Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My ComboFix report


  • This topic is locked This topic is locked
2 replies to this topic

#1 bluflaggz

bluflaggz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 09 May 2014 - 06:13 AM

I ran the report and every time I log in the computer my virus scanner detects a Trojan in what seems to be in different areas on my C: I attached the combofix report and would like to know if anyone can make sense of it.

 

ComboFix 14-05-07.03 - owner 05/08/2014  23:41:20.2.6 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4095.3235 [GMT -4:00]
Running from: c:\versalsoft\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Search Toolbar
c:\programdata\1358769775c485b6
c:\programdata\1358769775c485b6\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
c:\programdata\1358769775c485b6\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.old
c:\programdata\1358769775c485b6\{CA41BB14-E67B-1653-C57B-5CA99418A866}
c:\programdata\1358769775c485b6\{CA41BB14-E67B-1653-C57B-5CA99418A866}.old
c:\programdata\1358769775c485b6\{E32743D3-5789-6E4F-3998-06FB87C9214B}
c:\programdata\Microsoft\Windows\DRM\AED2.tmp
c:\programdata\Microsoft\Windows\DRM\AED3.tmp
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\icon48.png
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\uvz.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\sXriBT9.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\zFA2Rjp.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\icon48.png
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\uvz.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\sXriBT9.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\zFA2Rjp.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\icon48.png
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\uvz.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\sXriBT9.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\zFA2Rjp.js
c:\users\owner\AppData\Local\assembly\tmp
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\background.html
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\content.js
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\icon48.png
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\lsdb.js
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\manifest.json
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\uvz.js
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\background.html
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\content.js
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\lsdb.js
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\manifest.json
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\sXriBT9.js
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\background.html
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\content.js
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\lsdb.js
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\manifest.json
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\zFA2Rjp.js
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\endhmjbpgoijogbgaafpjhkkckgbooad
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\endhmjbpgoijogbgaafpjhkkckgbooad\000062.ldb
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\endhmjbpgoijogbgaafpjhkkckgbooad\000064.ldb
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\endhmjbpgoijogbgaafpjhkkckgbooad\000065.log
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\endhmjbpgoijogbgaafpjhkkckgbooad\CURRENT
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\endhmjbpgoijogbgaafpjhkkckgbooad\LOCK
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\endhmjbpgoijogbgaafpjhkkckgbooad\LOG
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\endhmjbpgoijogbgaafpjhkkckgbooad\LOG.old
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\endhmjbpgoijogbgaafpjhkkckgbooad\MANIFEST-000063
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\faminmiieggdbjnhannnffepgmcnflid
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\faminmiieggdbjnhannnffepgmcnflid\000037.ldb
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\faminmiieggdbjnhannnffepgmcnflid\000043.ldb
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\faminmiieggdbjnhannnffepgmcnflid\000048.ldb
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\faminmiieggdbjnhannnffepgmcnflid\000049.log
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\faminmiieggdbjnhannnffepgmcnflid\CURRENT
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\faminmiieggdbjnhannnffepgmcnflid\LOCK
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\faminmiieggdbjnhannnffepgmcnflid\LOG
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\faminmiieggdbjnhannnffepgmcnflid\LOG.old
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\faminmiieggdbjnhannnffepgmcnflid\MANIFEST-000047
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_endhmjbpgoijogbgaafpjhkkckgbooad_0.localstorage-journal
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_endhmjbpgoijogbgaafpjhkkckgbooad_0.localstorage
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_faminmiieggdbjnhannnffepgmcnflid_0.localstorage-journal
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_faminmiieggdbjnhannnffepgmcnflid_0.localstorage
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
c:\users\owner\AppData\Roaming\SearchProtect
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\icon48.png
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemecagepebocggklbbohpleciafcgai\1.1\uvz.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\endhmjbpgoijogbgaafpjhkkckgbooad\1.0\sXriBT9.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminmiieggdbjnhannnffepgmcnflid\2.7\zFA2Rjp.js
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-09 to 2014-05-09  )))))))))))))))))))))))))))))))
.
.
2014-05-09 04:34 . 2014-05-09 04:34    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2014-05-09 04:34 . 2014-05-09 04:34    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-05-06 16:56 . 2014-04-17 09:31    10651704    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A4D1AD2-C518-4859-8C4F-A307583CFF0C}\mpengine.dll
2014-05-05 01:36 . 2014-05-05 01:36    --------    d-----w-    c:\users\owner\AppData\Roaming\Kernel Recovery for iPod(Demo)
2014-05-05 01:35 . 2014-05-06 01:45    --------    d-----w-    c:\program files (x86)\Kernel Recovery for iPod demo
2014-05-05 01:24 . 2014-05-05 01:24    --------    d-----w-    c:\programdata\iSkysoft
2014-05-05 01:24 . 2014-05-05 01:24    --------    d-----w-    c:\program files (x86)\iSkysoft
2014-05-05 01:03 . 2014-05-05 01:03    --------    d-----w-    c:\users\owner\AppData\Local\Wondershare
2014-05-05 01:03 . 2014-05-05 01:03    --------    d-----w-    c:\program files (x86)\Common Files\Wondershare
2014-05-05 01:03 . 2014-05-06 01:45    --------    d-----w-    c:\program files (x86)\Wondershare
2014-05-05 01:03 . 2014-05-05 01:24    --------    d--h--w-    c:\program files (x86)\Dr.Fone_Temp
2014-05-05 01:03 . 2014-05-05 01:03    --------    d-----w-    c:\programdata\Wondershare
2014-04-29 14:35 . 2014-05-06 01:46    --------    d-----w-    c:\program files (x86)\iYogi Support Dock
2014-04-17 18:28 . 2014-04-17 18:28    --------    d-sh--w-    c:\users\owner\AppData\Local\EmieUserList
2014-04-17 18:28 . 2014-04-17 18:28    --------    d-sh--w-    c:\users\owner\AppData\Local\EmieSiteList
2014-04-17 04:02 . 2014-03-06 10:21    23549440    ----a-w-    c:\windows\system32\mshtml.dll
2014-04-09 07:22 . 2014-02-04 02:35    190912    ----a-w-    c:\windows\system32\drivers\storport.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-28 21:08 . 2013-03-11 00:00    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-28 21:08 . 2011-11-30 19:01    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-09 11:53 . 2011-02-26 21:34    90655440    ----a-w-    c:\windows\system32\MRT.exe
2014-03-31 13:35 . 2011-02-26 21:14    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-03-27 05:24 . 2014-03-30 16:24    35344    ----a-w-    c:\windows\system32\drivers\asd2fsm.sys
2014-03-27 05:24 . 2014-03-27 05:24    47632    ----a-w-    c:\windows\system32\drivers\asdids.sys
2014-03-04 09:17 . 2014-04-09 07:22    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[-] 2010-11-20 . 9102F33A7E31BCD2E9D1CBD6CACACE13 . 520192 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]
"Nike+ Connect"="c:\users\owner\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2013-11-01 70656]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-05-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-03-01 273544]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Officejet 6700 (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN25S3G2BS05RQ;CONNECTION=NW;MONITOR=1; [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2013-4-24 69120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys;c:\windows\SYSNATIVE\drivers\BIOS64.sys [x]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys;c:\windows\SYSNATIVE\drivers\BS_I2cIo.sys [x]
R1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
R2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys;c:\windows\SYSNATIVE\DRIVERS\aksdf.sys [x]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\Drivers\nvtcam.sys;c:\windows\SYSNATIVE\Drivers\nvtcam.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-30 00:03    1078088    ----a-w-    c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-11 21:08]
.
2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 21:21]
.
2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 21:21]
.
2014-05-09 c:\windows\Tasks\MATLAB R2011b Startup Accelerator.job
- c:\program files (x86)\MATLAB\R2011b\bin\win32\MATLABStartupAccelerator.exe [2014-02-08 20:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-13 10134560]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-16 4090824]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: Download by Versalsoft Internet Download - c:\program files (x86)\Versalsoft\InternetDownload\adddownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: qword.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {4F6DC453-0A07-4E68-A6F1-47D591532712} - hxxps://www.slomins.com/home/NapcoPlayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
BHO-{6C8DB2EC-499B-4897-A784-0E3186C97E9D} - (no file)
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-Smart PC Cleaner_is1 - c:\program files (x86)\Smart PC Cleaner\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2467584983-634760226-2654300995-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-2467584983-634760226-2654300995-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-2467584983-634760226-2654300995-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-2467584983-634760226-2654300995-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-2467584983-634760226-2654300995-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-2467584983-634760226-2654300995-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-2467584983-634760226-2654300995-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2467584983-634760226-2654300995-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2467584983-634760226-2654300995-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-2467584983-634760226-2654300995-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-2467584983-634760226-2654300995-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2467584983-634760226-2654300995-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-2467584983-634760226-2654300995-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-2467584983-634760226-2654300995-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-2467584983-634760226-2654300995-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-2467584983-634760226-2654300995-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Wondershare\Wondershare Helper Compact\1750299237\ell\v1.0\;c:\program files (x86)\jZip;c:\program files (x86)\QuickTime\QTSystem\;c:\program files (x86)\MATLAB\R2011b\bin*PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC*PROCESSOR_ARCHITECTURE=x86*PROCESSOR_ARCHITEW6432=AMD64*PROCESSOR_IDENTI]
"JoinUserExperience"=dword:00000001
"LastStopTime"=hex:ea,7a,67,92,7d,64,e4,40
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-09  00:36:07
ComboFix-quarantined-files.txt  2014-05-09 04:36
.
Pre-Run: 549,308,260,352 bytes free
Post-Run: 549,244,571,648 bytes free
.
- - End Of File - - 1CB4D9CF44140B9A8853794B766BD87F
A36C5E4F47E84449FF07ED3517B43A31


Edited by hamluis, 09 May 2014 - 08:02 AM.
Pasted log into topic, moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:00 PM

Posted 09 May 2014 - 04:30 PM

Hi bluflaggz and welcome to BC.

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.


A quick question for you:
Do you have what appears to be radio ads coming from the PC speakers?


For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    frst_zps6548371f.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
Also
  • Please re-run FRST again, but this time type the following in the edit box after Search: rpcss.dll
  • Click the Search File(s) button


    rpcss_zps888886ad.png
  • It will make a log (Search.txt)- please post this report along with the other 2 FRST reports.
.

In your next reply, please submit:
All 3 reports from FRST.

If they are too large, you may have to post them over 2 replies


Thanks.

Edited by Starbuck, 09 May 2014 - 04:33 PM.

BBPP6nz.png


#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:00 PM

Posted 15 May 2014 - 12:27 PM

Due to the lack of feedback, this Topic will now be closed.

If you need this topic reopened, please request this by sending one of the Moderating team or an Administrator
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users