Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to boot to windows


  • Please log in to reply
36 replies to this topic

#31 Donskee

Donskee
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 09 January 2014 - 03:48 AM

C:\FRST\Quarantine\csrwuail.exe Win32/TrojanDownloader.Agent.RZB trojan cleaned by deleting - quarantined
C:\Users\Primary User\Desktop\Software\cpu-z_1.63-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\Primary User\Desktop\Software\hwmonitor_1.21-setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Primary User\Desktop\Software\winamp563_full_emusic-7plus_en-us.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Primary User\Documents\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E application cleaned by deleting - quarantined
C:\Users\Primary User\Downloads\Setup.exe a variant of Win32/AdWare.iBryte.L.gen application cleaned by deleting - quarantined
 


BC AdBot (Login to Remove)

 


#32 Donskee

Donskee
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 09 January 2014 - 04:02 AM

I'm not sure if this is related or not, but ever since the computer was restored back to its original state, Facebook has not been loading properly. The pages load about half way, and then the page crashes.  Is this something you are aware of?

 

Thanks



#33 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:35 PM

Posted 09 January 2014 - 11:50 AM

The latest Combofix was incompleted.

 

Download the enclosed file.

 

Save it in the same location Combofix is.

 

CFScriptB-4.gif

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

 

 

I'm not sure if this is related or not, but ever since the computer was restored back to its original state, Facebook has not been loading properly. The pages load about half way, and then the page crashes.  Is this something you are aware of?

 

Thanks

 

Security check

Download and run Security Check by screen317 and post its report.


Edited by JSntgRvr, 09 January 2014 - 11:52 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#34 Donskee

Donskee
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 09 January 2014 - 03:23 PM

I've disabled everything in Norton, and Combofix continues to give me a message that Norton Antospyware scan is still active. The problem is that I can't find anyplace to turn off the Anto spyware. Even in Bleeping computers instructions.  But I continued to run combofix, and even ran it twice.  Here are the results of the first scan. nd scan results will follow

 

ComboFix 14-01-08.03 - Primary User 01/09/2014  11:45:19.2.4 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.6143.3599 [GMT -8:00]

Running from: c:\users\Primary User\Desktop\ComboFix.exe

Command switches used :: c:\users\Primary User\Desktop\CFScript.txt

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\users\PRIMAR~1\AppData\Local\Temp\7zS121F\HPSLPSVC64.DLL

c:\users\Primary User\AppData\Local\Temp\7zS121F\HPSLPSVC64.DLL

c:\windows\jestertb.dll

.

-- Previous Run --

.

Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

.

--------

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_HPSLPSVC

.

.

(((((((((((((((((((((((((   Files Created from 2013-12-09 to 2014-01-09  )))))))))))))))))))))))))))))))

.

.

2014-01-09 19:50 . 2014-01-09 19:50         --------   d-----w-                c:\users\Default\AppData\Local\temp

2014-01-07 08:25 . 2014-01-07 08:25         --------   d-----w-                c:\users\Primary User\AppData\Roaming\Malwarebytes

2014-01-07 08:25 . 2014-01-07 08:25         --------   d-----w-                c:\programdata\Malwarebytes

2014-01-07 08:25 . 2014-01-07 08:25         --------   d-----w-                c:\program files (x86)\Malwarebytes' Anti-Malware

2014-01-07 08:25 . 2013-04-04 22:50         25928    ----a-w-                c:\windows\system32\drivers\mbam.sys

2014-01-07 08:04 . 2014-01-09 09:44         --------   d-----w-                c:\users\Primary User\AppData\Local\BrowserSafeguard

2014-01-05 20:45 . 2014-01-02 17:48         531560  ------w- c:\windows\SysWow64\MC19.exe

2014-01-05 20:45 . 2014-01-02 17:48         531560  ------w- c:\windows\system32\MC19.exe

2014-01-04 10:05 . 2014-01-04 10:11         --------   d-----w-                c:\users\Primary User\AppData\Local\NPE

2013-12-29 20:27 . 2013-12-29 20:27         --------   d-----w-                C:\FRST

2013-12-24 06:06 . 2013-12-24 06:06         --------   d-----w-                C:\NBRT

2013-12-12 11:05 . 2013-05-10 04:30         167424  ----a-w-                c:\program files\Windows Media Player\wmplayer.exe

2013-12-12 11:05 . 2013-05-10 03:48         164864  ----a-w-                c:\program files (x86)\Windows Media Player\wmplayer.exe

2013-12-12 11:05 . 2013-05-10 05:56         12625920             ----a-w-                c:\windows\system32\wmploc.DLL

2013-12-12 11:05 . 2013-05-10 04:56         12625408             ----a-w-                c:\windows\SysWow64\wmploc.DLL

2013-12-12 11:05 . 2013-05-10 05:56         14631424             ----a-w-                c:\windows\system32\wmp.dll

2013-12-11 12:55 . 2013-10-30 02:32         335360  ----a-w-                c:\windows\system32\msieftp.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-14 11:00 . 2013-06-19 23:43         90708896             ----a-w-                c:\windows\system32\MRT.exe

2013-12-11 06:11 . 2013-06-22 02:49         71048    ----a-w-                c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-11 06:11 . 2013-06-22 02:49         692616  ----a-w-                c:\windows\SysWow64\FlashPlayerApp.exe

2013-11-26 05:50 . 2013-06-28 18:23         177752  ----a-w-                c:\windows\system32\drivers\SYMEVENT64x86.SYS

2013-11-12 11:02 . 2013-11-12 11:02         940032  ----a-w-                c:\windows\system32\MsSpellCheckingFacility.exe

2013-11-12 11:02 . 2013-11-12 11:02         194048  ----a-w-                c:\windows\SysWow64\elshyph.dll

2013-11-12 11:01 . 2013-11-12 11:01         86016    ----a-w-                c:\windows\SysWow64\iesysprep.dll

2013-11-12 11:01 . 2013-11-12 11:01         74240    ----a-w-                c:\windows\SysWow64\SetIEInstalledDate.exe

2013-11-12 11:01 . 2013-11-12 11:01         71680    ----a-w-                c:\windows\SysWow64\RegisterIEPKEYs.exe

2013-11-12 11:01 . 2013-11-12 11:01         645120  ----a-w-                c:\windows\SysWow64\jsIntl.dll

2013-11-12 11:01 . 2013-11-12 11:01         62464    ----a-w-                c:\windows\SysWow64\tdc.ocx

2013-11-12 11:01 . 2013-11-12 11:01         61952    ----a-w-                c:\windows\SysWow64\MshtmlDac.dll

2013-11-12 11:01 . 2013-11-12 11:01         61952    ----a-w-                c:\windows\SysWow64\iesetup.dll

2013-11-12 11:01 . 2013-11-12 11:01         51200    ----a-w-                c:\windows\SysWow64\ieetwproxystub.dll

2013-11-12 11:01 . 2013-11-12 11:01         48640    ----a-w-                c:\windows\SysWow64\mshtmler.dll

2013-11-12 11:01 . 2013-11-12 11:01         454656  ----a-w-                c:\windows\SysWow64\vbscript.dll

2013-11-12 11:01 . 2013-11-12 11:01         36352    ----a-w-                c:\windows\SysWow64\imgutil.dll

2013-11-12 11:01 . 2013-11-12 11:01         34816    ----a-w-                c:\windows\SysWow64\JavaScriptCollectionAgent.dll

2013-11-12 11:01 . 2013-11-12 11:01         337408  ----a-w-                c:\windows\SysWow64\html.iec

2013-11-12 11:01 . 2013-11-12 11:01         24576    ----a-w-                c:\windows\SysWow64\licmgr10.dll

2013-11-12 11:01 . 2013-11-12 11:01         235008  ----a-w-                c:\windows\system32\elshyph.dll

2013-11-12 11:01 . 2013-11-12 11:01         182272  ----a-w-                c:\windows\SysWow64\msls31.dll

2013-11-12 11:01 . 2013-11-12 11:01         151552  ----a-w-                c:\windows\SysWow64\iexpress.exe

2013-11-12 11:01 . 2013-11-12 11:01         139264  ----a-w-                c:\windows\SysWow64\wextract.exe

2013-11-12 11:01 . 2013-11-12 11:01         13312    ----a-w-                c:\windows\SysWow64\mshta.exe

2013-11-12 11:01 . 2013-11-12 11:01         112128  ----a-w-                c:\windows\SysWow64\ieUnatt.exe

2013-11-12 11:01 . 2013-11-12 11:01         111616  ----a-w-                c:\windows\SysWow64\IEAdvpack.dll

2013-11-12 11:01 . 2013-11-12 11:01         1051136                ----a-w-                c:\windows\SysWow64\mshtmlmedia.dll

2013-11-12 11:01 . 2013-11-12 11:01         942592  ----a-w-                c:\windows\system32\jsIntl.dll

2013-11-12 11:01 . 2013-11-12 11:01         90112    ----a-w-                c:\windows\system32\SetIEInstalledDate.exe

2013-11-12 11:01 . 2013-11-12 11:01         86016    ----a-w-                c:\windows\system32\RegisterIEPKEYs.exe

2013-11-12 11:01 . 2013-11-12 11:01         84992    ----a-w-                c:\windows\system32\mshtmled.dll

2013-11-12 11:01 . 2013-11-12 11:01         83968    ----a-w-                c:\windows\system32\MshtmlDac.dll

2013-11-12 11:01 . 2013-11-12 11:01         81408    ----a-w-                c:\windows\system32\icardie.dll

2013-11-12 11:01 . 2013-11-12 11:01         774144  ----a-w-                c:\windows\system32\jscript.dll

2013-11-12 11:01 . 2013-11-12 11:01         77312    ----a-w-                c:\windows\system32\tdc.ocx

2013-11-12 11:01 . 2013-11-12 11:01         626176  ----a-w-                c:\windows\system32\msfeeds.dll

2013-11-12 11:01 . 2013-11-12 11:01         62464    ----a-w-                c:\windows\system32\pngfilt.dll

2013-11-12 11:01 . 2013-11-12 11:01         616104  ----a-w-                c:\windows\system32\ieapfltr.dat

2013-11-12 11:01 . 2013-11-12 11:01         548352  ----a-w-                c:\windows\system32\vbscript.dll

2013-11-12 11:01 . 2013-11-12 11:01         52224    ----a-w-                c:\windows\system32\msfeedsbs.dll

2013-11-12 11:01 . 2013-11-12 11:01         48640    ----a-w-                c:\windows\system32\mshtmler.dll

2013-11-12 11:01 . 2013-11-12 11:01         48128    ----a-w-                c:\windows\system32\imgutil.dll

2013-11-12 11:01 . 2013-11-12 11:01         453120  ----a-w-                c:\windows\system32\dxtmsft.dll

2013-11-12 11:01 . 2013-11-12 11:01         413696  ----a-w-                c:\windows\system32\html.iec

2013-11-12 11:01 . 2013-11-12 11:01         40448    ----a-w-                c:\windows\system32\JavaScriptCollectionAgent.dll

2013-11-12 11:01 . 2013-11-12 11:01         30208    ----a-w-                c:\windows\system32\licmgr10.dll

2013-11-12 11:01 . 2013-11-12 11:01         296960  ----a-w-                c:\windows\system32\dxtrans.dll

2013-11-12 11:01 . 2013-11-12 11:01         263376  ----a-w-                c:\windows\system32\iedkcs32.dll

2013-11-12 11:01 . 2013-11-12 11:01         247808  ----a-w-                c:\windows\system32\msls31.dll

2013-11-12 11:01 . 2013-11-12 11:01         243200  ----a-w-                c:\windows\system32\webcheck.dll

2013-11-12 11:01 . 2013-11-12 11:01         235520  ----a-w-                c:\windows\system32\url.dll

2013-11-12 11:01 . 2013-11-12 11:01         195584  ----a-w-                c:\windows\system32\msrating.dll

2013-11-12 11:01 . 2013-11-12 11:01         167424  ----a-w-                c:\windows\system32\iexpress.exe

2013-11-12 11:01 . 2013-11-12 11:01         147968  ----a-w-                c:\windows\system32\occache.dll

2013-11-12 11:01 . 2013-11-12 11:01         143872  ----a-w-                c:\windows\system32\wextract.exe

2013-11-12 11:01 . 2013-11-12 11:01         13824    ----a-w-                c:\windows\system32\mshta.exe

2013-11-12 11:01 . 2013-11-12 11:01         135680  ----a-w-                c:\windows\system32\iepeers.dll

2013-11-12 11:01 . 2013-11-12 11:01         13312    ----a-w-                c:\windows\system32\msfeedssync.exe

2013-11-12 11:01 . 2013-11-12 11:01         131072  ----a-w-                c:\windows\system32\IEAdvpack.dll

2013-11-12 11:01 . 2013-11-12 11:01         1228800                ----a-w-                c:\windows\system32\mshtmlmedia.dll

2013-11-12 11:01 . 2013-11-12 11:01         105984  ----a-w-                c:\windows\system32\iesysprep.dll

2013-11-12 11:01 . 2013-11-12 11:01         101376  ----a-w-                c:\windows\system32\inseng.dll

2013-11-08 03:12 . 2013-12-03 12:44         10285968             ----a-w-                c:\programdata\Microsoft\Windows Defender\Definition Updates\{81BF7897-6C42-471B-9CAC-D7A453C5C674}\mpengine.dll

2013-10-15 02:00 . 2013-11-12 11:04         28368    ----a-w-                c:\windows\system32\IEUDINIT.EXE

2013-10-12 02:30 . 2013-11-13 09:31         830464  ----a-w-                c:\windows\system32\nshwfp.dll

2013-10-12 02:29 . 2013-11-13 09:31         859648  ----a-w-                c:\windows\system32\IKEEXT.DLL

2013-10-12 02:29 . 2013-11-13 09:31         324096  ----a-w-                c:\windows\system32\FWPUCLNT.DLL

2013-10-12 02:03 . 2013-11-13 09:31         656896  ----a-w-                c:\windows\SysWow64\nshwfp.dll

2013-10-12 02:01 . 2013-11-13 09:31         216576  ----a-w-                c:\windows\SysWow64\FWPUCLNT.DLL

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-04-16 2741616]

"BrowserSafeguard"="c:\users\Primary User\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe" [2013-12-30 572416]

"BrowserSafeguard Update Task"="c:\users\Primary User\AppData\Local\BrowserSafeguard\uninstall.BrowserSafeguard.exe" [2014-01-07 3405312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2011-03-09 107816]

"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-05-09 78312]

"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2012-04-17 223096]

"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-12 27760]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]

"WD Anywhere Backup"="c:\program files (x86)\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2009-11-13 222432]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/06/21 17:27;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 Media Center 19 Service;JRiver Media Center 19 Service;c:\program files (x86)\J River\Media Center 19\JRService.exe;c:\program files (x86)\J River\Media Center 19\JRService.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 USA19H;USA19H;c:\windows\system32\DRIVERS\USA19Hx64.sys;c:\windows\SYSNATIVE\DRIVERS\USA19Hx64.sys [x]

R3 USA19HP;USA19HP;c:\windows\system32\DRIVERS\USA19Hx64p.SYS;c:\windows\SYSNATIVE\DRIVERS\USA19Hx64p.SYS [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20131218.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20131218.001\BHDrvx64.sys [x]

S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140108.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140108.001\IDSvia64.sys [x]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1501000.012\SYMNETS.SYS [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe;c:\program files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [x]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [x]

S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - CLKMDRV10_38F51D56

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt       REG_MULTI_SZ                hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2011-04-16 19:07              451872  ----a-w-                c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-01-07 23:10              1211672                ----a-w-                c:\program files (x86)\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-22 06:11]

.

2014-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-28 18:46]

.

2014-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-28 18:46]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]

"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]

"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <-loopback>

uInternet Settings,ProxyServer = http=127.0.0.1:49174;https=127.0.0.1:49174

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\Primary User\AppData\Roaming\Mozilla\Firefox\Profiles\m5lqwv43.default\

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

SafeBoot-94263492.sys

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"

"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS"

"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18;c:\program files (x86)\Norton Security Suite\Engine64\21.1.0.18"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-01-09  11:53:20

ComboFix-quarantined-files.txt  2014-01-09 19:53

.

Pre-Run: 432,091,947,008 bytes free

Post-Run: 431,591,825,408 bytes free

.

- - End Of File - - FDF7F933127E49D32834EB2E392DB59A

A36C5E4F47E84449FF07ED3517B43A31



#35 Donskee

Donskee
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 09 January 2014 - 03:24 PM

2nd Combofix scan

 

ComboFix 14-01-08.03 - Primary User 01/09/2014  12:07:02.3.4 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.6143.4091 [GMT -8:00]

Running from: c:\users\Primary User\Desktop\ComboFix.exe

Command switches used :: c:\users\Primary User\Downloads\CFScript.txt

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((   Files Created from 2013-12-09 to 2014-01-09  )))))))))))))))))))))))))))))))

.

.

2014-01-09 20:12 . 2014-01-09 20:12         --------   d-----w-                c:\users\Default\AppData\Local\temp

2014-01-07 08:25 . 2014-01-07 08:25         --------   d-----w-                c:\users\Primary User\AppData\Roaming\Malwarebytes

2014-01-07 08:25 . 2014-01-07 08:25         --------   d-----w-                c:\programdata\Malwarebytes

2014-01-07 08:25 . 2014-01-07 08:25         --------   d-----w-                c:\program files (x86)\Malwarebytes' Anti-Malware

2014-01-07 08:25 . 2013-04-04 22:50         25928    ----a-w-                c:\windows\system32\drivers\mbam.sys

2014-01-07 08:04 . 2014-01-09 09:44         --------   d-----w-                c:\users\Primary User\AppData\Local\BrowserSafeguard

2014-01-05 20:45 . 2014-01-02 17:48         531560  ------w- c:\windows\SysWow64\MC19.exe

2014-01-05 20:45 . 2014-01-02 17:48         531560  ------w- c:\windows\system32\MC19.exe

2014-01-04 10:05 . 2014-01-04 10:11         --------   d-----w-                c:\users\Primary User\AppData\Local\NPE

2013-12-29 20:27 . 2013-12-29 20:27         --------   d-----w-                C:\FRST

2013-12-24 06:06 . 2013-12-24 06:06         --------   d-----w-                C:\NBRT

2013-12-12 11:05 . 2013-05-10 04:30         167424  ----a-w-                c:\program files\Windows Media Player\wmplayer.exe

2013-12-12 11:05 . 2013-05-10 03:48         164864  ----a-w-                c:\program files (x86)\Windows Media Player\wmplayer.exe

2013-12-12 11:05 . 2013-05-10 05:56         12625920             ----a-w-                c:\windows\system32\wmploc.DLL

2013-12-12 11:05 . 2013-05-10 04:56         12625408             ----a-w-                c:\windows\SysWow64\wmploc.DLL

2013-12-12 11:05 . 2013-05-10 05:56         14631424             ----a-w-                c:\windows\system32\wmp.dll

2013-12-11 12:55 . 2013-10-30 02:32         335360  ----a-w-                c:\windows\system32\msieftp.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-14 11:00 . 2013-06-19 23:43         90708896             ----a-w-                c:\windows\system32\MRT.exe

2013-12-11 06:11 . 2013-06-22 02:49         71048    ----a-w-                c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-11 06:11 . 2013-06-22 02:49         692616  ----a-w-                c:\windows\SysWow64\FlashPlayerApp.exe

2013-11-26 05:50 . 2013-06-28 18:23         177752  ----a-w-                c:\windows\system32\drivers\SYMEVENT64x86.SYS

2013-11-12 11:02 . 2013-11-12 11:02         940032  ----a-w-                c:\windows\system32\MsSpellCheckingFacility.exe

2013-11-12 11:02 . 2013-11-12 11:02         194048  ----a-w-                c:\windows\SysWow64\elshyph.dll

2013-11-12 11:01 . 2013-11-12 11:01         86016    ----a-w-                c:\windows\SysWow64\iesysprep.dll

2013-11-12 11:01 . 2013-11-12 11:01         74240    ----a-w-                c:\windows\SysWow64\SetIEInstalledDate.exe

2013-11-12 11:01 . 2013-11-12 11:01         71680    ----a-w-                c:\windows\SysWow64\RegisterIEPKEYs.exe

2013-11-12 11:01 . 2013-11-12 11:01         645120  ----a-w-                c:\windows\SysWow64\jsIntl.dll

2013-11-12 11:01 . 2013-11-12 11:01         62464    ----a-w-                c:\windows\SysWow64\tdc.ocx

2013-11-12 11:01 . 2013-11-12 11:01         61952    ----a-w-                c:\windows\SysWow64\MshtmlDac.dll

2013-11-12 11:01 . 2013-11-12 11:01         61952    ----a-w-                c:\windows\SysWow64\iesetup.dll

2013-11-12 11:01 . 2013-11-12 11:01         51200    ----a-w-                c:\windows\SysWow64\ieetwproxystub.dll

2013-11-12 11:01 . 2013-11-12 11:01         48640    ----a-w-                c:\windows\SysWow64\mshtmler.dll

2013-11-12 11:01 . 2013-11-12 11:01         454656  ----a-w-                c:\windows\SysWow64\vbscript.dll

2013-11-12 11:01 . 2013-11-12 11:01         36352    ----a-w-                c:\windows\SysWow64\imgutil.dll

2013-11-12 11:01 . 2013-11-12 11:01         34816    ----a-w-                c:\windows\SysWow64\JavaScriptCollectionAgent.dll

2013-11-12 11:01 . 2013-11-12 11:01         337408  ----a-w-                c:\windows\SysWow64\html.iec

2013-11-12 11:01 . 2013-11-12 11:01         24576    ----a-w-                c:\windows\SysWow64\licmgr10.dll

2013-11-12 11:01 . 2013-11-12 11:01         235008  ----a-w-                c:\windows\system32\elshyph.dll

2013-11-12 11:01 . 2013-11-12 11:01         182272  ----a-w-                c:\windows\SysWow64\msls31.dll

2013-11-12 11:01 . 2013-11-12 11:01         151552  ----a-w-                c:\windows\SysWow64\iexpress.exe

2013-11-12 11:01 . 2013-11-12 11:01         139264  ----a-w-                c:\windows\SysWow64\wextract.exe

2013-11-12 11:01 . 2013-11-12 11:01         13312    ----a-w-                c:\windows\SysWow64\mshta.exe

2013-11-12 11:01 . 2013-11-12 11:01         112128  ----a-w-                c:\windows\SysWow64\ieUnatt.exe

2013-11-12 11:01 . 2013-11-12 11:01         111616  ----a-w-                c:\windows\SysWow64\IEAdvpack.dll

2013-11-12 11:01 . 2013-11-12 11:01         1051136                ----a-w-                c:\windows\SysWow64\mshtmlmedia.dll

2013-11-12 11:01 . 2013-11-12 11:01         942592  ----a-w-                c:\windows\system32\jsIntl.dll

2013-11-12 11:01 . 2013-11-12 11:01         90112    ----a-w-                c:\windows\system32\SetIEInstalledDate.exe

2013-11-12 11:01 . 2013-11-12 11:01         86016    ----a-w-                c:\windows\system32\RegisterIEPKEYs.exe

2013-11-12 11:01 . 2013-11-12 11:01         84992    ----a-w-                c:\windows\system32\mshtmled.dll

2013-11-12 11:01 . 2013-11-12 11:01         83968    ----a-w-                c:\windows\system32\MshtmlDac.dll

2013-11-12 11:01 . 2013-11-12 11:01         81408    ----a-w-                c:\windows\system32\icardie.dll

2013-11-12 11:01 . 2013-11-12 11:01         774144  ----a-w-                c:\windows\system32\jscript.dll

2013-11-12 11:01 . 2013-11-12 11:01         77312    ----a-w-                c:\windows\system32\tdc.ocx

2013-11-12 11:01 . 2013-11-12 11:01         626176  ----a-w-                c:\windows\system32\msfeeds.dll

2013-11-12 11:01 . 2013-11-12 11:01         62464    ----a-w-                c:\windows\system32\pngfilt.dll

2013-11-12 11:01 . 2013-11-12 11:01         616104  ----a-w-                c:\windows\system32\ieapfltr.dat

2013-11-12 11:01 . 2013-11-12 11:01         548352  ----a-w-                c:\windows\system32\vbscript.dll

2013-11-12 11:01 . 2013-11-12 11:01         52224    ----a-w-                c:\windows\system32\msfeedsbs.dll

2013-11-12 11:01 . 2013-11-12 11:01         48640    ----a-w-                c:\windows\system32\mshtmler.dll

2013-11-12 11:01 . 2013-11-12 11:01         48128    ----a-w-                c:\windows\system32\imgutil.dll

2013-11-12 11:01 . 2013-11-12 11:01         453120  ----a-w-                c:\windows\system32\dxtmsft.dll

2013-11-12 11:01 . 2013-11-12 11:01         413696  ----a-w-                c:\windows\system32\html.iec

2013-11-12 11:01 . 2013-11-12 11:01         40448    ----a-w-                c:\windows\system32\JavaScriptCollectionAgent.dll

2013-11-12 11:01 . 2013-11-12 11:01         30208    ----a-w-                c:\windows\system32\licmgr10.dll

2013-11-12 11:01 . 2013-11-12 11:01         296960  ----a-w-                c:\windows\system32\dxtrans.dll

2013-11-12 11:01 . 2013-11-12 11:01         263376  ----a-w-                c:\windows\system32\iedkcs32.dll

2013-11-12 11:01 . 2013-11-12 11:01         247808  ----a-w-                c:\windows\system32\msls31.dll

2013-11-12 11:01 . 2013-11-12 11:01         243200  ----a-w-                c:\windows\system32\webcheck.dll

2013-11-12 11:01 . 2013-11-12 11:01         235520  ----a-w-                c:\windows\system32\url.dll

2013-11-12 11:01 . 2013-11-12 11:01         195584  ----a-w-                c:\windows\system32\msrating.dll

2013-11-12 11:01 . 2013-11-12 11:01         167424  ----a-w-                c:\windows\system32\iexpress.exe

2013-11-12 11:01 . 2013-11-12 11:01         147968  ----a-w-                c:\windows\system32\occache.dll

2013-11-12 11:01 . 2013-11-12 11:01         143872  ----a-w-                c:\windows\system32\wextract.exe

2013-11-12 11:01 . 2013-11-12 11:01         13824    ----a-w-                c:\windows\system32\mshta.exe

2013-11-12 11:01 . 2013-11-12 11:01         135680  ----a-w-                c:\windows\system32\iepeers.dll

2013-11-12 11:01 . 2013-11-12 11:01         13312    ----a-w-                c:\windows\system32\msfeedssync.exe

2013-11-12 11:01 . 2013-11-12 11:01         131072  ----a-w-                c:\windows\system32\IEAdvpack.dll

2013-11-12 11:01 . 2013-11-12 11:01         1228800                ----a-w-                c:\windows\system32\mshtmlmedia.dll

2013-11-12 11:01 . 2013-11-12 11:01         105984  ----a-w-                c:\windows\system32\iesysprep.dll

2013-11-12 11:01 . 2013-11-12 11:01         101376  ----a-w-                c:\windows\system32\inseng.dll

2013-11-08 03:12 . 2013-12-03 12:44         10285968             ----a-w-                c:\programdata\Microsoft\Windows Defender\Definition Updates\{81BF7897-6C42-471B-9CAC-D7A453C5C674}\mpengine.dll

2013-10-15 02:00 . 2013-11-12 11:04         28368    ----a-w-                c:\windows\system32\IEUDINIT.EXE

2013-10-12 02:30 . 2013-11-13 09:31         830464  ----a-w-                c:\windows\system32\nshwfp.dll

2013-10-12 02:29 . 2013-11-13 09:31         859648  ----a-w-                c:\windows\system32\IKEEXT.DLL

2013-10-12 02:29 . 2013-11-13 09:31         324096  ----a-w-                c:\windows\system32\FWPUCLNT.DLL

2013-10-12 02:03 . 2013-11-13 09:31         656896  ----a-w-                c:\windows\SysWow64\nshwfp.dll

2013-10-12 02:01 . 2013-11-13 09:31         216576  ----a-w-                c:\windows\SysWow64\FWPUCLNT.DLL

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-04-16 2741616]

"BrowserSafeguard"="c:\users\Primary User\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe" [2013-12-30 572416]

"BrowserSafeguard Update Task"="c:\users\Primary User\AppData\Local\BrowserSafeguard\uninstall.BrowserSafeguard.exe" [2014-01-07 3405312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2011-03-09 107816]

"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-05-09 78312]

"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2012-04-17 223096]

"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-12 27760]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]

"WD Anywhere Backup"="c:\program files (x86)\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2009-11-13 222432]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/06/21 17:27;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 Media Center 19 Service;JRiver Media Center 19 Service;c:\program files (x86)\J River\Media Center 19\JRService.exe;c:\program files (x86)\J River\Media Center 19\JRService.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 USA19H;USA19H;c:\windows\system32\DRIVERS\USA19Hx64.sys;c:\windows\SYSNATIVE\DRIVERS\USA19Hx64.sys [x]

R3 USA19HP;USA19HP;c:\windows\system32\DRIVERS\USA19Hx64p.SYS;c:\windows\SYSNATIVE\DRIVERS\USA19Hx64p.SYS [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20131218.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20131218.001\BHDrvx64.sys [x]

S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140108.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140108.001\IDSvia64.sys [x]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1501000.012\SYMNETS.SYS [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe;c:\program files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [x]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [x]

S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - CLKMDRV10_38F51D56

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt       REG_MULTI_SZ                hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2011-04-16 19:07              451872  ----a-w-                c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-01-07 23:10              1211672                ----a-w-                c:\program files (x86)\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-22 06:11]

.

2014-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-28 18:46]

.

2014-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-28 18:46]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]

"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]

"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <-loopback>

uInternet Settings,ProxyServer = http=127.0.0.1:49169;https=127.0.0.1:49169

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\Primary User\AppData\Roaming\Mozilla\Firefox\Profiles\m5lqwv43.default\

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"

"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS"

"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18;c:\program files (x86)\Norton Security Suite\Engine64\21.1.0.18"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-01-09  12:14:23

ComboFix-quarantined-files.txt  2014-01-09 20:14

ComboFix2.txt  2014-01-09 19:53

.

Pre-Run: 431,633,481,728 bytes free

Post-Run: 431,577,948,160 bytes free

.

- - End Of File - - B3315BF6D0589FDBA7DFFF357F3881D7

A36C5E4F47E84449FF07ED3517B43A31



#36 Donskee

Donskee
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 09 January 2014 - 03:28 PM

Here are the results of Security Check

 

 Results of screen317's Security Check version 0.99.78  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton Security Suite   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Mozilla Firefox 22.0 Firefox out of Date!  
 Google Chrome 31.0.1650.63  
 Google Chrome 32.0.1700.72  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 


#37 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:35 PM

Posted 09 January 2014 - 07:31 PM

Check your add-ons and extension in your browsers:

 

Uninstall malicious extensions and add-ons from your computer

Remove malicious software from Internet Explorer

  • Remove unknown add-ons from Internet Explorer.
  • Open Internet Explorer, then click on the gear icon  at the top (far right) and then select Manage add-ons.
  • Internet Options in IE
  • From the Toolbars and Extensions tab, select those objects that may be malicious, and click on Disable.
  • Set Internet Explorer default search engine to Bing.
  • To change your default search engine, click on the gear icon , select Manage Add-ons, and then, under Add-on Types, click Search Providers.
  • Select Bing and on click the Set Default button.
  • Change your Internet Explorer homepage to its default
  • To change your homepage, click on the gear icon , select Internet Explore options, and in the General tab, under the Home page section, click on Use default to restore Internet Explorer default home page.

Remove malicious software from Mozilla Firefox


  • At the top of the Firefox window, click the orange Firefox button, then select Add-ons.
  • Firefox addon menu
  • Select the Extensions tab, then remove unknown extensions from Mozilla Firefox.
  • Reset your default search engine and home page to their default.
  • To reset your search engine and homepage to their default, we will use the SearchReset extension.This add-on is very simple: on installation, it backs up and then resets your search preferences and home page to their default values, and then uninstalls itself. This affects the search bar, URL bar searches, and the home page.
  • You can download SearchReset from the below link, and then we will just need to install it to revert Firefox to its default settings.
  • SEARCHRESET DOWNLOAD LINK (This link will open another web page from where you can download the SearchReset Firefox extension)

Remove malicious software from Google Chrome


  • Remove malicious extensions from Google Chrome.
  • Click the Chrome menu Chrome menu button on the browser toolbar, select Tools and then click on Extensions.
  • In the Extensions tab, remove (by clicking on the Recycle Bin) the unknown extensions that may be malicious from your Google Chrome.
  • Set Google Chrome default search engine to  Google.
  • Click the Chrome menu Chrome menu button, then select Settings and click on Manage search engines in the Search section.
  • In the Search Engines dialog that appears, select Google and click the Make Default button that appears in the row.
  • Search for unknown items in the Search Engines list, and click the X button that appears at the end of the row.
  • Change Google Chrome homepage to its default.
     

Let me know if that makes the difference.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users