2013-07-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16332.13306 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{CFC66877-2F13-4EF2-998E-384214F66ABC} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\7ml77v89.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-01 20:15; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn
FF - ExtSQL: 2013-07-01 20:15; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-3-22 678384]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-3-22 28656]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1207000.00D\symds64.sys [2013-7-2 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1207000.00D\symefa64.sys [2013-7-2 912504]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2013-7-1 953904]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20101201.001\IDSviA64.sys [2013-7-1 476792]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1207000.00D\ironx64.sys [2013-7-2 171128]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-7-1 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-7-2 169432]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe [2013-7-2 130008]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-7-2 169752]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-3-12 342528]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-8-27 107912]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-8-27 226696]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2013-7-1 354376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-1 849992]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-5-13 33008]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1206000.01D\symnets.sys [2013-7-2 386168]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-2-16 42392]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/07/01 19:49:40;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-25 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-1-24 58128]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-1-24 274944]
S3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-1-24 59904]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-1 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-1 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-7-1 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-1 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-07-02 16:39:37    912504    ----a-w-    C:\Windows\System32\drivers\NISx64\1207000.00D\symefa64.sys
2013-07-02 16:39:37    744568    ----a-w-    C:\Windows\System32\drivers\NISx64\1207000.00D\srtsp64.sys
2013-07-02 16:39:37    450680    ----a-w-    C:\Windows\System32\drivers\NISx64\1207000.00D\symds64.sys
2013-07-02 16:39:37    40568    ----a-w-    C:\Windows\System32\drivers\NISx64\1207000.00D\srtspx64.sys
2013-07-02 16:39:37    386168    ----a-w-    C:\Windows\System32\drivers\NISx64\1207000.00D\symnets.sys
2013-07-02 16:39:37    171128    ----a-w-    C:\Windows\System32\drivers\NISx64\1207000.00D\ironx64.sys
2013-07-02 16:39:30    --------    d-----w-    C:\Windows\System32\drivers\NISx64\1207000.00D
2013-07-02 08:30:48    912504    ----a-w-    C:\Windows\System32\drivers\NISx64\1206000.01D\symefa64.sys
2013-07-02 08:30:48    744568    ----a-w-    C:\Windows\System32\drivers\NISx64\1206000.01D\srtsp64.sys
2013-07-02 08:30:48    450680    ----a-w-    C:\Windows\System32\drivers\NISx64\1206000.01D\symds64.sys
2013-07-02 08:30:48    40568    ----a-w-    C:\Windows\System32\drivers\NISx64\1206000.01D\srtspx64.sys
2013-07-02 08:30:48    386168    ----a-w-    C:\Windows\System32\drivers\NISx64\1206000.01D\symnets.sys
2013-07-02 08:30:48    171128    ----a-w-    C:\Windows\System32\drivers\NISx64\1206000.01D\ironx64.sys
2013-07-02 08:30:13    --------    d-----w-    C:\Windows\System32\drivers\NISx64\1206000.01D
2013-07-02 08:05:00    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-02 08:02:15    --------    d-----w-    C:\Temp
2013-07-02 07:57:40    --------    d-----w-    C:\Users\Alex\AppData\Roaming\Malwarebytes
2013-07-02 07:57:22    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-07-02 07:57:21    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-07-02 07:57:21    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-02 07:57:01    --------    d-----w-    C:\Users\Alex\AppData\Local\Programs
2013-07-02 07:48:22    964552    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EAD23EAF-E207-480F-A5D4-9AD5288E5F48}\gapaengine.dll
2013-07-02 07:48:19    9552976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4ACF7C7F-7C09-4D02-A44F-C9BF5583F01F}\mpengine.dll
2013-07-02 07:46:37    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2013-07-02 07:46:32    --------    d-----w-    C:\Program Files\Microsoft Security Client
2013-07-02 07:10:20    99288    ----a-w-    C:\Windows\System32\drivers\TeeDriverx64.sys
2013-07-02 07:05:49    --------    d-----w-    C:\Users\Alex\Intel
2013-07-02 07:01:07    144896    ----a-w-    C:\Windows\System32\IntelOpenCL64.dll
2013-07-02 07:01:02    104448    ----a-w-    C:\Windows\SysWow64\IntelOpenCL32.dll
2013-07-02 06:53:55    849992    ----a-w-    C:\Windows\System32\drivers\Rt64win7.sys
2013-07-02 06:53:55    73800    ----a-w-    C:\Windows\System32\RtNicProp64.dll
2013-07-02 06:52:14    --------    d-----w-    C:\Windows\SysWow64\sda
2013-07-02 06:51:09    9889352    ----a-w-    C:\Windows\SysWow64\RtsPStorIcon.dll
2013-07-02 06:51:09    354376    ----a-w-    C:\Windows\System32\drivers\RtsPStor.sys
2013-07-02 06:40:54    --------    d-----w-    C:\ProgramData\AMD
2013-07-02 06:40:51    --------    d-----w-    C:\Program Files (x86)\AMD AVT
2013-07-02 06:40:45    --------    d-----w-    C:\Program Files\Common Files\ATI Technologies
2013-07-02 06:40:45    --------    d-----w-    C:\Program Files (x86)\Common Files\ATI Technologies
2013-07-02 06:39:48    1965056    ----a-w-    C:\Windows\System32\stapo64.dll
2013-07-02 06:38:49    --------    d-----w-    C:\Users\Alex\AppData\Local\ElevatedDiagnostics
2013-07-02 06:37:47    --------    d-----w-    C:\Program Files\ATI Technologies
2013-07-02 06:36:56    --------    d-----w-    C:\AMD
2013-07-02 06:30:44    --------    d-----w-    C:\Program Files\Microsoft Mouse and Keyboard Center
2013-07-02 06:26:40    256000    ----a-w-    C:\Windows\System32\st646469.dll
2013-07-02 06:26:30    --------    d-----w-    C:\Program Files\IDT
2013-07-02 06:22:24    --------    d-----w-    C:\Program Files\CCleaner
2013-07-02 06:17:17    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-02 06:17:17    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-02 06:16:39    --------    d-----w-    C:\Users\Alex\AppData\Local\Adobe
2013-07-02 06:08:26    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-07-02 06:08:19    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-02 05:58:57    9552976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8E762409-F5DF-41A2-A397-ED372D2A8461}\mpengine.dll
2013-07-02 05:47:32    --------    d-----w-    C:\ProgramData\DriverGenius
2013-07-02 05:47:17    --------    d-----w-    C:\Program Files (x86)\Driver-Soft
2013-07-02 05:36:33    --------    d-----w-    C:\Users\Alex\AppData\Local\WindowsUpdate
2013-07-02 05:31:57    --------    d-----w-    C:\Program Files (x86)\MSXML 4.0
2013-07-02 05:23:48    --------    d-----w-    C:\ProgramData\Synaptics
2013-07-02 05:19:04    --------    d-----w-    C:\Windows\SysWow64\Wat
2013-07-02 05:19:04    --------    d-----w-    C:\Windows\System32\Wat
2013-07-02 05:13:37    --------    d-----w-    C:\Users\Alex\AppData\Local\CrashDumps
2013-07-02 05:02:50    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
2013-07-02 05:02:50    785512    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2013-07-02 05:02:50    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
2013-07-02 05:02:50    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-07-02 04:58:51    9552976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-07-02 04:54:32    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2013-07-02 04:54:32    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2013-07-02 04:54:32    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2013-07-02 04:54:32    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2013-07-02 04:54:10    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2013-07-02 04:54:10    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2013-07-02 04:54:10    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2013-07-02 04:54:10    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2013-07-02 04:54:06    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2013-07-02 04:54:06    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2013-07-02 04:54:06    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2013-07-02 04:52:32    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-07-02 04:52:32    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2013-07-02 04:52:32    5120    ----a-w-    C:\Windows\System32\wmi.dll
2013-07-02 04:52:32    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2013-07-02 04:52:32    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-07-02 04:49:45    961024    ----a-w-    C:\Windows\System32\CPFilters.dll
2013-07-02 04:48:46    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-07-02 04:47:51    55296    ----a-w-    C:\Windows\System32\dhcpcsvc6.dll
2013-07-02 04:46:48    1499136    ----a-w-    C:\Program Files\Common Files\System\ado\msado15.dll
2013-07-02 04:39:45    77312    ----a-w-    C:\Windows\System32\packager.dll
2013-07-02 04:39:45    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2013-07-02 04:34:45    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
2013-07-02 04:34:35    99840    ----a-w-    C:\Windows\System32\wudriver.dll
2013-07-02 04:34:27    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2013-07-02 04:34:27    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-07-02 04:26:16    528384    ----a-w-    C:\Windows\System32\drivers\stwrt64.sys
2013-07-02 04:26:16    431616    ----a-w-    C:\Windows\System32\stcplx64.dll
2013-07-02 04:26:15    654336    ----a-w-    C:\Windows\System32\stapi64.dll
2013-07-02 04:20:49    557848    ----a-w-    C:\Windows\System32\drivers\iaStor.sys
2013-07-02 04:17:50    --------    d-----w-    C:\Program Files (x86)\Cisco
2013-07-02 04:11:34    8604672    ----a-w-    C:\Windows\System32\drivers\NETwNs64.sys
2013-07-02 04:09:35    81920    ----a-w-    C:\Windows\System32\nusb3co2.dll
2013-07-02 03:54:07    --------    d-----w-    C:\HP_TOOLS_mountHPSF
2013-07-02 03:53:33    --------    d-----w-    C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-07-02 03:26:05    --------    d-----w-    C:\Windows\ehome
2013-07-02 03:21:53    --------    d-----w-    C:\Users\Alex\AppData\Local\ATI
2013-07-02 03:20:53    --------    d-----w-    C:\Users\Alex\AppData\Roaming\Intel Corporation
2013-07-02 03:20:51    --------    d-----w-    C:\Users\Alex\AppData\Roaming\hpqLog
2013-07-02 03:20:50    --------    d-----w-    C:\Users\Alex\AppData\Roaming\Synaptics
2013-07-02 03:20:27    --------    d-----w-    C:\Users\Alex\AppData\Local\VirtualStore
2013-07-02 03:20:12    --------    d-----w-    C:\Users\Alex\AppData\Local\RemEngine
2013-07-02 03:17:49    --------    d-----w-    C:\Users\Alex\AppData\Local\Hewlett-Packard
2013-07-02 03:17:37    --------    d-----w-    C:\Users\Alex\AppData\Local\Hewlett-Packard_Company
2013-07-02 02:49:45    --------    d-----w-    C:\Program Files (x86)\Microsoft
2013-07-02 02:48:37    29480    ----a-w-    C:\Windows\SysWow64\msxml3a.dll
2013-07-02 02:48:12    --------    d-----w-    C:\Program Files (x86)\Common Files\Telespree
2013-07-02 02:47:30    --------    d-----w-    C:\Program Files (x86)\HP SimplePass 2011
2013-07-02 02:47:24    --------    d-----w-    C:\Program Files\Common Files\AuthenTec
2013-07-02 02:47:24    --------    d-----w-    C:\Program Files (x86)\Common Files\AuthenTec
2013-07-02 02:47:23    --------    d-----w-    C:\ProgramData\Downloaded Installations
2013-07-02 02:47:20    174200    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-07-02 02:47:20    --------    d-----w-    C:\Program Files\Symantec
2013-07-02 02:47:20    --------    d-----w-    C:\Program Files\Common Files\Symantec Shared
2013-07-02 02:47:03    --------    d-----w-    C:\Windows\System32\drivers\NISx64
2013-07-02 02:47:01    --------    d-----w-    C:\ProgramData\Norton
2013-07-02 02:47:01    --------    d-----w-    C:\Program Files (x86)\Norton Internet Security
2013-07-02 02:46:37    --------    d-----w-    C:\ProgramData\NortonInstaller
2013-07-02 02:46:37    --------    d-----w-    C:\Program Files (x86)\NortonInstaller
2013-07-02 02:46:20    --------    d-----w-    C:\Program Files (x86)\Intel Corporation
2013-07-02 02:46:20    --------    d-----w-    C:\Program Files (x86)\Common Files\Intel Corporation
2013-07-02 02:44:02    0    ----a-w-    C:\Windows\ativpsrm.bin
2013-07-02 02:42:02    --------    d-----w-    C:\Windows\Hewlett-Packard
2013-07-02 02:40:30    --------    d-----w-    C:\ProgramData\Roaming
2013-07-02 02:39:27    --------    d-----w-    C:\Windows\HPQ
2013-07-02 02:39:01    --------    d-----w-    C:\Program Files (x86)\Renesas Electronics
2013-07-02 02:38:22    --------    d-----w-    C:\Program Files\Validity Sensors
2013-07-02 02:38:07    --------    d-----w-    C:\Program Files\Synaptics
2013-07-02 02:37:18    108104    ----a-w-    C:\Windows\System32\RTNUninst64.dll
2013-07-02 02:37:04    --------    d-----w-    C:\Program Files (x86)\Realtek
2013-07-02 02:34:41    --------    d-----w-    C:\Program Files\ATI
2013-07-02 02:33:56    16344    ----a-w-    C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-07-02 02:33:51    --------    d-----w-    C:\Program Files (x86)\Common Files\postureAgent
2013-07-02 02:33:04    53248    ----a-w-    C:\Windows\SysWow64\CSVer.dll
2013-07-02 02:33:01    --------    d-----w-    C:\Intel
.
==================== Find3M  ====================
.
2013-07-02 06:08:14    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-07-02 02:48:34    505128    ----a-w-    C:\Windows\SysWow64\msvcp71.dll
2013-07-02 02:48:34    353576    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2013-05-13 22:36:12    828872    ----a-w-    C:\Windows\System32\msvcr110.dll
2013-05-13 22:36:12    661448    ----a-w-    C:\Windows\System32\msvcp110.dll
2013-05-13 22:36:12    354264    ----a-w-    C:\Windows\System32\vccorlib110.dll
2013-05-13 22:36:12    251864    ----a-w-    C:\Windows\SysWow64\vccorlib110.dll
2013-05-13 22:36:10    862664    ----a-w-    C:\Windows\SysWow64\msvcr110.dll
2013-05-13 22:36:10    534480    ----a-w-    C:\Windows\SysWow64\msvcp110.dll
2013-05-13 22:36:06    76464    ----a-w-    C:\Windows\System32\drivers\dc3d.sys
2013-05-13 22:36:06    50864    ----a-w-    C:\Windows\System32\drivers\point64.sys
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-05-07 04:23:40    33008    ----a-w-    C:\Windows\System32\drivers\Smb_driver_Intel.sys
2013-05-07 04:21:28    1060080    ----a-w-    C:\Windows\System32\SynCOM.dll
2013-05-07 04:21:26    544496    ----a-w-    C:\Windows\SysWow64\SynCom.dll
2013-05-07 04:19:34    495856    ----a-w-    C:\Windows\System32\drivers\SynTP.sys
2013-05-07 04:19:30    264432    ----a-w-    C:\Windows\System32\SynTPAPI.dll
2013-05-07 04:19:28    192240    ----a-w-    C:\Windows\System32\SynTPCo18.dll
2013-05-07 04:19:24    151280    ----a-w-    C:\Windows\SysWow64\SynTPCom.dll
2013-05-02 17:32:04    2274480    ----a-w-    C:\Windows\System32\coin94.dll
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-05-02 11:16:56    11530992    ----a-w-    C:\Windows\System32\drivers\NETwsw00.sys
2013-04-26 05:51:36    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
.
============= FINISH: 18:00:12.71 ===============
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:47 PM

Posted 07 July 2013 - 09:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review. I suggest you restart the computer before running this tool.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 jbebout

jbebout
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 07 July 2013 - 06:25 PM

ADWcleaner

 

# AdwCleaner v2.304 - Logfile created 07/07/2013 at 15:32:01
# Updated 03/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Alex - ALEX-HP
# Boot Mode : Normal
# Running from : C:\Users\Alex\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\7ml77v89.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1359 octets] - [07/07/2013 15:32:01]

########## EOF - C:\AdwCleaner[S1].txt - [1419 octets] ##########
 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Alex on Sun 07/07/2013 at 15:36:12.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\driver-soft"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/07/2013 at 15:39:38.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Combofix

 

ComboFix 13-07-08.02 - Alex 07/07/2013  15:45:33.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16332.14025 [GMT -7:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-07 to 2013-07-07  )))))))))))))))))))))))))))))))
.
.
2013-07-07 22:49 . 2013-07-07 22:49    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-07 22:45 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA192EF9-7F01-4A70-8EED-F138CE191CEC}\mpengine.dll
2013-07-07 22:36 . 2013-07-07 22:36    --------    d-----w-    c:\windows\ERUNT
2013-07-07 22:35 . 2013-07-07 22:35    --------    d-----w-    C:\JRT
2013-07-05 05:07 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-04 04:49 . 2013-05-06 13:39    9060352    ----a-w-    c:\windows\system32\mshtml.dll
2013-07-04 04:49 . 2013-02-28 12:03    1638912    ----a-w-    c:\windows\system32\mshtml.tlb
2013-07-04 04:49 . 2013-02-28 11:38    1638912    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-07-03 03:42 . 2012-06-16 05:16    609792    ----a-w-    c:\windows\system32\vbscript.dll
2013-07-03 03:42 . 2012-06-16 05:15    911360    ----a-w-    c:\windows\system32\jscript.dll
2013-07-03 03:42 . 2012-06-16 04:26    428032    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-07-02 15:10 . 2013-07-02 15:10    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2013-07-02 08:05 . 2013-07-02 15:07    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-02 08:02 . 2013-07-02 15:09    --------    d-----w-    C:\Temp
2013-07-02 07:57 . 2013-07-02 07:57    --------    d-----w-    c:\programdata\Malwarebytes
2013-07-02 07:57 . 2013-07-02 07:57    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-02 07:57 . 2013-04-04 21:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-02 07:48 . 2013-07-02 07:48    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EAD23EAF-E207-480F-A5D4-9AD5288E5F48}\gapaengine.dll
2013-07-02 07:46 . 2013-07-02 07:46    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2013-07-02 07:46 . 2013-07-02 07:46    --------    d-----w-    c:\program files\Microsoft Security Client
2013-07-02 07:10 . 2013-03-20 22:45    99288    ----a-w-    c:\windows\system32\drivers\TeeDriverx64.sys
2013-07-02 07:01 . 2012-05-15 14:13    144896    ----a-w-    c:\windows\system32\IntelOpenCL64.dll
2013-07-02 07:01 . 2012-05-15 13:20    104448    ----a-w-    c:\windows\SysWow64\IntelOpenCL32.dll
2013-07-02 06:53 . 2013-04-10 18:09    849992    ----a-w-    c:\windows\system32\drivers\Rt64win7.sys
2013-07-02 06:53 . 2013-04-10 18:09    73800    ----a-w-    c:\windows\system32\RtNicProp64.dll
2013-07-02 06:52 . 2013-07-02 06:52    --------    d-----w-    c:\windows\SysWow64\sda
2013-07-02 06:51 . 2013-05-16 18:34    354376    ----a-w-    c:\windows\system32\drivers\RtsPStor.sys
2013-07-02 06:51 . 2013-04-26 01:12    9889352    ----a-w-    c:\windows\SysWow64\RtsPStorIcon.dll
2013-07-02 06:48 . 2013-07-02 06:48    --------    d-----w-    c:\programdata\ATI
2013-07-02 06:40 . 2013-07-02 06:40    --------    d-----w-    c:\programdata\AMD
2013-07-02 06:40 . 2013-07-02 06:40    --------    d-----w-    c:\program files (x86)\AMD AVT
2013-07-02 06:40 . 2013-07-02 06:40    --------    d-----w-    c:\program files\Common Files\ATI Technologies
2013-07-02 06:40 . 2013-07-02 06:40    --------    d-----w-    c:\program files (x86)\Common Files\ATI Technologies
2013-07-02 06:39 . 2013-07-02 04:26    1965056    ----a-w-    c:\windows\system32\stapo64.dll
2013-07-02 06:37 . 2013-07-02 06:40    --------    d-----w-    c:\program files\ATI Technologies
2013-07-02 06:36 . 2013-07-03 03:48    --------    d-----w-    C:\AMD
2013-07-02 06:30 . 2013-07-02 06:30    --------    d-----w-    c:\program files\Microsoft Mouse and Keyboard Center
2013-07-02 06:26 . 2013-04-17 17:00    256000    ----a-w-    c:\windows\system32\st646469.dll
2013-07-02 06:26 . 2013-07-02 06:28    --------    d-----w-    c:\program files\IDT
2013-07-02 06:22 . 2013-07-02 06:22    --------    d-----w-    c:\program files\CCleaner
2013-07-02 06:18 . 2013-07-02 06:18    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
2013-07-02 06:17 . 2013-07-02 06:17    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-02 06:17 . 2013-07-02 06:17    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-02 06:17 . 2013-07-02 06:17    --------    d-----w-    c:\windows\system32\Macromed
2013-07-02 06:16 . 2013-07-02 06:16    --------    d-----w-    c:\program files (x86)\Common Files\Adobe AIR
2013-07-02 06:08 . 2013-07-02 06:08    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-07-02 06:08 . 2013-07-02 06:08    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-07-02 06:08 . 2013-07-02 06:08    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-02 06:02 . 2013-07-02 06:02    --------    d-----w-    c:\programdata\McAfee
2013-07-02 05:58 . 2013-06-17 09:10    9552976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E762409-F5DF-41A2-A397-ED372D2A8461}\mpengine.dll
2013-07-02 05:57 . 2013-07-02 05:57    --------    d-----w-    c:\program files\Microsoft Silverlight
2013-07-02 05:57 . 2013-07-02 05:57    --------    d-----w-    c:\program files (x86)\Microsoft Silverlight
2013-07-02 05:47 . 2013-07-02 06:01    --------    d-----w-    c:\programdata\DriverGenius
2013-07-02 05:31 . 2013-07-02 05:31    --------    d-----w-    c:\program files (x86)\MSXML 4.0
2013-07-02 05:23 . 2013-07-02 05:23    --------    d-----w-    c:\programdata\Synaptics
2013-07-02 05:19 . 2013-07-02 05:19    --------    d-----w-    c:\windows\SysWow64\Wat
2013-07-02 05:19 . 2013-07-02 05:19    --------    d-----w-    c:\windows\system32\Wat
2013-07-02 05:02 . 2012-07-26 04:55    785512    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2013-07-02 05:02 . 2012-07-26 04:55    54376    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2013-07-02 05:02 . 2012-07-26 04:47    2560    ----a-w-    c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-07-02 05:02 . 2012-07-26 02:36    9728    ----a-w-    c:\windows\system32\Wdfres.dll
2013-07-02 04:55 . 2013-06-03 00:11    75825640    ----a-w-    c:\windows\system32\MRT.exe
2013-07-02 04:54 . 2012-12-16 17:11    46080    ----a-w-    c:\windows\system32\atmlib.dll
2013-07-02 04:54 . 2012-12-16 14:45    367616    ----a-w-    c:\windows\system32\atmfd.dll
2013-07-02 04:54 . 2012-12-16 14:13    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2013-07-02 04:54 . 2012-12-16 14:13    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2013-07-02 04:54 . 2012-07-26 03:08    84992    ----a-w-    c:\windows\system32\WUDFSvc.dll
2013-07-02 04:54 . 2012-07-26 03:08    194048    ----a-w-    c:\windows\system32\WUDFPlatform.dll
2013-07-02 04:54 . 2012-07-26 02:26    87040    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2013-07-02 04:54 . 2012-07-26 02:26    198656    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2013-07-02 04:54 . 2012-07-26 03:08    229888    ----a-w-    c:\windows\system32\WUDFHost.exe
2013-07-02 04:54 . 2012-07-26 03:08    744448    ----a-w-    c:\windows\system32\WUDFx.dll
2013-07-02 04:54 . 2012-07-26 03:08    45056    ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2013-07-02 04:52 . 2012-03-01 06:46    23408    ----a-w-    c:\windows\system32\drivers\fs_rec.sys
2013-07-02 04:52 . 2012-03-01 06:33    81408    ----a-w-    c:\windows\system32\imagehlp.dll
2013-07-02 04:52 . 2012-03-01 06:28    5120    ----a-w-    c:\windows\system32\wmi.dll
2013-07-02 04:52 . 2012-03-01 05:33    159232    ----a-w-    c:\windows\SysWow64\imagehlp.dll
2013-07-02 04:52 . 2012-03-01 05:29    5120    ----a-w-    c:\windows\SysWow64\wmi.dll
2013-07-02 04:49 . 2010-12-23 10:42    1118720    ----a-w-    c:\windows\system32\sbe.dll
2013-07-02 04:48 . 2013-01-04 05:46    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-07-02 04:47 . 2012-10-09 18:17    55296    ----a-w-    c:\windows\system32\dhcpcsvc6.dll
2013-07-02 04:46 . 2012-06-06 06:05    1499136    ----a-w-    c:\program files\Common Files\System\ado\msado15.dll
2013-07-02 04:39 . 2011-11-19 14:58    77312    ----a-w-    c:\windows\system32\packager.dll
2013-07-02 04:39 . 2011-11-19 14:01    67072    ----a-w-    c:\windows\SysWow64\packager.dll
2013-07-02 04:34 . 2012-06-02 22:19    2428952    ----a-w-    c:\windows\system32\wuaueng.dll
2013-07-02 04:34 . 2012-06-02 22:19    57880    ----a-w-    c:\windows\system32\wuauclt.exe
2013-07-02 04:34 . 2012-06-02 22:19    44056    ----a-w-    c:\windows\system32\wups2.dll
2013-07-02 04:34 . 2012-06-02 22:15    2622464    ----a-w-    c:\windows\system32\wucltux.dll
2013-07-02 04:34 . 2012-06-02 22:19    38424    ----a-w-    c:\windows\system32\wups.dll
2013-07-02 04:34 . 2012-06-02 22:19    701976    ----a-w-    c:\windows\system32\wuapi.dll
2013-07-02 04:34 . 2012-06-02 22:15    99840    ----a-w-    c:\windows\system32\wudriver.dll
2013-07-02 04:34 . 2012-06-02 22:19    186752    ----a-w-    c:\windows\system32\wuwebv.dll
2013-07-02 04:34 . 2012-06-02 22:15    36864    ----a-w-    c:\windows\system32\wuapp.exe
2013-07-02 04:26 . 2013-07-02 04:26    528384    ----a-w-    c:\windows\system32\drivers\stwrt64.sys
2013-07-02 04:26 . 2013-07-02 04:26    431616    ----a-w-    c:\windows\system32\stcplx64.dll
2013-07-02 04:26 . 2013-07-02 04:26    654336    ----a-w-    c:\windows\system32\stapi64.dll
2013-07-02 04:20 . 2011-05-20 16:53    557848    ----a-w-    c:\windows\system32\drivers\iaStor.sys
2013-07-02 04:18 . 2013-07-02 07:11    --------    d-----w-    c:\programdata\Intel
2013-07-02 04:17 . 2013-07-02 04:17    --------    d-----w-    c:\program files (x86)\Cisco
2013-07-02 04:11 . 2013-07-02 04:11    8604672    ----a-w-    c:\windows\system32\drivers\NETwNs64.sys
2013-07-02 04:09 . 2013-07-02 04:09    81920    ----a-w-    c:\windows\system32\nusb3co2.dll
2013-07-02 03:54 . 2013-07-02 03:54    --------    d-----w-    C:\HP_TOOLS_mountHPSF
2013-07-02 03:53 . 2013-07-02 03:53    --------    d-----w-    c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-07-02 03:26 . 2013-07-02 05:19    --------    d-----w-    c:\windows\ehome
2013-07-02 03:26 . 2013-07-02 03:26    --------    d-----w-    c:\users\Default\AppData\Roaming\Media Center Programs
2013-07-02 03:26 . 2013-07-02 03:26    --------    d-----r-    c:\users\Public\Recorded TV
2013-07-02 03:15 . 2013-07-02 07:05    --------    d-----w-    c:\users\Alex
2013-07-02 02:49 . 2013-07-02 03:23    --------    d-----w-    c:\program files (x86)\Microsoft
2013-07-02 02:49 . 2013-07-02 02:49    --------    d-----w-    c:\programdata\CyberLink
2013-07-02 02:48 . 2013-07-02 02:49    --------    d-----w-    c:\program files (x86)\CyberLink
2013-07-02 02:48 . 2013-07-02 02:48    29480    ----a-w-    c:\windows\SysWow64\msxml3a.dll
2013-07-02 02:48 . 2013-07-02 02:48    --------    d-----w-    c:\program files (x86)\Common Files\Telespree
2013-07-02 02:47 . 2013-07-02 02:47    --------    d-----w-    c:\program files (x86)\HP SimplePass 2011
2013-07-02 02:47 . 2013-07-02 02:47    --------    d-----w-    c:\program files (x86)\Common Files\AuthenTec
2013-07-02 02:47 . 2013-07-02 02:47    --------    d-----w-    c:\program files\Common Files\AuthenTec
2013-07-02 02:47 . 2013-07-02 06:46    --------    d-----w-    c:\programdata\Downloaded Installations
2013-07-02 02:47 . 2013-07-02 08:30    174200    ----a-w-    c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-07-02 02:47 . 2013-07-02 08:30    --------    d-----w-    c:\program files\Symantec
2013-07-02 02:47 . 2013-07-02 02:47    --------    d-----w-    c:\program files\Common Files\Symantec Shared
2013-07-02 02:47 . 2013-07-07 22:34    --------    d-----w-    c:\windows\system32\drivers\NISx64
2013-07-02 02:47 . 2013-07-02 03:15    --------    d-----w-    c:\programdata\Norton
2013-07-02 02:47 . 2013-07-02 02:47    --------    d-----w-    c:\program files (x86)\Norton Internet Security
2013-07-02 02:46 . 2013-07-02 02:46    --------    d-----w-    c:\program files (x86)\NortonInstaller
2013-07-02 02:46 . 2013-07-02 05:24    --------    d-----w-    c:\program files (x86)\Common Files\Intel Corporation
2013-07-02 02:46 . 2013-07-02 02:46    --------    d-----w-    c:\program files (x86)\Intel Corporation
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-02 06:08 . 2011-06-21 19:44    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-07-02 03:16 . 2010-06-24 18:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-07-02 02:48 . 2003-03-19 03:14    505128    ----a-w-    c:\windows\SysWow64\msvcp71.dll
2013-07-02 02:48 . 2003-02-21 11:42    353576    ----a-w-    c:\windows\SysWow64\msvcr71.dll
2013-05-13 22:36 . 2013-05-13 22:36    828872    ----a-w-    c:\windows\system32\msvcr110.dll
2013-05-13 22:36 . 2013-05-13 22:36    661448    ----a-w-    c:\windows\system32\msvcp110.dll
2013-05-13 22:36 . 2013-05-13 22:36    354264    ----a-w-    c:\windows\system32\vccorlib110.dll
2013-05-13 22:36 . 2013-05-13 22:36    251864    ----a-w-    c:\windows\SysWow64\vccorlib110.dll
2013-05-13 22:36 . 2013-05-13 22:36    862664    ----a-w-    c:\windows\SysWow64\msvcr110.dll
2013-05-13 22:36 . 2013-05-13 22:36    534480    ----a-w-    c:\windows\SysWow64\msvcp110.dll
2013-05-13 22:36 . 2013-05-13 22:36    76464    ----a-w-    c:\windows\system32\drivers\dc3d.sys
2013-05-13 22:36 . 2013-05-13 22:36    50864    ----a-w-    c:\windows\system32\drivers\point64.sys
2013-05-07 04:23 . 2013-05-14 00:44    33008    ----a-w-    c:\windows\system32\drivers\Smb_driver_Intel.sys
2013-05-07 04:21 . 2013-05-14 00:44    1060080    ----a-w-    c:\windows\system32\SynCOM.dll
2013-05-07 04:21 . 2013-05-14 00:44    544496    ----a-w-    c:\windows\SysWow64\SynCom.dll
2013-05-07 04:19 . 2013-05-14 00:44    495856    ----a-w-    c:\windows\system32\drivers\SynTP.sys
2013-05-07 04:19 . 2013-05-14 00:44    264432    ----a-w-    c:\windows\system32\SynTPAPI.dll
2013-05-07 04:19 . 2013-05-14 00:44    192240    ----a-w-    c:\windows\system32\SynTPCo18.dll
2013-05-07 04:19 . 2013-05-14 00:44    151280    ----a-w-    c:\windows\SysWow64\SynTPCom.dll
2013-05-02 17:32 . 2013-05-02 17:32    2274480    ----a-w-    c:\windows\system32\coin94.dll
2013-05-02 15:29 . 2010-11-21 03:27    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-05-02 11:16 . 2013-05-02 13:43    11530992    ----a-w-    c:\windows\system32\drivers\NETwsw00.sys
2013-04-13 05:49 . 2013-07-02 04:49    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-07-02 04:49    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-07-02 04:49    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-07-02 04:49    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-07-02 04:49    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-07-02 04:49    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-25 75048]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-29 642656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/07/01 19:49;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20101201.001\IDSVia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20101201.001\IDSVia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-02 c:\windows\Tasks\HPCeeScheduleForAlex.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-07-02 1128448]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\7ml77v89.default\
FF - ExtSQL: 2013-07-01 20:15; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_5_1
FF - ExtSQL: 2013-07-01 20:15; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-23430681.sys
SafeBoot-38685418.sys
SafeBoot-41237559.sys
SafeBoot-69875496.sys
SafeBoot-80378046.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-07  15:50:29
ComboFix-quarantined-files.txt  2013-07-07 22:50
.
Pre-Run: 915,910,369,280 bytes free
Post-Run: 916,099,018,752 bytes free
.
- - End Of File - - DD299CCAAC332E3F3BC429CEC6110508
A36C5E4F47E84449FF07ED3517B43A31
 

Security Check

 

 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Microsoft Security Essentials   
Norton Internet Security        
  (On Access scanning disabled!)
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Reader XI  
 Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

I'm not sure what the scans did to help other than delete a legitimate program Driver Genius.  That program is not an infector.  If it was, then the other 6 computer I have installed it on would be having the same problem.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:47 PM

Posted 08 July 2013 - 06:38 AM


The JunkRemoval tool removed this folder.

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\driver-soft"


Reinstall the application.

The Junk Removal tool will normally remove any 3rd party toolbar.

Is there a Browsing ofject installed with this application?
In some programs if a toolbar is install the Junk Removal tool delete it.
If the program Driver Genius install a toolbar it will be removed.
In this case since the toolbar is in the same folder as the program all was removed.

Please let me so I can inform the owner of the tool.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users