Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

restore points gone and definately mypcbackup virus along with others


  • This topic is locked This topic is locked
2 replies to this topic

#1 addison6187

addison6187

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 07 February 2014 - 09:09 PM

ComboFix 14-02-05.02 - Miles Bedard 02/07/2014  19:45:04.1.3 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3835.1356 [GMT -5:00]
Running from: c:\users\Miles Bedard\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Miles Bedard\AppData\Local\Microsoft\Windows\Temporary Internet Files\246e934d-4153-459d-9028-07e668834566.jpg
c:\windows\SysWow64\SETF0C9.tmp
c:\windows\SysWow64\SETF1A5.tmp
c:\windows\SysWow64\SETFE52.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-08 to 2014-02-08  )))))))))))))))))))))))))))))))
.
.
2014-02-08 00:55 . 2014-02-08 00:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-07 22:47 . 2014-02-07 22:47 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2014-02-07 22:47 . 2014-02-07 22:47 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2014-02-07 22:47 . 2014-02-07 22:47 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2014-02-07 22:47 . 2014-02-07 22:47 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2014-02-07 22:15 . 2014-02-07 22:15 -------- d-----w- c:\program files (x86)\Notepad++
2014-02-07 04:30 . 2014-02-07 04:54 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-07 04:30 . 2014-02-07 04:54 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-07 04:29 . 2014-02-07 04:29 -------- d-----w- c:\windows\system32\Macromed
2014-02-07 03:07 . 2014-02-07 03:07 -------- d-----w- c:\windows\ERUNT
2014-02-07 02:21 . 2014-02-07 22:47 -------- d-----w- c:\program files\WinRAR
2014-02-06 13:46 . 2014-02-06 13:46 -------- d-----w- c:\program files (x86)\Tunatic
2014-02-06 07:23 . 2014-02-06 07:23 -------- d-----w- c:\program files\ATI
2014-02-06 04:23 . 2014-02-06 04:23 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{820FD1F0-DDEF-4A86-B881-9F0BB8D90B34}\offreg.dll
2014-02-06 03:01 . 2014-02-06 03:24 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-05 22:58 . 2013-12-04 00:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{820FD1F0-DDEF-4A86-B881-9F0BB8D90B34}\mpengine.dll
2014-02-05 01:29 . 2014-02-05 01:29 -------- d-----w- c:\program files (x86)\Opera
2014-02-04 13:44 . 2014-02-06 02:55 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-04 13:34 . 2014-02-04 13:34 -------- d-----w- c:\program files\Highlightly
2014-02-04 13:32 . 2014-02-04 13:32 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-02-04 13:10 . 2012-10-14 03:20 805376 ----a-w- c:\windows\SysWow64\EditCtlsU.ocx
2014-02-04 13:10 . 2011-08-14 02:06 1031168 ----a-w- c:\windows\SysWow64\ExLVwU.ocx
2014-02-04 13:10 . 2011-05-21 05:02 604672 ----a-w- c:\windows\SysWow64\ExTVwU.ocx
2014-02-04 13:10 . 1998-06-24 06:00 198456 ----a-w- c:\windows\SysWow64\MCI32.OCX
2014-02-04 13:10 . 2004-03-09 19:45 212240 ----a-w- c:\windows\SysWow64\richtx32.ocx
2014-02-04 10:35 . 2014-02-04 10:35 -------- d-----w- c:\programdata\Malwarebytes
2014-02-04 10:35 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-04 10:35 . 2014-02-04 10:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-04 09:02 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-02-04 09:01 . 2014-02-04 09:02 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-04 09:01 . 2014-02-04 09:02 -------- d-----w- c:\program files\iTunes
2014-02-04 08:59 . 2014-02-04 08:59 -------- d-----w- c:\program files\Bonjour
2014-02-04 08:59 . 2014-02-04 08:59 -------- d-----w- c:\program files (x86)\Bonjour
2014-02-04 08:05 . 2014-02-04 09:46 -------- d-----w- C:\history
2014-02-04 06:04 . 2014-02-04 06:04 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-02-04 06:04 . 2014-02-04 06:04 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-02-04 06:04 . 2014-02-04 06:04 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-02-04 06:04 . 2014-02-04 06:04 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-02-03 22:40 . 2013-12-04 00:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-03 13:38 . 2012-06-01 05:36 192000 ----a-w- c:\windows\system32\iisRtl.dll
2014-02-03 13:38 . 2012-06-01 05:34 55296 ----a-w- c:\windows\system32\admwprox.dll
2014-02-03 13:38 . 2012-06-01 04:37 154624 ----a-w- c:\windows\SysWow64\iisRtl.dll
2014-02-03 13:38 . 2012-06-01 04:35 50688 ----a-w- c:\windows\SysWow64\admwprox.dll
2014-02-03 13:38 . 2012-06-01 05:33 16896 ----a-w- c:\windows\system32\iisreset.exe
2014-02-03 13:38 . 2012-06-01 05:39 14848 ----a-w- c:\windows\system32\wamregps.dll
2014-02-03 13:38 . 2012-06-01 05:36 11264 ----a-w- c:\windows\system32\iisrstap.dll
2014-02-03 13:38 . 2012-06-01 05:35 60928 ----a-w- c:\windows\system32\ahadmin.dll
2014-02-03 13:38 . 2012-06-01 04:40 10752 ----a-w- c:\windows\SysWow64\wamregps.dll
2014-02-03 13:38 . 2012-06-01 04:35 26624 ----a-w- c:\windows\SysWow64\ahadmin.dll
2014-02-03 13:38 . 2012-06-01 04:34 15360 ----a-w- c:\windows\SysWow64\iisreset.exe
2014-02-03 13:38 . 2012-06-01 04:37 8192 ----a-w- c:\windows\SysWow64\iisrstap.dll
2014-02-03 07:11 . 2014-02-03 07:11 -------- d-----w- c:\programdata\Cisco Systems
2014-01-31 16:05 . 2014-01-31 16:05 -------- d-----w- c:\windows\SysWow64\BestPractices
2014-01-31 16:05 . 2014-01-31 16:05 -------- d-----w- c:\windows\system32\BestPractices
2014-01-31 16:05 . 2014-01-31 16:05 -------- d-----w- C:\inetpub
2014-01-31 14:46 . 2014-02-04 09:01 -------- d-----w- c:\program files\iPod
2014-01-31 14:46 . 2014-02-04 09:02 -------- d-----w- c:\program files (x86)\iTunes
2014-01-31 14:46 . 2014-01-31 14:46 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2014-01-31 14:42 . 2014-01-31 18:45 -------- d-----w- c:\program files (x86)\QuickTime
2014-01-31 14:42 . 2014-02-04 09:00 -------- d-----w- c:\program files (x86)\Apple Software Update
2014-01-31 14:42 . 2014-01-31 14:42 -------- d-----w- c:\program files\Common Files\Apple
2014-01-31 14:10 . 2014-01-31 14:25 -------- d-----w- C:\MATS
2014-01-31 12:06 . 2014-02-07 22:49 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-01-31 12:05 . 2014-01-31 12:05 -------- d-----w- c:\program files (x86)\DriverUpdate
2014-01-31 08:01 . 2013-11-26 07:07 2334208 ----a-w- c:\windows\system32\wininet.dll
2014-01-31 08:01 . 2013-11-26 06:40 1395200 ----a-w- c:\windows\system32\urlmon.dll
2014-01-31 08:01 . 2013-11-26 06:33 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2014-01-31 08:01 . 2013-11-26 08:02 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2014-01-31 08:01 . 2013-11-26 07:32 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-01-31 08:01 . 2013-11-26 07:48 12996608 ----a-w- c:\windows\system32\ieframe.dll
2014-01-31 08:01 . 2013-11-26 08:35 5769216 ----a-w- c:\windows\system32\jscript9.dll
2014-01-31 08:01 . 2013-11-26 08:16 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-01-31 04:58 . 2014-01-31 04:58 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20A5F431-CA2D-43F0-A776-226EEE7047C0}\gapaengine.dll
2014-01-31 04:52 . 2014-01-31 04:52 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-01-31 01:53 . 2014-01-31 01:53 -------- d-----w- c:\programdata\Oracle
2014-01-31 01:53 . 2014-01-31 01:53 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-01-31 01:52 . 2014-01-31 01:52 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-30 08:26 . 2014-01-30 08:26 -------- d-----w- c:\programdata\ATI
2014-01-29 16:37 . 2014-01-29 16:37 -------- d-----w- c:\program files (x86)\Evernote
2014-01-29 16:14 . 2014-01-29 16:14 -------- d-----w- c:\programdata\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-29 13:41 . 2013-12-16 09:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2471E54-C03B-4DA5-A4E5-1991C3FF2607}\mpengine.dll
2014-01-29 08:18 . 2014-01-31 04:52 -------- d-----w- c:\program files\Microsoft Security Client
2014-01-29 07:25 . 2014-01-29 13:25 -------- d-----w- c:\program files (x86)\MSECache
2014-01-29 06:59 . 2014-01-29 06:59 -------- d-----w- c:\programdata\BlueStacks
2014-01-29 06:56 . 2014-01-29 13:30 -------- d-----w- c:\program files (x86)\Common Files\Steam
2014-01-29 06:56 . 2014-02-07 01:33 -------- d-----w- c:\program files (x86)\Steam
2014-01-29 05:59 . 2014-01-30 08:13 -------- d-----w- c:\program files (x86)\AMD AVT
2014-01-29 05:58 . 2014-01-30 08:13 -------- d-----w- c:\program files (x86)\AMD APP
2014-01-29 05:58 . 2014-01-30 08:13 -------- d-----w- c:\program files\Common Files\ATI Technologies
2014-01-29 05:58 . 2014-01-30 08:13 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2014-01-29 05:57 . 2014-01-30 08:16 -------- d-----w- c:\programdata\AMD
2014-01-29 05:57 . 2010-02-18 14:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2014-01-29 05:57 . 2014-02-06 07:23 -------- d-----w- c:\program files (x86)\ATI Technologies
2014-01-29 05:53 . 2014-01-30 08:13 -------- d-----w- c:\program files\ATI Technologies
2014-01-29 05:52 . 2014-02-06 07:52 -------- d-----w- C:\AMD
2014-01-29 04:23 . 2014-01-30 08:14 -------- d-----w- c:\windows\Migration
2014-01-29 03:49 . 2014-01-29 03:49 -------- d-----w- c:\windows\Options
2014-01-29 03:49 . 2011-03-01 20:30 443040 ----a-w- c:\windows\system32\athihvs.dll
2014-01-29 03:03 . 2014-01-29 03:03 215336 ----a-w- c:\windows\system32\SynTPAPI.dll
2014-01-29 03:03 . 2014-01-29 03:03 147752 ----a-w- c:\windows\system32\SynTPCo4.dll
2014-01-29 03:03 . 2014-01-29 03:03 1390640 ----a-w- c:\windows\system32\drivers\SynTP.sys
2014-01-29 03:03 . 2014-01-29 03:03 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2014-01-29 03:03 . 2014-01-29 03:03 400168 ----a-w- c:\windows\system32\SynCOM.dll
2014-01-29 03:03 . 2014-01-29 03:03 271144 ----a-w- c:\windows\system32\SynCtrl.dll
2014-01-29 03:03 . 2014-01-29 03:03 214312 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2014-01-29 03:03 . 2014-01-29 03:03 173352 ----a-w- c:\windows\SysWow64\SynCOM.dll
2014-01-29 01:25 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-01-29 00:30 . 2014-01-29 00:30 -------- d-----w- c:\windows\CheckSur
2014-01-28 23:38 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-01-28 23:38 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-01-28 23:38 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2014-01-28 23:38 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2014-01-28 23:37 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-01-28 23:37 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-01-28 23:37 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2014-01-28 23:37 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2014-01-28 08:52 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-01-28 08:52 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-01-28 08:52 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-01-28 08:52 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-01-28 08:52 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-01-28 08:50 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-01-28 08:50 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-01-28 08:49 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2014-01-28 08:49 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-04 07:15 . 2009-08-18 19:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2014-02-04 07:15 . 2009-08-18 18:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-01-26 15:53 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2014-01-26 15:53 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-02-10 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2008-10-20 210208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-30 642304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-12-03 2355416]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_C6F09094;CyberLink Product - 2010/11/01 02:17;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
S2 DbgSvc;Debug Diagnostic Service;f:\hewlett-packard\New Folder\microsoftdiags\DbgSvc.exe;f:\hewlett-packard\New Folder\microsoftdiags\DbgSvc.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_C6F09094
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ   w3svc was
apphost REG_MULTI_SZ   apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-07 04:54]
.
2014-02-07 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2014-01-15 14:55]
.
2014-02-06 c:\windows\Tasks\HPCeeScheduleForMiles Bedard.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}]
2013-12-04 19:46 180840 ----a-w- c:\program files\Highlightly\IE\HighlightlyClientIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-01-29 21720]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-07  20:00:16
ComboFix-quarantined-files.txt  2014-02-08 01:00
.
Pre-Run: 553,700,900,864 bytes free
Post-Run: 556,424,663,040 bytes free
.
- - End Of File - - A74EE4B622E2B14CDF41F8CE5BB29C49
DCDDF663E3442F16BAAB51801C093403
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:09 PM

Posted 12 February 2014 - 09:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:09 PM

Posted 18 February 2014 - 08:58 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users