Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton 360 continually blocking attemped outgoing infected emails


  • This topic is locked This topic is locked
18 replies to this topic

#1 cghorr01

cghorr01

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 15 January 2014 - 08:58 PM

Norton is continually blocking some type of attempted outgoing communication from my machine.  The internet stops working with my wireless card after the blocking really gets going(Norton is keeping and log and whatever it is literally is attempting almost every second to send the infected emails) . 

 

The error message from Norton says "552-5.7.0 this message was blocked because its content presents a potential threat -email details

'from "notice to appear" <notice_support.6.gtlaw.com> to jjkellum@gmail.com subject #hearing of your case in Court N #8009-316.  This email error changes every single time if you click ok on the message from Norton. 

 

I have run the dds and will post the logs now.  I sure appreciate whomever is willing to help me and if it is possible I shall donate to them!!!  Not trying to buy anyones help, I just know that I don't mind contributing something to folks who are willing to help me. 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by chris at 20:23:06 on 2014-01-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8076.5566 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Users\chris\Documents\PCMeter\PCMeterV4\PCMeterV0.4.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files\Elantech\ETDGesture.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
svchost.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\AsScrPro.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\igfxpers.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
svchost.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
C:\Users\chris\AppData\Local\pesjgkft.exe
C:\Windows\system32\consent.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.wdrb.com/
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [hmqcsgwj] "C:\Users\chris\AppData\Local\nxdollrv.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0748B83D-0655-4F6E-8411-0107A714735E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8843299C-420A-4E3C-94D5-A76AF75079A5} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 assd;assd;C:\Windows\System32\drivers\assd.sys [2014-1-3 27264]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-28 16152]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2014-1-5 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2014-1-5 1139800]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20140110.001\BHDrvx64.sys [2014-1-14 1526488]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2014-1-5 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20140114.001\IDSviA64.sys [2014-1-15 521944]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2014-1-5 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2014-1-5 433752]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2011-11-30 92800]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-11 135952]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2014-1-2 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2014-1-2 161560]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe [2014-1-5 144368]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-1-2 363800]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2014-1-3 17152]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
R3 AsusVBus;AsusVBus;C:\Windows\System32\drivers\AsusVBus.sys [2011-12-21 35968]
R3 AsusVTouch;AsusVTouch;C:\Windows\System32\drivers\AsusVTouch.sys [2011-11-7 16512]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-1-5 137648]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-3-28 200488]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-28 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-3-28 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-3-28 785688]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-12-20 25496]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-3-28 104048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-2-18 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-1-5 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-12-20 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-3 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-1-3 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-1-3 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-2 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-01-16 01:13:35 81721 ----a-w- C:\Users\chris\AppData\Local\pesjgkft.exe
2014-01-15 19:54:04 81721 ----a-w- C:\Users\chris\AppData\Local\nwwvrmak.exe
2014-01-15 18:41:51 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-15 18:41:50 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 18:41:50 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 18:41:50 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 18:41:50 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-15 18:41:50 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 18:41:50 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 18:41:50 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 18:41:50 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 18:41:27 81721 ----a-w- C:\Users\chris\AppData\Local\hwvawehd.exe
2014-01-15 18:39:25 242176 ----a-w- C:\Users\chris\AppData\Local\nxdollrv.exe
2014-01-08 15:47:15 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2014-01-07 02:24:49 -------- d-----w- C:\Windows\System32\wbem\Framework\root\AddGadgets
2014-01-07 02:24:49 -------- d-----w- C:\Windows\System32\wbem\Framework\root
2014-01-07 02:24:49 -------- d-----w- C:\Windows\System32\wbem\Framework
2014-01-05 21:26:56 -------- d-----w- C:\Windows\SysWow64\N360_BACKUP
2014-01-05 16:02:46 -------- d-----w- C:\Users\chris\AppData\Local\Google
2014-01-05 16:02:41 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-05 16:02:41 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-05 16:02:16 -------- d-----w- C:\Users\chris\AppData\Local\Adobe
2014-01-05 16:02:05 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2014-01-05 15:43:20 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-01-05 15:43:20 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2014-01-05 15:43:00 796760 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\srtsp64.sys
2014-01-05 15:43:00 493656 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys
2014-01-05 15:43:00 433752 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys
2014-01-05 15:43:00 36952 ----a-r- C:\Windows\System32\drivers\N360x64\1404000.028\srtspx64.sys
2014-01-05 15:43:00 23448 ----a-r- C:\Windows\System32\drivers\N360x64\1404000.028\symelam.sys
2014-01-05 15:43:00 224416 ----a-r- C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys
2014-01-05 15:43:00 169048 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys
2014-01-05 15:43:00 1139800 ----a-r- C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys
2014-01-05 15:42:38 -------- d-----w- C:\Windows\System32\drivers\N360x64\1404000.028
2014-01-05 15:42:20 -------- d-----w- C:\Windows\System32\drivers\N360x64
2014-01-05 15:42:19 -------- d-----w- C:\Program Files (x86)\Norton 360
2014-01-05 15:41:04 -------- d-----w- C:\ProgramData\Norton
2014-01-05 15:39:54 -------- d-----w- C:\ProgramData\NortonInstaller
2014-01-05 15:39:54 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2014-01-05 14:53:43 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2014-01-05 14:53:00 -------- d-----w- C:\Users\chris\AppData\Local\Microsoft Help
2014-01-05 14:50:14 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-01-05 14:50:12 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2014-01-05 14:50:12 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2014-01-05 14:50:11 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-01-05 14:50:11 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-01-05 14:50:10 67072 ----a-w- C:\Windows\splwow64.exe
2014-01-05 14:50:10 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2014-01-05 14:50:08 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3BB27388-5636-441B-8CB0-527D71C4E051}\mpengine.dll
2014-01-03 05:02:56 -------- d-----w- C:\ProgramData\USBChargerPlus
2014-01-03 05:01:23 80512 ----a-w- C:\Windows\ASUS U Series ScreenSaver Uninstaller.exe
2014-01-03 05:01:22 3058304 ----a-w- C:\Windows\AsScrPro.exe
2014-01-03 05:01:22 104640231 ------w- C:\Windows\System32\AsusScr_U Series_ENG.scr
2014-01-03 05:01:00 -------- d-----w- C:\Program Files (x86)\Intel Corporation
2014-01-03 05:01:00 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2014-01-03 04:59:37 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-01-03 04:59:37 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-01-03 04:59:14 162456 ----a-w- C:\Windows\SysWow64\ACEngSvr.exe
2014-01-03 04:58:59 196224 ----a-w- C:\Program Files\Windows Sidebar\Shared Gadgets\P4GUpdate.Gadget\P4GUpdate.dll
2014-01-03 04:58:57 -------- d-----w- C:\ProgramData\P4G
2014-01-03 04:58:57 -------- d-----w- C:\Program Files\ASUS
2014-01-03 04:58:19 -------- d--h--w- C:\Windows\System32\WLANProfiles
2014-01-03 04:58:02 -------- d-----w- C:\ProgramData\Roaming
2014-01-03 04:57:32 -------- d-----w- C:\Program Files (x86)\Cisco
2014-01-03 04:57:14 41984 ----a-w- C:\Windows\System32\drivers\USB3Ver.dll
2014-01-03 04:57:05 -------- d-----w- C:\Windows\SysWow64\RTCOM
2014-01-03 04:57:05 -------- d-----w- C:\Program Files\Realtek
2014-01-03 04:55:37 15128 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2014-01-03 04:55:17 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2014-01-03 04:55:14 60184 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2014-01-03 04:53:42 20992 ----a-w- C:\Windows\System32\OpenCL.dll
2014-01-03 04:53:42 120832 ----a-w- C:\Windows\System32\IntelOpenCL64.dll
2014-01-03 04:53:40 86016 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll
2014-01-03 04:53:40 17920 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-01-03 04:53:35 -------- d-----w- C:\Program Files\Common Files\Intel
2014-01-03 04:53:34 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2014-01-03 04:51:42 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2014-01-03 04:51:35 -------- d-----w- C:\Intel
2014-01-03 04:51:10 -------- d-----w- C:\Windows\Migration
2014-01-03 04:50:18 180736 ----a-w- C:\Windows\System32\ifsutil.dll
2014-01-03 04:50:18 148992 ----a-w- C:\Windows\SysWow64\ifsutil.dll
2014-01-03 04:43:14 -------- d-----w- C:\eSupport
2014-01-03 04:30:15 -------- d-----w- C:\Windows\SysWow64\Wat
2014-01-03 04:30:15 -------- d-----w- C:\Windows\System32\Wat
2014-01-03 04:00:32 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-01-03 04:00:32 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-01-03 04:00:31 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-01-03 04:00:31 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-01-03 03:36:37 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-01-03 03:05:36 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-01-03 03:05:36 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-01-03 03:05:36 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-01-03 03:05:36 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-01-03 03:05:36 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-01-03 03:05:36 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-01-03 03:05:35 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-01-03 02:59:29 -------- d-----w- C:\Windows\System32\MRT
2014-01-03 02:53:12 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-01-03 02:53:11 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-01-03 02:53:11 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-01-03 02:46:59 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-01-03 02:45:45 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2014-01-03 02:44:57 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-01-03 02:43:28 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2014-01-03 02:43:28 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2014-01-03 02:43:28 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2014-01-03 02:43:28 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2014-01-03 02:43:28 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2014-01-03 02:43:28 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2014-01-03 02:43:28 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2014-01-03 02:43:27 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2014-01-03 02:43:27 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2014-01-03 02:43:27 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2014-01-03 02:43:27 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2014-01-03 02:43:27 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2014-01-03 02:43:27 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2014-01-03 02:42:31 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-01-03 02:42:31 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2014-01-03 02:42:31 144384 ----a-w- C:\Windows\System32\cdd.dll
2014-01-03 02:35:22 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2014-01-03 02:35:12 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2014-01-03 02:35:12 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2014-01-03 02:35:12 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2014-01-03 02:35:12 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2014-01-03 02:35:12 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2014-01-03 02:27:48 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-01-03 02:27:48 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-01-03 02:27:48 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-01-03 02:19:32 387 ----a-w- C:\Users\chris\AppData\Roaming\sp_data.sys
2014-01-03 02:19:31 -------- d-----w- C:\Users\chris\AppData\Local\Power2Go
2014-01-03 02:19:01 2622464 ----a-w- C:\Windows\System32\wucltux.dll
.
==================== Find3M  ====================
.
2014-01-03 03:25:07 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-26 17:25:52 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
.
============= FINISH: 20:23:33.94 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:13 AM

Posted 16 January 2014 - 11:55 AM

Hello cghorr01,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
1.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • RcAuto1.gif
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.



Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your computer running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 cghorr01

cghorr01
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 16 January 2014 - 01:15 PM

Thank you for the help.  I am at work until 6PM tonight my time(EST) so when I get home I will run what you have suggested and post info afterwards.



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:13 AM

Posted 16 January 2014 - 01:44 PM

No worries we are all volunteers here so it may be tommorrow before  can have a chance to look at the logs and advise you further.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 cghorr01

cghorr01
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 16 January 2014 - 10:24 PM

fireman4it,

      I ran the TDSS 3 separate times and have forwarded all 3 logs to your email.  It didn't appear to catch anything but Norton recognized the "java_update_85105ca0.exe as fraudulent and took steps to eliminate it.  When the TDSS ran and rebooted(changing the options) Norton applied something.  I am going to post this and then run the combofix you have recommended and post results from that.



#6 cghorr01

cghorr01
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 16 January 2014 - 10:58 PM

Here is the ComboFix Log.  After running combofix I enabled Norton 360 again.  Something isn't right at the machine is exhibiting a TON more CPU and memory than it normally does.

ComboFix 14-01-16.03 - chris 01/16/2014  22:36:33.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8076.6378 [GMT -5:00]
Running from: c:\users\chris\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\chris\AppData\Local\csgutoak.exe
c:\users\chris\AppData\Local\hwvawehd.exe
c:\users\chris\AppData\Local\jquboauh.exe
c:\users\chris\AppData\Local\nwwvrmak.exe
c:\windows\msvcr71.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-17 to 2014-01-17  )))))))))))))))))))))))))))))))
.
.
2014-01-17 03:41 . 2014-01-17 03:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-15 18:41 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 18:41 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 18:41 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 18:41 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 18:41 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 18:41 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 18:41 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 18:41 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 18:41 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-08 15:47 . 2014-01-08 15:47 -------- d-----w- c:\programdata\Hewlett-Packard
2014-01-08 15:47 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2014-01-07 02:24 . 2014-01-07 02:24 -------- d-----w- c:\windows\system32\wbem\Framework
2014-01-05 21:26 . 2014-01-05 21:26 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
2014-01-05 16:02 . 2014-01-05 16:02 -------- d-----w- c:\program files\Google
2014-01-05 16:02 . 2014-01-05 16:02 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-05 16:02 . 2014-01-05 16:02 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-05 16:02 . 2014-01-05 16:02 -------- d-----w- c:\windows\system32\Macromed
2014-01-05 16:02 . 2014-01-05 16:02 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2014-01-05 15:43 . 2014-01-05 15:43 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-01-05 15:43 . 2014-01-05 15:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2014-01-05 15:42 . 2014-01-05 15:43 -------- d-----w- c:\windows\system32\drivers\N360x64
2014-01-05 15:42 . 2014-01-05 15:42 -------- d-----w- c:\program files (x86)\Norton 360
2014-01-05 15:41 . 2014-01-05 15:43 -------- d-----w- c:\programdata\Norton
2014-01-05 15:39 . 2014-01-05 21:08 -------- d-----w- c:\program files (x86)\NortonInstaller
2014-01-05 14:54 . 2014-01-05 14:54 -------- d-----w- c:\program files\Microsoft Office
2014-01-05 14:53 . 2014-01-05 14:53 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2014-01-05 14:52 . 2014-01-05 15:01 -------- d-----w- c:\programdata\Microsoft Help
2014-01-05 14:52 . 2014-01-05 14:52 -------- d-----r- C:\MSOCache
2014-01-05 14:50 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-01-05 14:50 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-01-05 14:50 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-01-05 14:50 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-01-05 14:50 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2014-01-05 14:50 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2014-01-05 14:50 . 2013-12-16 06:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3BB27388-5636-441B-8CB0-527D71C4E051}\mpengine.dll
2014-01-03 05:03 . 2014-01-03 05:04 -------- d-----w- c:\program files (x86)\CyberLink
2014-01-03 05:03 . 2014-01-03 05:03 -------- d-----w- c:\programdata\CyberLink
2014-01-03 05:02 . 2014-01-03 05:02 -------- d-----w- c:\programdata\USBChargerPlus
2014-01-03 05:01 . 2014-01-03 05:01 80512 ----a-w- c:\windows\ASUS U Series ScreenSaver Uninstaller.exe
2014-01-03 05:01 . 2014-01-03 05:01 3058304 ----a-w- c:\windows\AsScrPro.exe
2014-01-03 05:01 . 2012-02-13 08:02 104640231 ------w- c:\windows\system32\AsusScr_U Series_ENG.scr
2014-01-03 05:01 . 2014-01-03 05:01 -------- d-----w- c:\program files (x86)\Intel Corporation
2014-01-03 05:01 . 2014-01-03 05:01 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2014-01-03 04:59 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2014-01-03 04:59 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-01-03 04:59 . 2012-02-07 03:32 162456 ----a-w- c:\windows\SysWow64\ACEngSvr.exe
2014-01-03 04:58 . 2010-08-03 23:30 196224 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\P4GUpdate.Gadget\P4GUpdate.dll
2014-01-03 04:58 . 2014-01-03 05:00 -------- d-----w- c:\program files\ASUS
2014-01-03 04:58 . 2014-01-03 04:58 -------- d-----w- c:\programdata\P4G
2014-01-03 04:58 . 2014-01-03 04:58 -------- d--h--w- c:\windows\system32\WLANProfiles
2014-01-03 04:58 . 2014-01-03 04:58 -------- d-----w- c:\users\Public\Roaming
2014-01-03 04:58 . 2014-01-03 04:58 -------- d-----w- c:\users\Default\Roaming
2014-01-03 04:57 . 2014-01-03 04:57 -------- d-----w- c:\program files (x86)\Cisco
2014-01-03 04:57 . 2011-12-04 18:12 41984 ----a-w- c:\windows\system32\drivers\USB3Ver.dll
2014-01-03 04:57 . 2014-01-03 04:57 -------- d-----w- c:\windows\SysWow64\RTCOM
2014-01-03 04:57 . 2014-01-03 04:57 -------- d-----w- c:\program files\Realtek
2014-01-03 04:55 . 2012-02-21 20:10 15128 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2014-01-03 04:55 . 2014-01-03 05:01 -------- d-----w- c:\programdata\Intel
2014-01-03 04:55 . 2014-01-03 04:58 -------- d-----w- c:\program files\Intel
2014-01-03 04:55 . 2014-01-03 04:55 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2014-01-03 04:55 . 2011-11-10 09:04 60184 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2014-01-03 04:55 . 2014-01-03 05:04 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2014-01-03 04:53 . 2011-12-26 12:02 120832 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2014-01-03 04:53 . 2011-12-26 12:02 20992 ----a-w- c:\windows\system32\OpenCL.dll
2014-01-03 04:53 . 2011-12-26 12:07 86016 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2014-01-03 04:53 . 2011-12-26 12:06 17920 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-01-03 04:53 . 2014-01-03 04:57 -------- d-----w- c:\program files\Common Files\Intel
2014-01-03 04:53 . 2014-01-03 04:53 -------- d-----w- c:\program files (x86)\Common Files\Intel
2014-01-03 04:51 . 2014-01-03 04:57 -------- d-----w- c:\program files (x86)\Intel
2014-01-03 04:51 . 2011-12-19 04:14 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2014-01-03 04:51 . 2014-01-03 04:53 -------- d-----w- C:\Intel
2014-01-03 04:51 . 2014-01-03 04:51 -------- d-----w- c:\windows\Migration
2014-01-03 04:50 . 2011-01-28 19:03 180736 ----a-w- c:\windows\system32\ifsutil.dll
2014-01-03 04:50 . 2011-01-28 05:46 148992 ----a-w- c:\windows\SysWow64\ifsutil.dll
2014-01-03 04:43 . 2014-01-03 04:59 -------- d-----w- C:\eSupport
2014-01-03 04:33 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-01-03 04:30 . 2014-01-03 04:30 -------- d-----w- c:\windows\SysWow64\Wat
2014-01-03 04:30 . 2014-01-03 04:30 -------- d-----w- c:\windows\system32\Wat
2014-01-03 04:00 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-01-03 04:00 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-01-03 04:00 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-01-03 04:00 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-01-03 04:00 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-01-03 03:36 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-01-03 03:05 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-01-03 03:05 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-01-03 03:05 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-01-03 03:05 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-01-03 03:05 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-01-03 03:05 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-01-03 03:05 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-01-03 02:59 . 2014-01-15 19:04 -------- d-----w- c:\windows\system32\MRT
2014-01-03 02:53 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-01-03 02:53 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2014-01-03 02:53 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2014-01-03 02:46 . 2013-08-29 00:49 2048 ----a-w- c:\windows\SysWow64\user.exe
2014-01-03 02:45 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2014-01-03 02:44 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-01-03 02:43 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2014-01-03 02:43 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2014-01-03 02:43 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2014-01-03 02:43 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2014-01-03 02:43 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2014-01-03 02:43 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2014-01-03 02:43 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2014-01-03 02:43 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2014-01-03 02:43 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2014-01-03 02:43 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2014-01-03 02:43 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2014-01-03 02:43 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2014-01-03 02:43 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2014-01-03 02:42 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-01-03 02:42 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-01-03 02:42 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2014-01-03 02:35 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2014-01-03 02:35 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2014-01-03 02:35 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-01-03 02:35 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-01-03 02:35 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2014-01-03 02:35 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2014-01-03 02:27 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2014-01-03 02:27 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2014-01-03 02:27 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-01-03 02:19 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-03 02:18 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-04 291096]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-23 318080]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-07 102568]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2014-01-03 3058304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-2-18 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableRegedit"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 assd;assd; [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20140110.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20140110.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20140116.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20140116.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMNETS.SYS [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVBus.sys [x]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVTouch.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\chris\AppData\Local\Temp\tmp5B77.tmp;c:\users\chris\AppData\Local\Temp\tmp5B77.tmp [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-05 16:02]
.
2014-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:02]
.
2014-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:02]
.
2014-01-17 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 21:41]
.
2014-01-03 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 21:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-03 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-03 398104]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-05-26 361984]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-21 12452456]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.wdrb.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-30358865.sys
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\chris\AppData\Local\Temp\tmp5B77.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-16  22:42:37
ComboFix-quarantined-files.txt  2014-01-17 03:42
.
Pre-Run: 673,369,133,056 bytes free
Post-Run: 673,262,252,032 bytes free
.
- - End Of File - - CBAA4D318F83000CD927B214DF40E281
 


A ton more CPU and memory usage*  Sorry it's been a long day.  Work and little ones and such.


The TDSS Logs I sent attached to your email.



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:13 AM

Posted 17 January 2014 - 12:36 AM

1.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

 

 

2.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 cghorr01

cghorr01
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 17 January 2014 - 01:39 AM

# AdwCleaner v3.017 - Report created 17/01/2014 at 01:35:56
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : chris - CHRIS-PC
# Running from : C:\Users\chris\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [908 octets] - [17/01/2014 01:35:56]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [967 octets] ##########



#9 cghorr01

cghorr01
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 17 January 2014 - 01:42 AM

this is post using the 'clean function"

 

# AdwCleaner v3.017 - Report created 17/01/2014 at 01:39:48
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : chris - CHRIS-PC
# Running from : C:\Users\chris\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1046 octets] - [17/01/2014 01:35:56]
AdwCleaner[S0].txt - [977 octets] - [17/01/2014 01:39:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1036 octets] ##########



#10 cghorr01

cghorr01
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 17 January 2014 - 01:54 AM

Here are the results from the Rogue Killer.  I didn't do anything once it finished scanning so after you have the chance to look at the logs please advise.


RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : chris [Admin rights]
Mode : Scan -- Date : 01/17/2014 01:49:00
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 3ab187af51244b8bdfe7579e7a6a17a3
[BSP] 742e9e8b59aa945a00b791c81a09f483 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01172014_014900.txt >>

 

 



#11 cghorr01

cghorr01
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 17 January 2014 - 01:57 AM

Update: had rogue killer clear the items it found.  Let me know how to proceed from here.



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:13 AM

Posted 17 January 2014 - 10:17 AM

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 cghorr01

cghorr01
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 17 January 2014 - 11:28 AM

Machine seems to be running fine.   No excessive CPU or Memory Usage.  I updated Norton to the newest version available and made sure it had all the current definition updates.  Do the logs I have posted look good? I have run and rerun everything and the programs aren't finding anything out of the ordinary but I want to be positive about this before I start using the machine again. 



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:13 AM

Posted 17 January 2014 - 11:48 PM

Lets check for any leftovers.

 

1.

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.


Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.


Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

 

2.

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 cghorr01

cghorr01
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 19 January 2014 - 12:52 PM

Here is the Malwarebytes log. It found 6 more items but I set it to do a full scan rather than a quick scan.  I had a feeling there were still things in the midst. 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
chris :: CHRIS-PC [administrator]

1/19/2014 12:10:12 PM
mbam-log-2014-01-19 (12-10-12).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 354350
Time elapsed: 29 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Data: 0 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Data: 0 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Qoobox\Quarantine\C\Users\chris\AppData\Local\csgutoak.exe.vir (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\chris\AppData\Local\hwvawehd.exe.vir (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\chris\AppData\Local\jquboauh.exe.vir (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\chris\AppData\Local\nwwvrmak.exe.vir (Trojan.Inject.ED) -> Quarantined and deleted successfully.

(end)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users