Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Commerical-Like Audio Noises


  • This topic is locked This topic is locked
24 replies to this topic

#1 Psmellen

Psmellen

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 07 April 2014 - 05:12 PM

Hello, recently there have been random commerical-like audio noises that start playing. The sounds will start playing and then stop, then start again a few minutes later. The only other thing I know is that scvhost.exe shows some wierd usage in task manager when the sounds are going on.

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by User at 17:43:21 on 2014-04-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2811.1050 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\rundll32.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\windows\system32\SndVol.exe
C:\windows\system32\SndVol.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{797260EB-9BA6-4958-8CEC-4F6BECF6B6E7} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\b0u2xms0.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1109000.00C\symds64.sys [2012-1-2 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1109000.00C\symefa64.sys [2012-1-2 221304]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [2014-3-18 1525976]
R1 ccHP;Symantec Hash Provider;C:\windows\System32\drivers\NISx64\1109000.00C\cchpx64.sys [2012-1-2 593544]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20140404.001\IDSviA64.sys [2014-4-6 525016]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1109000.00C\ironx64.sys [2012-1-2 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\windows\System32\drivers\NISx64\1109000.00C\symtdiv.sys [2012-1-2 451704]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-5-17 202752]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe [2012-1-2 126400]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-5-17 115056]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-5-17 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-2-25 252928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-19 137648]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-2-22 75304]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-4-7 119512]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-5-17 35008]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\System32\drivers\rtl8192se.sys [2010-5-17 946688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 WsysSvc;Wsys Service;C:\ProgramData\eSafe\eGdpSvc.exe --> C:\ProgramData\eSafe\eGdpSvc.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-3-18 111616]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-5-17 239136]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-5-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-1-18 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-8-26 1255736]
.
=============== Created Last 30 ================
.
2014-04-07 20:59:13    119512    ----a-w-    C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-04-07 20:58:49    88280    ----a-w-    C:\windows\System32\drivers\mbamchameleon.sys
2014-04-07 20:58:49    63192    ----a-w-    C:\windows\System32\drivers\mwac.sys
2014-04-07 20:58:49    25816    ----a-w-    C:\windows\System32\drivers\mbam.sys
2014-04-07 20:58:49    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-04-07 20:58:49    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-06 17:44:03    --------    d-----w-    C:\Users\User\AppData\Roaming\Goblinz
2014-03-19 00:27:42    624128    ----a-w-    C:\windows\System32\qedit.dll
2014-03-19 00:27:42    509440    ----a-w-    C:\windows\SysWow64\qedit.dll
2014-03-19 00:27:41    1424384    ----a-w-    C:\windows\System32\WindowsCodecs.dll
2014-03-19 00:27:41    1230336    ----a-w-    C:\windows\SysWow64\WindowsCodecs.dll
.
==================== Find3M  ====================
.
2014-03-01 05:17:02    2724864    ----a-w-    C:\windows\System32\mshtml.tlb
2014-03-01 05:16:26    4096    ----a-w-    C:\windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55    66048    ----a-w-    C:\windows\System32\iesetup.dll
2014-03-01 04:51:59    48640    ----a-w-    C:\windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52    139264    ----a-w-    C:\windows\System32\ieUnatt.exe
2014-03-01 04:33:34    111616    ----a-w-    C:\windows\System32\ieetwcollector.exe
2014-03-01 04:32:59    708608    ----a-w-    C:\windows\System32\jscript9diag.dll
2014-03-01 04:23:49    940032    ----a-w-    C:\windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20    2724864    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33    5768704    ----a-w-    C:\windows\System32\jscript9.dll
2014-03-01 03:52:43    61952    ----a-w-    C:\windows\SysWow64\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    C:\windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    C:\windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35    553472    ----a-w-    C:\windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11    2041856    ----a-w-    C:\windows\System32\inetcpl.cpl
2014-03-01 03:14:15    4244480    ----a-w-    C:\windows\SysWow64\jscript9.dll
2014-03-01 03:10:28    2334208    ----a-w-    C:\windows\System32\wininet.dll
2014-03-01 03:00:08    1964032    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    C:\windows\SysWow64\wininet.dll
2014-02-18 12:48:31    692616    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2014-02-18 12:48:28    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-07 01:23:30    3156480    ----a-w-    C:\windows\System32\win32k.sys
2014-02-01 01:15:01    194048    ----a-w-    C:\windows\SysWow64\elshyph.dll
2014-01-29 02:32:18    484864    ----a-w-    C:\windows\System32\wer.dll
2014-01-29 02:06:47    381440    ----a-w-    C:\windows\SysWow64\wer.dll
2014-01-28 02:32:46    228864    ----a-w-    C:\windows\System32\wwansvc.dll
2014-01-27 17:25:50    96168    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-27 17:24:12    108968    ----a-w-    C:\windows\System32\WindowsAccessBridge-64.dll
2014-01-19 01:29:48    152576    ----a-w-    C:\windows\SysWow64\msclmd.dll
2014-01-19 01:29:47    175616    ----a-w-    C:\windows\System32\msclmd.dll
.
============= FINISH: 17:45:14.83 ===============
 

Attached Files


Edited by Psmellen, 07 April 2014 - 05:19 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 PM

Posted 08 April 2014 - 08:08 AM




Hello Psmellen,

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Psmellen

Psmellen
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 08 April 2014 - 09:40 AM

1)
I have run Malwarebytes Anti-Rootkit and the scan resulted in no malicious items detected. I then restarted the computer and the audio problem has not been resolved. I am still receiving commercial-like audio every few minutes.

2)

8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

  • Internet access

I have no problems connecting and accessing the Internet. I am using Firefox.

 

8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

  • Windows Update


Windows update scans and finds that there are a few updates to be installed. I have not installed them. Should I wait for the all clear before installing them or install them now?

 

8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

  • Windows Firewall


I have Norton's firewall enabled and it looks to be working fine.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 PM

Posted 08 April 2014 - 10:46 AM


Hello Psmellen



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Psmellen

Psmellen
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 08 April 2014 - 04:50 PM

I have used the Farbar program.

FRST.txt

--

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by User (administrator) on USER-PC on 08-04-2014 17:34:17
Running from C:\Users\User\Desktop\Search\farbar
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\windows\system32\taskmgr.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [X]
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [517176 2010-01-29] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\windows\System32\SPReview\SPReview.exe [301568 2014-01-18] (Microsoft Corporation)
HKU\S-1-5-21-3943411643-576806911-4176272337-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-23] (Google Inc.)
HKU\S-1-5-21-3943411643-576806911-4176272337-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20728480 2014-01-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3943411643-576806911-4176272337-1000\...\MountPoints2: {a8d1fc11-421f-11e3-a8ad-c80aa98d27ec} - E:\VZW_Software_upgrade_assistant.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
SearchScopes: HKLM - DefaultScope {5CFDF850-F103-4082-9145-AF3680F0B05E} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azyzz0DtByB0E0C0EtCyE0CtN0D0Tzu0CyCyCtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=319024790&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {44867F8B-2191-CB05-9EE8-0E7A3A526A12} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM - {5CFDF850-F103-4082-9145-AF3680F0B05E} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azyzz0DtByB0E0C0EtCyE0CtN0D0Tzu0CyCyCtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=319024790&ir=
SearchScopes: HKLM-x32 - DefaultScope {C671B844-95C4-49EC-9146-FF6D20503DA1} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azyzz0DtByB0E0C0EtCyE0CtN0D0Tzu0CyCyCtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=319024790&ir=
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {5B9D5810-700F-9217-5676-2FB1E7073BAA} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 - {C671B844-95C4-49EC-9146-FF6D20503DA1} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azyzz0DtByB0E0C0EtCyE0CtN0D0Tzu0CyCyCtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=319024790&ir=
SearchScopes: HKCU - DefaultScope {C671B844-95C4-49EC-9146-FF6D20503DA1} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_en___US394
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azyzz0DtByB0E0C0EtCyE0CtN0D0Tzu0CyCyCtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=319024790&ir=
SearchScopes: HKCU - {44867F8B-2191-CB05-9EE8-0E7A3A526A12} URL =
SearchScopes: HKCU - {5CFDF850-F103-4082-9145-AF3680F0B05E} URL =
SearchScopes: HKCU - {C671B844-95C4-49EC-9146-FF6D20503DA1} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_en___US394
SearchScopes: HKCU - {EDAC2E86-8F83-4721-AF40-A6EF7A07B0B1} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\b0u2xms0.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\b0u2xms0.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-30]
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\b0u2xms0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-30]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\b0u2xms0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\
FF Extension: Norton IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn_2010_9_0_6
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn_2010_9_0_6 [2014-04-08]

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-24]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-24]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-24]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-24]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-24]
CHR Extension: (MySearchDial) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff [2013-10-24]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-24]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\USER~1\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013-10-24]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\USER~1\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013-10-24]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\USER~1\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013-10-24]

==================== Services (Whitelisted) =================

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [126400 2011-08-04] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [115056 2010-11-25] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [X]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-18] (Symantec Corporation)
R1 ccHP; C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [593544 2011-08-04] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-19] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20140405.001\IDSvia64.sys [525016 2014-03-21] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20140408.008\ENG64.SYS [126040 2014-01-14] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20140408.008\EX64.SYS [2099288 2014-01-14] (Symantec Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMDS64.SYS [433200 2009-10-14] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-08-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [150064 2010-04-29] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-08 09:28 - 2014-04-08 10:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-08 09:17 - 2014-04-08 17:09 - 00000000 ____D () C:\Users\User\Desktop\Search
2014-04-08 09:03 - 2014-04-08 17:34 - 00000000 ____D () C:\FRST
2014-04-07 17:16 - 2014-04-07 17:16 - 00007605 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2014-04-07 17:11 - 2014-04-07 17:11 - 00000000 ____D () C:\Users\User\Desktop\ProcessExplorer
2014-04-07 16:59 - 2014-04-08 09:28 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 16:58 - 2014-04-08 09:27 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-07 16:58 - 2014-04-07 16:58 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-07 16:58 - 2014-04-07 16:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 16:58 - 2014-04-07 16:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-07 16:58 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-07 16:58 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-07 10:41 - 2014-04-08 17:16 - 00000083 _____ () C:\windows\system32\upgn.ayv
2014-04-07 10:29 - 2014-04-07 10:29 - 00000064 _____ () C:\windows\system32\grhbs.yfd
2014-04-07 10:29 - 2014-04-07 10:29 - 00000000 _____ () C:\windows\system32\zgpc.oon
2014-04-06 20:05 - 2014-04-06 20:05 - 00305834 ____S () C:\windows\system32\bijk.jil
2014-04-06 13:44 - 2014-04-06 13:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Goblinz
2014-04-06 13:43 - 2014-04-06 13:43 - 00001282 _____ () C:\Users\Public\Desktop\More Great Games.lnk
2014-03-18 20:28 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-18 20:28 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-18 20:28 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-18 20:28 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-18 20:28 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-18 20:28 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-18 20:28 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-18 20:28 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-18 20:28 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-18 20:28 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-18 20:28 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-18 20:28 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-18 20:28 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-18 20:28 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-18 20:28 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-18 20:28 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-18 20:28 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-18 20:28 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-18 20:28 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-18 20:28 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-18 20:28 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-18 20:28 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-18 20:28 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-18 20:28 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-18 20:28 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-18 20:28 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-18 20:28 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-18 20:28 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-18 20:28 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-18 20:28 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-18 20:28 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-18 20:28 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-18 20:28 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-18 20:28 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-18 20:28 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-18 20:28 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-18 20:28 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-18 20:28 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-18 20:28 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-18 20:28 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-18 20:28 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-18 20:28 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-18 20:28 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-18 20:28 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-18 20:27 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-18 20:27 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-18 20:27 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-18 20:27 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-18 16:20 - 2014-03-18 16:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-08 17:34 - 2014-04-08 09:03 - 00000000 ____D () C:\FRST
2014-04-08 17:34 - 2010-05-17 10:17 - 01927533 _____ () C:\windows\WindowsUpdate.log
2014-04-08 17:29 - 2014-02-18 08:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-04-08 17:16 - 2014-04-07 10:41 - 00000083 _____ () C:\windows\system32\upgn.ayv
2014-04-08 17:13 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-08 17:13 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-08 17:09 - 2014-04-08 09:17 - 00000000 ____D () C:\Users\User\Desktop\Search
2014-04-08 17:05 - 2010-08-27 20:52 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 17:05 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-08 17:05 - 2009-07-14 00:51 - 00038447 _____ () C:\windows\setupact.log
2014-04-08 10:18 - 2014-04-08 09:28 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-08 09:47 - 2010-08-27 20:52 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-08 09:28 - 2014-04-07 16:59 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 09:27 - 2014-04-07 16:58 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-07 17:25 - 2009-07-14 01:13 - 00794898 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-07 17:16 - 2014-04-07 17:16 - 00007605 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2014-04-07 17:11 - 2014-04-07 17:11 - 00000000 ____D () C:\Users\User\Desktop\ProcessExplorer
2014-04-07 16:58 - 2014-04-07 16:58 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-07 16:58 - 2014-04-07 16:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 16:58 - 2014-04-07 16:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-07 12:06 - 2009-07-14 03:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-07 10:37 - 2010-05-17 10:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-04-07 10:29 - 2014-04-07 10:29 - 00000064 _____ () C:\windows\system32\grhbs.yfd
2014-04-07 10:29 - 2014-04-07 10:29 - 00000000 _____ () C:\windows\system32\zgpc.oon
2014-04-06 20:05 - 2014-04-06 20:05 - 00305834 ____S () C:\windows\system32\bijk.jil
2014-04-06 20:05 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\sysprep
2014-04-06 13:44 - 2014-04-06 13:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Goblinz
2014-04-06 13:43 - 2014-04-06 13:43 - 00001282 _____ () C:\Users\Public\Desktop\More Great Games.lnk
2014-04-06 13:35 - 2013-10-13 19:11 - 00000000 ____D () C:\BigFishCache
2014-04-03 17:42 - 2010-08-27 20:52 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-03 17:42 - 2010-08-27 20:52 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-03 09:51 - 2014-04-07 16:58 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-07 16:58 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-26 21:25 - 2009-07-14 00:45 - 00426840 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-22 06:01 - 2014-01-30 08:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-22 06:01 - 2014-01-14 21:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-22 06:01 - 2014-01-14 21:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-18 21:16 - 2014-02-19 04:13 - 00000000 ____D () C:\windows\system32\MRT
2014-03-18 21:11 - 2014-02-19 04:13 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-18 21:11 - 2010-05-17 10:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-18 16:20 - 2014-03-18 16:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-18 15:42 - 2013-10-24 23:02 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\36535uninstall.exe
C:\Users\User\AppData\Local\Temp\BackupSetup.exe
C:\Users\User\AppData\Local\Temp\bfguni.exe
C:\Users\User\AppData\Local\Temp\mgsqlite3.dll
C:\Users\User\AppData\Local\Temp\nsd51B3.exe
C:\Users\User\AppData\Local\Temp\nsd768B.exe
C:\Users\User\AppData\Local\Temp\nsi4D8D.exe
C:\Users\User\AppData\Local\Temp\nsiD975.exe
C:\Users\User\AppData\Local\Temp\nsiDD6C.exe
C:\Users\User\AppData\Local\Temp\RegClean8.exe
C:\Users\User\AppData\Local\Temp\Shortcut_IMsetup.exe
C:\Users\User\AppData\Local\Temp\Sqlite3.dll
C:\Users\User\AppData\Local\Temp\SweetIMInstallValidator.exe
C:\Users\User\AppData\Local\Temp\vW7S3WsH[1].exe
C:\Users\User\AppData\Local\Temp\WSSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2014-01-18 09:59] - [2010-11-20 09:27] - 0520192 ____A (Microsoft Corporation) C74D84D9A82C526E749B1208BE403E6E

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 20:43

==================== End Of Log ============================

Attached Files



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 PM

Posted 09 April 2014 - 07:39 AM


Hello Psmellen

Ok lets see if we can find a replacement for the infected file

run FRST like you did before

Type the following in the edit box after "Search:".

rpcss.dll

It then should look like:

Search: rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Psmellen

Psmellen
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 09 April 2014 - 09:20 AM

I ran the scan and here is the log.

Search.txt

--

Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by User at 2014-04-09 10:08:39
Running from C:\Users\User\Desktop\Search\farbar
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2014-01-18 09:59] - [2010-11-20 09:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 20:00] - [2009-07-13 21:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

C:\Windows\System32\rpcss.dll
[2014-01-18 09:59] - [2010-11-20 09:27] - 0520192 ____A (Microsoft Corporation) C74D84D9A82C526E749B1208BE403E6E

====== End Of Search ======

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 PM

Posted 09 April 2014 - 09:33 PM

Hello Psmellen



I need you to download this script I have made for you --> Attached File  fixlist.txt   2.59KB   4 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Psmellen

Psmellen
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 10 April 2014 - 06:59 AM

Since I have run the fix I have not experienced any symptions (commercial-like audio).

Fixlog.txt

--

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by User at 2014-04-10 07:23:46 Run:1
Running from C:\Users\User\Desktop\Search\farbar
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
SearchScopes: HKLM - DefaultScope {5CFDF850-F103-4082-9145-AF3680F0B05E} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azyzz0DtByB0E0C0EtCyE0CtN0D0Tzu0CyCyCtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=319024790&ir=
SearchScopes: HKLM - {5CFDF850-F103-4082-9145-AF3680F0B05E} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azyzz0DtByB0E0C0EtCyE0CtN0D0Tzu0CyCyCtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=319024790&ir=
SearchScopes: HKLM-x32 - DefaultScope {C671B844-95C4-49EC-9146-FF6D20503DA1} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azyzz0DtByB0E0C0EtCyE0CtN0D0Tzu0CyCyCtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=319024790&ir=
SearchScopes: HKLM-x32 - {C671B844-95C4-49EC-9146-FF6D20503DA1} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azyzz0DtByB0E0C0EtCyE0CtN0D0Tzu0CyCyCtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=319024790&ir=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azyzz0DtByB0E0C0EtCyE0CtN0D0Tzu0CyCyCtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=319024790&ir=
2014-04-07 10:41 - 2014-04-08 17:16 - 00000083 _____ () C:\windows\system32\upgn.ayv
2014-04-07 10:29 - 2014-04-07 10:29 - 00000064 _____ () C:\windows\system32\grhbs.yfd
2014-04-07 10:29 - 2014-04-07 10:29 - 00000000 _____ () C:\windows\system32\zgpc.oon
2014-04-06 20:05 - 2014-04-06 20:05 - 00305834 ____S () C:\windows\system32\bijk.jil
C:\Users\User\AppData\Local\Temp\36535uninstall.exe
C:\Users\User\AppData\Local\Temp\BackupSetup.exe
C:\Users\User\AppData\Local\Temp\bfguni.exe
C:\Users\User\AppData\Local\Temp\mgsqlite3.dll
C:\Users\User\AppData\Local\Temp\nsd51B3.exe
C:\Users\User\AppData\Local\Temp\nsd768B.exe
C:\Users\User\AppData\Local\Temp\nsi4D8D.exe
C:\Users\User\AppData\Local\Temp\nsiD975.exe
C:\Users\User\AppData\Local\Temp\nsiDD6C.exe
C:\Users\User\AppData\Local\Temp\RegClean8.exe
C:\Users\User\AppData\Local\Temp\Shortcut_IMsetup.exe
C:\Users\User\AppData\Local\Temp\Sqlite3.dll
C:\Users\User\AppData\Local\Temp\SweetIMInstallValidator.exe
C:\Users\User\AppData\Local\Temp\vW7S3WsH[1].exe
C:\Users\User\AppData\Local\Temp\WSSetup.exe


*****************

C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5CFDF850-F103-4082-9145-AF3680F0B05E} => Key deleted successfully.
HKCR\CLSID\{5CFDF850-F103-4082-9145-AF3680F0B05E} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{C671B844-95C4-49EC-9146-FF6D20503DA1} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C671B844-95C4-49EC-9146-FF6D20503DA1} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
C:\windows\system32\upgn.ayv => Moved successfully.
C:\windows\system32\grhbs.yfd => Moved successfully.
Could not move "C:\windows\system32\zgpc.oon" => Scheduled to move on reboot.
Could not move "C:\windows\system32\bijk.jil" => Scheduled to move on reboot.
C:\Users\User\AppData\Local\Temp\36535uninstall.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\bfguni.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\mgsqlite3.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\nsd51B3.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\nsd768B.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\nsi4D8D.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\nsiD975.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\nsiDD6C.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\RegClean8.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\Shortcut_IMsetup.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\Sqlite3.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\SweetIMInstallValidator.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\vW7S3WsH[1].exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\WSSetup.exe => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-10 07:26:13)<=

C:\windows\system32\zgpc.oon => Is moved successfully.
C:\windows\system32\bijk.jil => Is moved successfully.

==== End of Fixlog ====

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 PM

Posted 10 April 2014 - 07:19 AM



Hello Psmellen

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Psmellen

Psmellen
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 11 April 2014 - 08:37 AM

Thank you, everything is running well and I have not experienced any abnormal behavior.

AdwCleaner[S0].txt

--

# AdwCleaner v3.023 - Report created 11/04/2014 at 08:18:15
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\Search\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : WsysSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Common Files\337
Folder Deleted : C:\Users\USER~1\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\USER~1\AppData\Local\Temp\Desk365
Folder Deleted : C:\Users\User\AppData\LocalLow\Mysearchdial
Folder Deleted : C:\Users\User\AppData\Roaming\Mysearchdial
Folder Deleted : C:\Users\User\AppData\Roaming\Systweak
Folder Deleted : C:\Users\User\Documents\Optimizer Pro
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\Users\User\AppData\Local\mysearchdial_speedial_v9.0.2.crx
File Deleted : C:\windows\System32\Tasks\Desk 365 RunAsStdUser

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Plus-HD-1.6
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Desksvc
Key Deleted : HKLM\Software\eSafeSecControl
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\mysearchdial
Key Deleted : HKLM\Software\Plus-HD-1.6
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\V9
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\b0u2xms0.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5086 octets] - [11/04/2014 08:17:00]
AdwCleaner[S0].txt - [4981 octets] - [11/04/2014 08:18:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5041 octets] ##########


JRT.txt

--

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on Fri 04/11/2014 at 8:55:05.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetiminstallvalidator_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetiminstallvalidator_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsSay-16-codedownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsSay-16-codedownloader_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsSay-16-codedownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsSay-16-codedownloader_RASMANCS



~~~ Files

Successfully deleted: [File] "C:\Users\User\appdata\locallow\SkwConfig.bin"



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\bigfishcache"



~~~ FireFox

Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\b0u2xms0.default\minidumps [1 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/11/2014 at 9:06:06.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 PM

Posted 11 April 2014 - 07:45 PM


Hello Psmellen

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Psmellen

Psmellen
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 13 April 2014 - 11:09 AM

There were no problems running ComboFix. Additionally, the computer is working normally with no unintended behaviors.

ComboFix.txt

--

ComboFix 14-04-12.01 - User 04/13/2014 7:28.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1738 [GMT -4:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\glindorus_iels
.
.
((((((((((((((((((((((((( Files Created from 2014-03-13 to 2014-04-13 )))))))))))))))))))))))))))))))
.
.
2014-04-13 11:39 . 2014-04-13 11:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-11 12:55 . 2014-04-11 12:55 -------- d-----w- c:\windows\ERUNT
2014-04-11 12:16 . 2014-04-11 12:30 -------- d-----w- C:\AdwCleaner
2014-04-10 11:41 . 2014-03-31 01:16 23134208 ----a-w- c:\windows\system32\mshtml.dll
2014-04-10 11:41 . 2014-03-31 01:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-10 11:41 . 2014-03-31 00:13 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-04-10 11:38 . 2014-01-24 02:37 1684928 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-08 13:28 . 2014-04-08 14:18 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-04-08 13:03 . 2014-04-10 11:26 -------- d-----w- C:\FRST
2014-04-07 20:59 . 2014-04-08 13:28 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-07 20:58 . 2014-04-08 13:27 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-07 20:58 . 2014-04-07 20:58 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-07 20:58 . 2014-04-07 20:58 -------- d-----w- c:\programdata\Malwarebytes
2014-04-07 20:58 . 2014-04-03 13:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-07 20:58 . 2014-04-03 13:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-06 17:44 . 2014-04-06 17:44 -------- d-----w- c:\users\User\AppData\Roaming\Goblinz
2014-03-19 00:27 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-19 00:27 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-19 00:27 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-19 00:27 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-11 10:37 . 2014-02-19 08:13 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-04 09:17 . 2014-04-10 11:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-18 12:48 . 2013-10-18 17:45 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-18 12:48 . 2013-10-18 17:45 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-01 01:15 . 2014-02-01 01:15 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-02-01 01:14 . 2014-02-01 01:14 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-02-01 01:14 . 2014-02-01 01:14 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-02-01 01:14 . 2014-02-01 01:14 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-02-01 01:14 . 2014-02-01 01:14 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-02-01 01:14 . 2014-02-01 01:14 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-02-01 01:14 . 2014-02-01 01:14 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-02-01 01:14 . 2014-02-01 01:14 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-02-01 01:14 . 2014-02-01 01:14 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-02-01 01:14 . 2014-02-01 01:14 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-02-01 01:14 . 2014-02-01 01:14 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-02-01 01:14 . 2014-02-01 01:14 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-02-01 01:14 . 2014-02-01 01:14 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-02-01 01:14 . 2014-02-01 01:14 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-02-01 01:14 . 2014-02-01 01:14 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-02-01 01:14 . 2014-02-01 01:14 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-02-01 01:14 . 2014-02-01 01:14 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-02-01 01:14 . 2014-02-01 01:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-02-01 01:14 . 2014-02-01 01:14 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-02-01 01:14 . 2014-02-01 01:14 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-02-01 01:14 . 2014-02-01 01:14 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-02-01 01:14 . 2014-02-01 01:14 247808 ----a-w- c:\windows\system32\msls31.dll
2014-02-01 01:14 . 2014-02-01 01:14 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-02-01 01:14 . 2014-02-01 01:14 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-02-01 01:14 . 2014-02-01 01:14 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-02-01 01:14 . 2014-02-01 01:14 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-02-01 01:14 . 2014-02-01 01:14 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-02-01 01:14 . 2014-02-01 01:14 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-02-01 01:14 . 2014-02-01 01:14 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-02-01 01:14 . 2014-02-01 01:14 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-02-01 01:14 . 2014-02-01 01:14 413696 ----a-w- c:\windows\system32\html.iec
2014-02-01 01:14 . 2014-02-01 01:14 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-02-01 01:14 . 2014-02-01 01:14 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-02-01 01:14 . 2014-02-01 01:14 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-02-01 01:14 . 2014-02-01 01:14 81408 ----a-w- c:\windows\system32\icardie.dll
2014-02-01 01:14 . 2014-02-01 01:14 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-02-01 01:14 . 2014-02-01 01:14 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-01 01:14 . 2014-02-01 01:14 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-02-01 01:14 . 2014-02-01 01:14 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-02-01 01:14 . 2014-02-01 01:14 235520 ----a-w- c:\windows\system32\url.dll
2014-02-01 01:14 . 2014-02-01 01:14 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-02-01 01:14 . 2014-02-01 01:14 101376 ----a-w- c:\windows\system32\inseng.dll
2014-02-01 01:14 . 2014-02-01 01:14 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-02-01 01:14 . 2014-02-01 01:14 143872 ----a-w- c:\windows\system32\wextract.exe
2014-02-01 01:14 . 2014-02-01 01:14 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-02-01 01:14 . 2014-02-01 01:14 147968 ----a-w- c:\windows\system32\occache.dll
2014-02-01 01:14 . 2014-02-01 01:14 13824 ----a-w- c:\windows\system32\mshta.exe
2014-02-01 01:14 . 2014-02-01 01:14 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-02-01 01:14 . 2014-02-01 01:14 774144 ----a-w- c:\windows\system32\jscript.dll
2014-02-01 01:14 . 2014-02-01 01:14 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-02-01 01:14 . 2014-02-01 01:14 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-01-27 17:25 . 2014-01-27 17:26 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-27 17:24 . 2014-01-27 17:24 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-01-27 17:24 . 2014-01-27 17:24 312744 ----a-w- c:\windows\system32\javaws.exe
2014-01-27 17:24 . 2014-01-27 17:24 189352 ----a-w- c:\windows\system32\javaw.exe
2014-01-27 17:24 . 2014-01-27 17:24 189352 ----a-w- c:\windows\system32\java.exe
2014-01-21 02:39 . 2014-01-21 02:39 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-01-21 02:39 . 2014-01-21 02:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-01-21 02:39 . 2014-01-21 02:39 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2014-01-21 02:39 . 2014-01-21 02:39 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-01-21 02:39 . 2014-01-21 02:39 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-01-21 02:39 . 2014-01-21 02:39 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-01-21 02:39 . 2014-01-21 02:39 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-01-21 02:39 . 2014-01-21 02:39 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-01-21 02:39 . 2014-01-21 02:39 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-01-21 02:39 . 2014-01-21 02:39 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-01-21 02:39 . 2014-01-21 02:39 1175552 ----a-w- c:\windows\system32\FntCache.dll
2014-01-21 02:39 . 2014-01-21 02:39 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2014-01-21 02:39 . 2014-01-21 02:39 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-01-21 02:39 . 2014-01-21 02:39 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-01-21 02:39 . 2014-01-21 02:39 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-01-21 02:39 . 2014-01-21 02:39 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-01-21 02:39 . 2014-01-21 02:39 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-01-21 02:39 . 2014-01-21 02:39 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-01-21 02:39 . 2014-01-21 02:39 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-01-21 02:39 . 2014-01-21 02:39 1643520 ----a-w- c:\windows\system32\DWrite.dll
2014-01-21 02:39 . 2014-01-21 02:39 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2014-01-21 02:39 . 2014-01-21 02:39 1238528 ----a-w- c:\windows\system32\d3d10.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-24 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-01-14 20728480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1109000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1109000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20140319.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1109000.00C\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20140410.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20140410.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1109000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [x]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-11 16:45 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 00:52]
.
2014-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 00:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-01-29 517176]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\b0u2xms0.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
SafeBoot-89998613.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-13 11:07:12
ComboFix-quarantined-files.txt 2014-04-13 15:07
.
Pre-Run: 183,695,224,832 bytes free
Post-Run: 185,820,524,544 bytes free
.
- - End Of File - - AFB1C2CDA302E14265242C955478208A
5B5E648D12FCADC244C1EC30318E1EB9

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 PM

Posted 13 April 2014 - 12:09 PM


Hello Psmellen

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Psmellen

Psmellen
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 14 April 2014 - 03:47 PM

The scan ran fine. I have not noticed any abnormal behavior with the computer.

ComboFix.txt

--

ComboFix 14-04-12.01 - User 04/13/2014 17:47:09.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1483 [GMT -4:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-03-13 to 2014-04-13 )))))))))))))))))))))))))))))))
.
.
2014-04-13 23:32 . 2014-04-13 23:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-13 23:32 . 2014-04-13 23:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-04-11 12:55 . 2014-04-11 12:55 -------- d-----w- c:\windows\ERUNT
2014-04-11 12:16 . 2014-04-11 12:30 -------- d-----w- C:\AdwCleaner
2014-04-10 11:41 . 2014-03-31 01:16 23134208 ----a-w- c:\windows\system32\mshtml.dll
2014-04-10 11:41 . 2014-03-31 01:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-10 11:41 . 2014-03-31 00:13 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-04-10 11:38 . 2014-01-24 02:37 1684928 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-08 13:28 . 2014-04-08 14:18 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-04-08 13:03 . 2014-04-10 11:26 -------- d-----w- C:\FRST
2014-04-07 20:59 . 2014-04-08 13:28 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-07 20:58 . 2014-04-08 13:27 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-07 20:58 . 2014-04-07 20:58 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-07 20:58 . 2014-04-07 20:58 -------- d-----w- c:\programdata\Malwarebytes
2014-04-07 20:58 . 2014-04-03 13:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-07 20:58 . 2014-04-03 13:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-06 17:44 . 2014-04-06 17:44 -------- d-----w- c:\users\User\AppData\Roaming\Goblinz
2014-03-19 00:27 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-19 00:27 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-19 00:27 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-19 00:27 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-11 10:37 . 2014-02-19 08:13 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-04 09:17 . 2014-04-10 11:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-18 12:48 . 2013-10-18 17:45 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-18 12:48 . 2013-10-18 17:45 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-01 01:15 . 2014-02-01 01:15 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-02-01 01:14 . 2014-02-01 01:14 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-02-01 01:14 . 2014-02-01 01:14 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-02-01 01:14 . 2014-02-01 01:14 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-02-01 01:14 . 2014-02-01 01:14 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-02-01 01:14 . 2014-02-01 01:14 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-02-01 01:14 . 2014-02-01 01:14 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-02-01 01:14 . 2014-02-01 01:14 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-02-01 01:14 . 2014-02-01 01:14 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-02-01 01:14 . 2014-02-01 01:14 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-02-01 01:14 . 2014-02-01 01:14 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-02-01 01:14 . 2014-02-01 01:14 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-02-01 01:14 . 2014-02-01 01:14 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-02-01 01:14 . 2014-02-01 01:14 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-02-01 01:14 . 2014-02-01 01:14 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-02-01 01:14 . 2014-02-01 01:14 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-02-01 01:14 . 2014-02-01 01:14 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-02-01 01:14 . 2014-02-01 01:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-02-01 01:14 . 2014-02-01 01:14 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-02-01 01:14 . 2014-02-01 01:14 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-02-01 01:14 . 2014-02-01 01:14 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-02-01 01:14 . 2014-02-01 01:14 247808 ----a-w- c:\windows\system32\msls31.dll
2014-02-01 01:14 . 2014-02-01 01:14 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-02-01 01:14 . 2014-02-01 01:14 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-02-01 01:14 . 2014-02-01 01:14 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-02-01 01:14 . 2014-02-01 01:14 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-02-01 01:14 . 2014-02-01 01:14 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-02-01 01:14 . 2014-02-01 01:14 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-02-01 01:14 . 2014-02-01 01:14 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-02-01 01:14 . 2014-02-01 01:14 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-02-01 01:14 . 2014-02-01 01:14 413696 ----a-w- c:\windows\system32\html.iec
2014-02-01 01:14 . 2014-02-01 01:14 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-02-01 01:14 . 2014-02-01 01:14 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-02-01 01:14 . 2014-02-01 01:14 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-02-01 01:14 . 2014-02-01 01:14 81408 ----a-w- c:\windows\system32\icardie.dll
2014-02-01 01:14 . 2014-02-01 01:14 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-02-01 01:14 . 2014-02-01 01:14 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-01 01:14 . 2014-02-01 01:14 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-02-01 01:14 . 2014-02-01 01:14 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-02-01 01:14 . 2014-02-01 01:14 235520 ----a-w- c:\windows\system32\url.dll
2014-02-01 01:14 . 2014-02-01 01:14 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-02-01 01:14 . 2014-02-01 01:14 101376 ----a-w- c:\windows\system32\inseng.dll
2014-02-01 01:14 . 2014-02-01 01:14 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-02-01 01:14 . 2014-02-01 01:14 143872 ----a-w- c:\windows\system32\wextract.exe
2014-02-01 01:14 . 2014-02-01 01:14 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-02-01 01:14 . 2014-02-01 01:14 147968 ----a-w- c:\windows\system32\occache.dll
2014-02-01 01:14 . 2014-02-01 01:14 13824 ----a-w- c:\windows\system32\mshta.exe
2014-02-01 01:14 . 2014-02-01 01:14 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-02-01 01:14 . 2014-02-01 01:14 774144 ----a-w- c:\windows\system32\jscript.dll
2014-02-01 01:14 . 2014-02-01 01:14 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-02-01 01:14 . 2014-02-01 01:14 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-01-27 17:25 . 2014-01-27 17:26 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-27 17:24 . 2014-01-27 17:24 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-01-27 17:24 . 2014-01-27 17:24 312744 ----a-w- c:\windows\system32\javaws.exe
2014-01-27 17:24 . 2014-01-27 17:24 189352 ----a-w- c:\windows\system32\javaw.exe
2014-01-27 17:24 . 2014-01-27 17:24 189352 ----a-w- c:\windows\system32\java.exe
2014-01-21 02:39 . 2014-01-21 02:39 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-01-21 02:39 . 2014-01-21 02:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-01-21 02:39 . 2014-01-21 02:39 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2014-01-21 02:39 . 2014-01-21 02:39 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-01-21 02:39 . 2014-01-21 02:39 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-01-21 02:39 . 2014-01-21 02:39 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-01-21 02:39 . 2014-01-21 02:39 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-01-21 02:39 . 2014-01-21 02:39 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-01-21 02:39 . 2014-01-21 02:39 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-01-21 02:39 . 2014-01-21 02:39 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-01-21 02:39 . 2014-01-21 02:39 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-01-21 02:39 . 2014-01-21 02:39 1175552 ----a-w- c:\windows\system32\FntCache.dll
2014-01-21 02:39 . 2014-01-21 02:39 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2014-01-21 02:39 . 2014-01-21 02:39 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-01-21 02:39 . 2014-01-21 02:39 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-01-21 02:39 . 2014-01-21 02:39 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-01-21 02:39 . 2014-01-21 02:39 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-01-21 02:39 . 2014-01-21 02:39 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-01-21 02:39 . 2014-01-21 02:39 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-01-21 02:39 . 2014-01-21 02:39 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-01-21 02:39 . 2014-01-21 02:39 1643520 ----a-w- c:\windows\system32\DWrite.dll
2014-01-21 02:39 . 2014-01-21 02:39 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2014-01-21 02:39 . 2014-01-21 02:39 1238528 ----a-w- c:\windows\system32\d3d10.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-24 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-01-14 20728480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1109000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1109000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20140319.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1109000.00C\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20140411.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20140411.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1109000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [x]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-11 16:45 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 00:52]
.
2014-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 00:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-01-29 517176]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\b0u2xms0.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-13 19:35:47
ComboFix-quarantined-files.txt 2014-04-13 23:35
.
Pre-Run: 185,631,346,688 bytes free
Post-Run: 185,567,420,416 bytes free
.
- - End Of File - - 5EAA116465D258D5D0EE3D5627666CA5
5B5E648D12FCADC244C1EC30318E1EB9




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users