Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible RAT or virus............P.S Ive Been ratted before


  • This topic is locked This topic is locked
13 replies to this topic

#1 redbull666

redbull666

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney
  • Local time:01:20 PM

Posted 24 February 2014 - 07:40 AM

Hello 

 

I have previously been the victim of targeted hacking ( unfortunately  i knew who my attacker was,but i just couldn't stop them  ) had several pc`s   hacked , Even bought a new  $1800 i mac with little snitch installed , two weeks later little snitch was grayed out and i had a second user logged in and password protected. I had my passwords to Facebook ,gmail , Hotmail and my website over 20 times .

I have been using Linux Live cd`s for the last 12 months and haven't had to change a password since. 

 

Regaurdless i still use a windows computer for everyday things. This  current laptop  was playing up a few weeks ago , i ran hijackthis  ,and in the report found many files missing and many more unknown owners 

 

Example 

@%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner 

C:\Windows\system32\lsass.exe (file missing)

 

So i just decided it was easier to restore this computer to factory original ( pre installed windows ) however i choose the option to keep the old files in a backup folder  on this  computer. 

 

Could somebody read the dds logs below and tell me if they see issues 

 

Thanking you in advance 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.17267  BrowserJavaVersion: 10.51.2
Run by runrabbit at 16:17:04 on 2014-02-23
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.61.1033.18.2807.1228 [GMT 0:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
C:\Program Files\COMODO\GeekBuddy\unit.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c09&m=eme732z&r=27360214h216l0453z1j5r47m1t284
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c09&m=eme732z&r=27360214h216l0453z1j5r47m1t284
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c09&m=eme732z&r=27360214h216l0453z1j5r47m1t284
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c09&m=eme732z&r=27360214h216l0453z1j5r47m1t284
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Users\runrabbit\Music\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Users\runrabbit\Music\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
StartupFolder: C:\Users\RUNRAB~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HMAPRO~1.LNK - C:\Program Files (x86)\HMA! Pro VPN\bin\HMA! Pro VPN.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files\COMODO\GeekBuddy\launcher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoRecentDocsNetHood = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoRecentDocsNetHood = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{892BD6CD-3890-45EB-9046-7EE726D73038} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{D5A01420-A0CF-4BD5-AA8A-94936FE019E9} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{D5A01420-A0CF-4BD5-AA8A-94936FE019E9} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D5A01420-A0CF-4BD5-AA8A-94936FE019E9}\2757E6271626269647 : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{D5A01420-A0CF-4BD5-AA8A-94936FE019E9}\2757E6271626269647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FAE6364B-2EEE-48CD-9479-3E2AE8299399} : NameServer = 156.154.70.22,156.154.71.22
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c09&m=eme732z&r=27360214h216l0453z1j5r47m1t284
x64-mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c09&m=eme732z&r=27360214h216l0453z1j5r47m1t284
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 CFRMD;CFRMD;C:\Windows\System32\drivers\CFRMD.sys [2013-5-7 37976]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-9-24 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-11-14 709144]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-9-24 48872]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver;C:\Windows\System32\drivers\hmd.sys [2013-10-7 14888]
R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2014-1-20 70352]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-1-28 2135232]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-7-26 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [2014-2-12 868896]
R2 GeekBuddyRSP;GeekBuddyRSP Server;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2014-1-20 2327248]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-26 13336]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-2-12 2320920]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-26 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-7-26 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-7-26 271872]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-6-8 406056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-6-10 40448]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-9-24 164056]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-2-12 1255736]
.
=============== Created Last 30 ================
.
2014-02-23 11:35:29 -------- d-----w- C:\Program Files (x86)\Common Files\COMODO
2014-02-23 00:22:59 -------- d-----w- C:\Users\runrabbit\AppData\Roaming\Process Hacker 2
2014-02-22 14:03:20 -------- d-----w- C:\Program Files\Microsoft Windows Performance Toolkit
2014-02-22 14:03:03 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2014-02-22 14:02:35 -------- d-----w- C:\Program Files\Debugging Tools for Windows (x64)
2014-02-22 14:02:24 -------- d-----w- C:\Program Files (x86)\Application Verifier
2014-02-22 14:02:23 -------- d-----w- C:\Program Files\Application Verifier (x64)
2014-02-22 14:01:03 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-02-21 21:50:22 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-02-21 21:50:22 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2014-02-21 21:50:22 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2014-02-21 18:32:38 -------- d-s---w- C:\ProgramData\Shared Space
2014-02-21 18:31:48 -------- d-----w- C:\ProgramData\COMODO
2014-02-21 18:31:26 -------- d-----w- C:\Program Files\COMODO
2014-02-21 18:31:07 -------- d-----w- C:\Users\runrabbit\AppData\Local\Comodo
2014-02-21 18:31:05 -------- d-----w- C:\first_launch
2014-02-21 18:31:03 57096 ----a-w- C:\Windows\System32\certsentry.dll
2014-02-21 18:31:03 48392 ----a-w- C:\Windows\SysWow64\certsentry.dll
2014-02-21 18:30:51 -------- d-----w- C:\Program Files (x86)\Comodo
2014-02-21 18:30:41 -------- d-----w- C:\ProgramData\Comodo Downloader
2014-02-21 17:43:44 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 17:43:44 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-21 17:36:48 -------- d-----w- C:\Windows\en
2014-02-21 17:30:40 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2014-02-21 17:30:40 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2014-02-21 17:30:40 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2014-02-21 17:30:40 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2014-02-21 17:30:19 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\96608f661cf2f2a08\DSETUP.dll
2014-02-21 17:30:19 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\96608f661cf2f2a08\DXSETUP.exe
2014-02-21 17:30:19 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\96608f661cf2f2a08\dsetup32.dll
2014-02-21 17:30:17 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\956a1dda1cf2f2a07\DSETUP.dll
2014-02-21 17:30:17 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\956a1dda1cf2f2a07\DXSETUP.exe
2014-02-21 17:30:17 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\956a1dda1cf2f2a07\dsetup32.dll
2014-02-21 17:29:49 -------- d-----w- C:\Users\runrabbit\AppData\Local\Windows Live
2014-02-21 17:29:01 206848 ----a-w- C:\Windows\System32\mfps.dll
2014-02-21 17:29:00 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2014-02-21 17:29:00 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2014-02-21 17:29:00 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2014-02-21 17:28:59 4068864 ----a-w- C:\Windows\System32\mf.dll
2014-02-21 17:28:59 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2014-02-21 17:28:58 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2014-02-21 12:41:08 -------- d-----w- C:\Users\runrabbit\AppData\Local\Diagnostics
2014-02-20 14:32:41 -------- d-----w- C:\ProgramData\VirtualizedApplications
2014-02-20 12:33:21 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2014-02-20 12:29:35 -------- d-----w- C:\Users\runrabbit\AppData\Local\Microsoft Help
2014-02-20 12:27:11 -------- d-----w- C:\ProgramData\Oracle
2014-02-20 12:24:45 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-20 12:21:14 -------- d-----w- C:\Users\runrabbit\AppData\Local\SoftGrid Client
2014-02-20 12:21:09 -------- d-----w- C:\Users\runrabbit\AppData\Roaming\SoftGrid Client
2014-02-20 12:19:56 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-02-20 12:19:35 -------- d-----w- C:\Users\runrabbit\AppData\Roaming\TP
2014-02-20 10:23:15 -------- d-----w- C:\Users\runrabbit\AppData\Roaming\Windows Live Writer
2014-02-20 10:23:15 -------- d-----w- C:\Users\runrabbit\AppData\Local\Windows Live Writer
2014-02-18 23:08:56 571576 ----a-w- C:\Users\runrabbit\AppData\Roaming\Microsoft\Office on Demand\office_en-us_.exe
2014-02-18 10:34:59 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-02-18 10:34:59 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-02-18 10:34:59 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-02-18 10:32:27 15584 ----a-w- C:\Users\runrabbit\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2014-02-17 07:53:27 -------- d-----w- C:\Program Files (x86)\OpenVPN
2014-02-13 13:13:35 -------- d-----w- C:\Users\runrabbit\AppData\Local\IsolatedStorage
2014-02-13 13:09:51 -------- d-----w- C:\Program Files (x86)\HMA! Pro VPN
2014-02-13 07:45:15 -------- d-----w- C:\Users\runrabbit\AppData\Roaming\Helios
2014-02-13 05:42:28 -------- d-----w- C:\Program Files\TextPad 7
2014-02-13 05:34:44 -------- d-----w- C:\Users\runrabbit\AppData\Local\DigiDNA
2014-02-13 05:25:07 567848 ----a-w- C:\Program Files\Common Files\Microsoft Shared\dao\dao360.dll
2014-02-12 09:40:00 -------- d-----w- C:\Users\runrabbit\AppData\Roaming\Foxit Software
2014-02-12 09:39:59 -------- d-----w- C:\Users\runrabbit\AppData\Local\Programs
2014-02-12 07:56:50 -------- d-----w- C:\Windows\System32\drivers\NISx64\1207020.003
2014-02-12 05:59:30 -------- d-----w- C:\Windows\NAPP_Dism_Log
2014-02-12 05:55:14 -------- d-----w- C:\Users\runrabbit\AppData\Local\Google
2014-02-12 05:51:41 -------- d-----w- C:\Users\runrabbit\AppData\Local\Apple Computer
2014-02-12 05:51:37 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2014-02-12 05:50:18 -------- d-----w- C:\Users\runrabbit\AppData\Local\Apple
2014-02-12 05:49:54 -------- d-----w- C:\Program Files\Bonjour
2014-02-12 05:49:54 -------- d-----w- C:\Program Files (x86)\Bonjour
2014-02-12 05:48:03 -------- d-----w- C:\Program Files\Symantec
2014-02-12 05:48:03 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2014-02-12 05:47:57 -------- d-----w- C:\Users\runrabbit\AppData\Roaming\Intel Corporation
2014-02-12 05:47:14 -------- d-----w- C:\Users\runrabbit\AppData\Local\VirtualStore
2014-02-12 05:46:22 -------- d-----w- C:\Program Files\eMachines Accessory Store
2014-02-12 05:27:46 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2014-02-12 05:27:46 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2014-02-12 05:24:54 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2014-02-12 05:24:54 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2014-02-12 05:24:42 208896 ----a-w- C:\Windows\System32\profsvc.dll
2014-02-12 05:24:39 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2014-02-12 05:24:39 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2014-02-12 05:24:39 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-02-12 05:24:37 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2014-02-12 05:24:37 31232 ----a-w- C:\Windows\System32\prevhost.exe
2014-02-12 05:19:37 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2014-02-12 05:19:37 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2014-02-12 05:19:34 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-02-12 05:18:09 -------- d-----w- C:\Windows\PCHEALTH
2014-02-12 05:17:04 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2014-02-12 05:16:08 1819648 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\Office14\Word.en-us\WordMUI.msi
2014-02-12 05:14:59 1100664 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\Office14\setup.exe
2014-02-12 05:14:58 1628560 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\OStarter\en-us\SetupConsumerC2ROLW.exe
2014-02-12 05:14:58 1628560 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\OStarter\en-us\SetupConsumerC2R.exe
2014-02-12 05:14:57 5336456 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\OStarter\en-us\Office.exe
2014-02-12 05:14:57 18336 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\OStarter\en-us\launchofficeintl.dll
2014-02-12 05:14:38 33000960 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\OStarter\en-us\click2run64.msi
2014-02-12 05:14:38 26051072 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\OStarter\en-us\click2run.msi
2014-02-12 05:11:10 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2014-02-12 05:09:59 -------- d-----w- C:\Program Files (x86)\Video Web Camera
2014-02-12 05:08:25 -------- d-----w- C:\Windows\SysWow64\RTCOM
2014-02-12 05:05:44 -------- d-----w- C:\Program Files (x86)\Launch Manager
2014-02-12 04:50:34 -------- d-----r- C:\Backup
2014-02-12 04:22:03 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2014-02-12 04:22:03 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2014-02-12 04:22:03 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2014-02-12 04:22:03 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-02-12 04:20:59 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-02-12 04:20:59 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-02-12 04:20:59 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-02-12 04:20:59 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-02-12 04:20:58 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-02-12 04:20:58 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-02-12 04:20:58 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-02-12 04:19:47 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2014-02-12 04:19:47 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2014-02-12 04:16:30 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-02-12 04:16:30 627712 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-02-12 04:16:23 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2014-02-12 04:15:54 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-02-12 04:15:53 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2014-02-12 04:15:53 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2014-02-12 04:15:53 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-02-12 04:15:24 515584 ----a-w- C:\Windows\System32\timedate.cpl
2014-02-12 04:15:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2014-02-12 04:15:23 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2014-02-12 04:15:23 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2014-02-12 01:48:50 -------- d-----w- C:\Windows\System32\MRT
2014-02-12 00:54:59 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2014-02-12 00:54:59 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2014-02-12 00:54:59 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2014-02-12 00:54:59 444752 ----a-w- C:\Windows\System32\mscoree.dll
2014-02-12 00:54:59 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2014-02-12 00:54:59 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2014-02-12 00:54:59 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2014-02-12 00:54:59 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-02-12 00:54:59 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2014-02-12 00:54:58 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2014-02-12 00:40:23 46080 ----a-w- C:\Windows\System32\atmlib.dll
2014-02-12 00:40:23 367616 ----a-w- C:\Windows\System32\atmfd.dll
2014-02-12 00:40:23 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2014-02-12 00:40:23 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2014-02-12 00:32:49 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2014-02-12 00:32:49 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-02-12 00:32:49 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2014-02-12 00:32:48 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-02-12 00:32:48 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-02-12 00:17:31 2001408 ----a-w- C:\Windows\System32\msxml6.dll
2014-02-12 00:17:31 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-12 00:17:30 1388544 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-02-12 00:17:30 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-12 00:16:38 148992 ----a-w- C:\Windows\System32\t2embed.dll
2014-02-12 00:16:38 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2014-02-12 00:14:47 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2014-02-12 00:14:46 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2014-02-12 00:14:46 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2014-02-12 00:14:46 2691072 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-02-12 00:14:46 158208 ----a-w- C:\Windows\System32\aaclient.dll
2014-02-12 00:14:46 131072 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-02-12 00:14:21 1653096 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-02-12 00:14:20 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2014-02-12 00:14:16 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2014-02-12 00:14:15 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2014-02-12 00:12:53 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-02-12 00:11:59 287576 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-02-12 00:10:57 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2014-02-12 00:09:50 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
2014-02-12 00:08:57 2080256 ----a-w- C:\Program Files\Windows Mail\msoe.dll
2014-02-12 00:07:58 112000 ----a-w- C:\Windows\System32\consent.exe
2014-02-12 00:04:46 1462784 ----a-w- C:\Windows\System32\crypt32.dll
2014-02-12 00:04:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2014-02-12 00:04:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2014-02-12 00:04:45 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2014-02-12 00:04:45 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-02-12 00:04:45 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2014-02-12 00:02:38 -------- d-----w- C:\Program Files\CCleaner
2014-02-11 23:56:22 -------- d-----w- C:\Users\runrabbit\AppData\Local\Wondershare
2014-02-11 23:56:22 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
2014-02-11 23:54:42 -------- d-----w- C:\Users\runrabbit\AppData\Roaming\DiskAid
2014-02-11 23:54:18 -------- d-----w- C:\Program Files (x86)\DigiDNA
2014-02-11 23:51:33 -------- d-----w- C:\Program Files\iPod
2014-02-11 23:51:32 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-11 23:51:32 -------- d-----w- C:\Program Files\iTunes
2014-02-11 23:51:32 -------- d-----w- C:\Program Files (x86)\iTunes
2014-02-11 23:46:28 -------- d-----w- C:\Users\runrabbit\AppData\Local\Apps
2014-02-11 23:46:27 -------- d-----w- C:\Users\runrabbit\AppData\Local\Deployment
2014-02-11 23:38:55 77312 ----a-w- C:\Windows\System32\packager.dll
2014-02-11 23:38:55 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-02-11 23:33:14 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-02-11 23:31:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2014-02-11 23:31:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2014-02-11 23:31:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2014-02-11 23:31:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2014-02-11 23:31:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2014-02-11 23:18:16 -------- d-----w- C:\Users\runrabbit\AppData\Local\Adobe
2014-02-11 23:07:58 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2014-02-11 23:07:53 99840 ----a-w- C:\Windows\System32\wudriver.dll
2014-02-11 23:07:44 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-02-11 23:07:44 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2014-02-11 22:58:26 -------- d-----w- C:\Users\runrabbit\AppData\Roaming\Tific
2014-02-11 22:58:25 -------- d-----w- C:\Users\runrabbit\AppData\Local\Symantec
2014-02-11 22:07:34 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2014-02-11 22:06:25 -------- d-----w- C:\Program Files\Common Files\Intel
2014-02-11 22:06:25 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2014-02-09 20:43:37 -------- d-----w- C:\MGtools
2014-02-09 20:19:18 -------- d-----w- C:\AdwCleaner
2014-01-31 01:40:50 -------- d--h--w- C:\VTRoot
.
==================== Find3M  ====================
.
.
============= FINISH: 16:18:21.70 ===============
 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:20 AM

Posted 25 February 2014 - 06:16 PM

Hi redbull666 and Welcome to Bleeping Computer.

I am currently looking though your logs and will advice you on what to do in my next reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 redbull666

redbull666
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney
  • Local time:01:20 PM

Posted 26 February 2014 - 07:46 AM

SpywareHammer 

 

Cool , glad to hear your looking into the logs , your have made my day , thanks !!



#4 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:20 AM

Posted 26 February 2014 - 04:06 PM

Hello redbull666

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

This current laptop was playing up a few weeks ago , i ran hijackthis ,and in the report found many files missing and many more unknown owners


HijackThis doesn't support 64-bit operating systems. Please ignore anything you saw on this program.

Step 1

Please download ADWCleaner to your desktop:
http://www.bleepingcomputer.com/download/adwcleaner/

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Step 2

1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/
2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe

Image1.png

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

mbarwm.png

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

Image2.png

7. The following image opens, select Update

Image3.png

8. When the Update completes, select Next

Image4.png

9. In the following window ensure "Targets" are ticked. Then select "Scan"

Image5.png

10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

MBAntiRKclean.png

11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

MBAntiRKclean1.png

12. Select "Yes" to close down the program. If NO infections were found you will see the following image:

Image6.png

13. Select "Exit" to close down.
14. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log Date and time of scan will also be shown

Image10.png


Post those two logs in your reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#5 redbull666

redbull666
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney
  • Local time:01:20 PM

Posted 26 February 2014 - 08:35 PM

SpywareHammer

 

Ok , i ran adware cleaner and nothing was detected

i mis read the instructions and let it do a reboot and it  detected

 

Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\Partner
Folder Found C:\Users\ben\AppData\Local\Conduit

I have posted the logs from malwarebytes below and nothing was detected.

 

 

The Logs are below

 

Also you will see not active partitions , this is because i had grub for dos with  Ubuntu  , i have since uninstalled Ubuntu, but  the Partition remains and  is NOT ACTIVE

 

Thanking you in advance 

 

 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
 
Database version: v2014.02.26.10
 
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
runrabbit :: RUNRABBIT-PC [administrator]
 
27/02/2014 12:28:19 AM
mbar-log-2014-02-27 (00-28-19).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 240737
Time elapsed: 20 minute(s), 55 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7600 Windows 7 x64
 
Account is Administrative
 
Internet Explorer version: 8.0.7600.16385
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 2943156224, free: 1218945024
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7600 Windows 7 x64
 
Account is Administrative
 
Internet Explorer version: 8.0.7600.16385
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 2943156224, free: 1740103680
 
Could not load protection driver
Downloaded database version: v2014.02.26.10
Downloaded database version: v2014.02.20.01
=======================================
Initializing...
------------ Kernel report ------------
     02/27/2014 00:28:11
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\DRIVERS\cmderd.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\cmdguard.sys
\SystemRoot\system32\DRIVERS\CFRMD.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\cmdhlp.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\inspect.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\hmd.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\HTTP.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\usp10.dll
\Windows\System32\advapi32.dll
\Windows\System32\shell32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\wininet.dll
\Windows\System32\ole32.dll
\Windows\System32\imm32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msctf.dll
\Windows\System32\psapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\lpk.dll
\Windows\System32\difxapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\nsi.dll
\Windows\System32\urlmon.dll
\Windows\System32\clbcatq.dll
\Windows\System32\rpcrt4.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80030f0060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8002f89050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80030f0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80030f0ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80030f0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8002f89050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9FE9AFEA
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 27262976
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 27265024  Numsec = 204800
    Partition is not bootable
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 27469824  Numsec = 524580864
 
    Partition 3 type is Extended with CSH (0x5)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 552052734  Numsec = 73089026
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-27265024-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished


#6 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:20 AM

Posted 28 February 2014 - 02:40 PM

Hi redbull666

More information about Installing and run Combofix can be found HERE

Please download ComboFix from one of the following locations:
 

**IMPORTANT! Save ComboFix to your Desktop. Read the following thoroughly

  • Close any open browsers and Programs.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on 'ComboFix.exe' & follow the prompts.
  • If ComboFix finds any Updates, Please allow ComboFix to run them.
     
  • ComboFix will now disconnect your computer from the Internet and start scanning for Malware so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection. please be patient.
  • When the scan finished, it will delete the malware found and reboot your computer automatically. Don't reboot your computer manually, let ComboFix do it.
  • Once your computer is rebooted, ComboFix will start preparing a log. Please let it do so unhindered.

If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

Please include the contents of C:\ComboFix.txt in your next reply.

Please Enable your Anti-virus Software again !!

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making Internet Explorer the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.


Edited by seedy21, 28 February 2014 - 02:42 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#7 redbull666

redbull666
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney
  • Local time:01:20 PM

Posted 28 February 2014 - 11:44 PM

Thanks for getting back to me 
 
I followed all your instructions 
 
After the scan,  windows rebooted , combofix opened a CMD window and said it was making a report 
It took a long time then a window popped up saying 
 
C;\Windows\system32\GfxUI.exe 
A device attached to the system is not functioning 
 
I clicked ok , and it continued to generate the report as seen below 
 
 
 
 
ComboFix 14-02-24.02 - runrabbit 01/03/2014   1:49.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.61.1033.18.2807.1458 [GMT 0:00]
Running from: c:\users\runrabbit\Desktop\ComboFix.exe
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\Documents\NTIMMV9Acer.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-01 to 2014-03-01  )))))))))))))))))))))))))))))))
.
.
2014-02-27 06:54 . 2012-08-21 13:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-02-27 06:53 . 2014-02-27 06:53 -------- d-----w- c:\program files\iPod
2014-02-27 06:53 . 2014-02-27 06:54 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-27 06:53 . 2014-02-27 06:54 -------- d-----w- c:\program files\iTunes
2014-02-27 06:53 . 2014-02-27 06:54 -------- d-----w- c:\program files (x86)\iTunes
2014-02-27 06:52 . 2014-02-27 06:52 -------- d-----w- c:\program files (x86)\Apple Software Update
2014-02-27 06:52 . 2014-02-27 06:52 -------- d-----w- c:\program files\Common Files\Apple
2014-02-27 06:52 . 2014-02-27 06:52 -------- d-----w- c:\program files\Bonjour
2014-02-27 06:52 . 2014-02-27 06:52 -------- d-----w- c:\program files (x86)\Bonjour
2014-02-27 00:28 . 2014-02-27 00:28 -------- d-----w- c:\programdata\Malwarebytes
2014-02-27 00:28 . 2014-02-27 00:55 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-27 00:28 . 2014-02-27 00:28 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-27 00:20 . 2014-02-27 00:20 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-23 00:28 . 2014-02-23 00:28 -------- d-----w- c:\program files\Microsoft SDKs
2014-02-22 14:03 . 2014-02-22 14:03 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2014-02-22 14:03 . 2014-02-22 14:03 -------- d-----w- c:\program files\Microsoft Help Viewer
2014-02-22 14:02 . 2014-02-22 14:02 -------- d-----w- c:\program files\Debugging Tools for Windows (x64)
2014-02-22 14:02 . 2014-02-22 14:02 -------- d-----w- c:\program files (x86)\Application Verifier
2014-02-22 14:02 . 2014-02-22 14:02 -------- d-----w- c:\program files\Application Verifier (x64)
2014-02-22 14:01 . 2014-02-22 14:01 -------- d-----w- c:\windows\symbols
2014-02-22 14:01 . 2014-02-22 14:01 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2014-02-21 21:50 . 2014-02-21 21:50 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-02-21 21:50 . 2014-02-21 21:50 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2014-02-21 21:50 . 2014-02-21 21:50 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2014-02-21 18:32 . 2014-02-21 18:35 -------- d-s---w- c:\programdata\Shared Space
2014-02-21 18:31 . 2014-02-21 18:34 -------- d-----w- c:\programdata\COMODO
2014-02-21 18:31 . 2014-02-21 18:32 -------- d-----w- c:\program files\COMODO
2014-02-21 18:31 . 2014-02-21 18:31 -------- d-----w- C:\first_launch
2014-02-21 18:31 . 2014-02-21 21:50 57096 ----a-w- c:\windows\system32\certsentry.dll
2014-02-21 18:31 . 2014-02-21 21:50 48392 ----a-w- c:\windows\SysWow64\certsentry.dll
2014-02-21 18:30 . 2014-02-21 21:50 -------- d-----w- c:\program files (x86)\Comodo
2014-02-21 18:30 . 2014-02-21 18:30 -------- d-----w- c:\programdata\Comodo Downloader
2014-02-21 17:43 . 2014-02-21 17:43 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 17:43 . 2014-02-21 17:43 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-21 17:43 . 2014-02-21 17:43 -------- d-----w- c:\windows\system32\Macromed
2014-02-21 17:36 . 2014-02-21 17:36 -------- d-----w- c:\windows\en
2014-02-21 17:33 . 2014-02-21 17:33 -------- d-----w- c:\program files\Windows Live
2014-02-21 17:30 . 2009-09-04 17:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2014-02-21 17:30 . 2009-09-04 17:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2014-02-21 17:30 . 2009-09-04 17:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2014-02-21 17:30 . 2009-09-04 17:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2014-02-21 17:29 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll
2014-02-21 17:29 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2014-02-21 17:29 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2014-02-21 17:29 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2014-02-21 17:28 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2014-02-21 17:28 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll
2014-02-21 17:28 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2014-02-20 23:21 . 2014-02-20 23:21 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-02-20 14:32 . 2014-02-20 14:33 -------- d-----w- c:\programdata\VirtualizedApplications
2014-02-20 14:23 . 2014-02-20 14:23 -------- d-----w- c:\windows\Sun
2014-02-20 12:33 . 2014-02-20 12:33 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2014-02-20 12:29 . 2014-02-24 12:58 -------- d-----w- c:\programdata\Microsoft Help
2014-02-20 12:29 . 2014-02-20 12:29 -------- d-----r- C:\MSOCache
2014-02-20 12:27 . 2014-02-20 12:27 -------- d-----w- c:\programdata\Oracle
2014-02-20 12:25 . 2014-02-20 12:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-02-20 12:24 . 2014-02-20 12:24 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-20 12:19 . 2014-02-21 10:17 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2014-02-20 12:19 . 2014-02-20 12:19 -------- d-----w- c:\program files\Microsoft Office
2014-02-18 10:34 . 2011-03-29 03:32 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-02-18 10:34 . 2011-03-29 03:32 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-02-18 10:34 . 2011-03-29 03:32 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-02-17 07:53 . 2014-02-17 07:53 -------- d-----w- c:\program files (x86)\OpenVPN
2014-02-13 13:09 . 2014-02-18 00:44 -------- d-----w- c:\program files (x86)\HMA! Pro VPN
2014-02-13 05:42 . 2014-02-13 05:42 -------- d-----w- c:\program files\TextPad 7
2014-02-13 05:26 . 2014-02-20 12:31 -------- d-----w- c:\program files (x86)\Microsoft.NET
2014-02-13 05:25 . 2003-11-12 13:17 567848 ----a-w- c:\program files\Common Files\Microsoft Shared\dao\dao360.dll
2014-02-12 09:40 . 2014-02-12 09:40 -------- d-----w- c:\users\Public\Foxit Software
2014-02-12 07:56 . 2014-02-23 01:34 -------- d-----w- c:\windows\system32\drivers\NISx64\1207020.003
2014-02-12 05:59 . 2014-02-12 05:59 -------- d-----w- c:\windows\NAPP_Dism_Log
2014-02-12 05:51 . 2014-02-27 06:54 -------- dc----w- c:\windows\system32\DRVSTORE
2014-02-12 05:50 . 2014-02-12 05:50 -------- d-----w- c:\programdata\Apple Computer
2014-02-12 05:49 . 2014-02-27 06:53 -------- d-----w- c:\program files (x86)\Common Files\Apple
2014-02-12 05:49 . 2014-02-27 06:51 -------- d-----w- c:\programdata\Apple
2014-02-12 05:48 . 2014-02-23 01:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2014-02-12 05:48 . 2014-02-11 23:12 -------- d-----w- c:\program files\Symantec
2014-02-12 05:46 . 2014-02-12 05:46 -------- d-----w- c:\users\Public\Symantec
2014-02-12 05:46 . 2014-02-12 05:46 -------- d-----w- c:\program files\eMachines Accessory Store
2014-02-12 05:45 . 2014-02-23 01:44 -------- d-----w- c:\users\runrabbit
2014-02-12 05:45 . 2014-02-12 05:45 -------- d-----w- C:\Recovery
2014-02-12 05:27 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2014-02-12 05:27 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2014-02-12 05:24 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2014-02-12 05:24 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2014-02-12 05:24 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2014-02-12 05:24 . 2011-06-16 05:31 199680 ----a-w- c:\windows\system32\xmllite.dll
2014-02-12 05:24 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-02-12 05:24 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-02-12 05:24 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-02-12 05:24 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2014-02-12 05:24 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2014-02-12 05:19 . 2006-11-29 13:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2014-02-12 05:19 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2014-02-12 05:19 . 2014-02-20 12:31 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2014-02-12 05:18 . 2014-02-21 17:36 -------- d-----w- c:\program files (x86)\Windows Live
2014-02-12 05:18 . 2014-02-12 05:18 -------- d-----w- c:\windows\PCHEALTH
2014-02-12 05:17 . 2014-02-12 05:17 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2014-02-12 05:16 . 2010-03-30 11:28 1819648 ----a-w- c:\programdata\Microsoft\OEMOffice14\Office14\Word.en-us\WordMUI.msi
2014-02-12 05:14 . 2010-03-11 12:50 1100664 ----a-w- c:\programdata\Microsoft\OEMOffice14\Office14\setup.exe
2014-02-12 05:14 . 2010-03-30 08:07 1628560 ----a-w- c:\programdata\Microsoft\OEMOffice14\OStarter\en-us\SetupConsumerC2ROLW.exe
2014-02-12 05:14 . 2010-03-30 08:07 1628560 ----a-w- c:\programdata\Microsoft\OEMOffice14\OStarter\en-us\SetupConsumerC2R.exe
2014-02-12 05:14 . 2010-02-27 18:33 5336456 ----a-w- c:\programdata\Microsoft\OEMOffice14\OStarter\en-us\Office.exe
2014-02-12 05:14 . 2010-02-27 18:33 18336 ----a-w- c:\programdata\Microsoft\OEMOffice14\OStarter\en-us\launchofficeintl.dll
2014-02-12 05:14 . 2010-03-30 03:18 33000960 ----a-w- c:\programdata\Microsoft\OEMOffice14\OStarter\en-us\click2run64.msi
2014-02-12 05:14 . 2010-03-30 03:14 26051072 ----a-w- c:\programdata\Microsoft\OEMOffice14\OStarter\en-us\click2run.msi
2014-02-12 05:11 . 2014-02-12 05:11 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2014-02-12 05:09 . 2014-02-12 05:09 -------- d-----w- c:\program files (x86)\Video Web Camera
2014-02-12 05:08 . 2014-02-12 05:08 -------- d-----w- c:\windows\SysWow64\RTCOM
2014-02-12 05:05 . 2014-02-12 05:05 -------- d-----w- c:\program files (x86)\Launch Manager
2014-02-12 04:50 . 2014-02-12 05:39 -------- d-----r- C:\Backup
2014-02-12 04:22 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-02-12 04:22 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-02-12 04:22 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-02-12 04:22 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-02-12 04:20 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-02-12 04:20 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-02-12 04:20 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-02-12 04:20 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-02-12 04:20 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-02-12 04:20 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-02-12 04:20 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-02-12 04:19 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2014-02-12 04:19 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2014-02-12 04:16 . 2012-11-22 10:32 801280 ----a-w- c:\windows\system32\usp10.dll
2014-02-12 04:16 . 2012-11-22 09:33 627712 ----a-w- c:\windows\SysWow64\usp10.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 17:32 . 2010-06-24 11:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-02-09 20:58 . 2014-02-09 20:43 139345 ----a-w- C:\MGlogs.zip
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-07-25 1985824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"tvncontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2014-02-27 2327248]
.
c:\users\runrabbit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HMA Pro VPN 2.0.lnk - c:\program files (x86)\HMA! Pro VPN\bin\HMA! Pro VPN.exe -minimized [2013-11-26 2150312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files\COMODO\GeekBuddy\launcher.exe "unit_manager.exe" [2014-2-27 48848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\runrabbit\Downloads\RealTemp_370\WinRing0x64.sys;c:\users\runrabbit\Downloads\RealTemp_370\WinRing0x64.sys [x]
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\DRIVERS\hmd.sys;c:\windows\SYSNATIVE\DRIVERS\hmd.sys [x]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [x]
S2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-23 00:22 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11 23:01]
.
2014-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11 23:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2010-06-11 861216]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-11-11 1612504]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c09&m=eme732z&r=27360214h216l0453z1j5r47m1t284
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c09&m=eme732z&r=27360214h216l0453z1j5r47m1t284
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c09&m=eme732z&r=27360214h216l0453z1j5r47m1t284
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{D5A01420-A0CF-4BD5-AA8A-94936FE019E9}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{D5A01420-A0CF-4BD5-AA8A-94936FE019E9}\2757E6E696E676271626269647: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{FAE6364B-2EEE-48CD-9479-3E2AE8299399}: NameServer = 156.154.70.22,156.154.71.22
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Sidebar - c:\program files\Windows Sidebar\sidebar.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2508722404-1516347638-2357260315-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2508722404-1516347638-2357260315-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\HMA! Pro VPN\bin\HMA! Pro VPN.exe
.
**************************************************************************
.
Completion time: 2014-03-01  03:14:48 - machine was rebooted
ComboFix-quarantined-files.txt  2014-03-01 03:14
.
Pre-Run: 186,268,991,488 bytes free
Post-Run: 187,463,884,800 bytes free
.
- - End Of File - - 50D7D567179C5C2E421CBEEE6BB270C8


#8 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:20 AM

Posted 01 March 2014 - 12:16 PM

Hi redbull666

Did you install HMA! Pro VPN 2.8.3.1 ?

Also can you confirm what make your Router is? ( The box that gives you Internet in your house)


Perform an Online Antivirus Scan with ESET:


Note:ESET recommends disabling your resident antivirus's active protection component BEFORE scanning , how to do so can be read here. Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan. If you are using Vista or Windows 7 or 8, launch Internet Explorer by right-clicking the Start Menu icon & selecting "Run as Administrator".
 

  • Please go here then click on Run ESET ONLINE SCANNER
  • Select the option YES, I accept the Terms of Use then click on START
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked.
  • Now click on Advanced Settings and select the following:

     
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on START
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    When the scan is complete,

    If no threats were found:
  • Check in "Uninstall application on close"
  • Close program
    If threats were found:
     
  • Select "list of threats found"
  • Select "Export to Text File" & Save the Report to your Desktop as ESETScanLog"
  • Select Back
  • Place a checkmark in "Uninstall application on close"
  • Select Finish & Exit the program
  • Copy and paste ESETScanLog.txt in your next reply

Edited by seedy21, 01 March 2014 - 12:17 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#9 redbull666

redbull666
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney
  • Local time:01:20 PM

Posted 02 March 2014 - 07:13 AM

Firstly thank you for pursuing this matter 
 
Yes i use Hide my ass 
Also i have 1 tp- link  router modem  downstairs , another wireless router ( D-Link )  upstairs that i connect to via wifi  
 
I ran the online scanner and it found the following. 
 
 
C:\Backup\ben\Downloads\cbsidlm-cbsi176-Acer_Drivers_Update_Utility-ORG-75183725.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Backup\ben\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\MGtools\Process.exe Win32/PrcView potentially unsafe application deleted - quarantined


#10 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:20 AM

Posted 03 March 2014 - 03:35 AM

Hi redbull666

Good news is that I can't see any active threats on your machine.

If your not having any further issues with your machine, we can clean up the tools we have used.

Edited by seedy21, 03 March 2014 - 03:35 AM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#11 redbull666

redbull666
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney
  • Local time:01:20 PM

Posted 03 March 2014 - 04:37 AM

Yes , i am happy there is nothing found 

 

Thank you for all your help and running a few extra steps to make sure.

 

Yes we can probably move onto cleaning up 



#12 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:20 AM

Posted 03 March 2014 - 04:04 PM

Hi redbull666

If you have no further problems you can uninstall the tools we have used and follow this advice :-

Remove Tools Used :

 

Un-install Combofix

  • Click on Start, Run
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • CF-Uninstall.png


Clean up with Delfix

Download "Delfix by Xplode" and save it to your desktop.

  • Double Click to start the program
    If you are using Vista or higher, please right-click and choose run as administrator
    Make Sure the following items are checked:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click on " Run " and wait patiently until the tool have completed.

    The tool will create a log when it has completed. We don't need you to post this.
     
  • Clean up with TFC

    Please download TFC.exe - Temp File Cleaner by OldTimer:
    Alternate link: www.itxassociates.com/OT-Tools/TFC.exe
    • Save it to your Desktop.
    • Close any open windows, save your work.
    • Double click the TFC icon to run the program. ] (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process,
    • Allow TFC to run uninterrupted,
    • The program should not take long to finish its job.
    • Once it's finished, click OK to reboot.


    Turn On Automatic Updates:

    Turn On Automatic Updates

    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them


    Make your Internet Explorer more secure:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Under Security Level for this Zone make sure that you are set to Medium -High as seen in the image below:-

      IE10%20Rec%20Settings.jpg
    • Also verify that Enable Protected Mode is checked
    • Next press the Apply button and then the OK to exit the Internet Properties page.
    Finally I would highly advice you to read this topic Best Practices for Safe Computing - Tips to protect yourself against malware infection

    If you have any problems you know where we are :)

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#13 redbull666

redbull666
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney
  • Local time:01:20 PM

Posted 04 March 2014 - 06:22 AM

SpywareHammer

 

Ok , followed all the instructions, all good . 

 

Cant thank you enough, nice to hear  i had no major issues on my pc

 

As i said in the my initial post , ive been ratted before , and lost $40,000 because of it , lost all my accounts , emails ( went through 16 email accounts ) website ,and they were relentless and it  lasted for 8 months.  Absolutely destroyed my life. That`s  the only downside if you have a business on the internet or you need to be on the internet. 

If billion dollar companies cant protect themselves , not much you can do to stop someone if they have the skills and decide to target you.  

 

Anyway thanks again , because i still use my pc for simple things , but  ill stick with live Linux for sensitive stuff for the next few years.



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:20 PM

Posted 08 March 2014 - 01:15 PM

As the issue appears to be resolved, this Topic is closed. Should you need it reopened, please contact a Forum Moderator or member of the Malware Response Team. Include the address of this thread in your request. If you have a new issue, please start a New Topic. This applies only to the original poster. Everyone else please begin a New Topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users