Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Tabs Opening, Trying to Download Java and FLV updates


  • This topic is locked This topic is locked
18 replies to this topic

#1 SwordSlayer954

SwordSlayer954

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 20 June 2014 - 09:19 AM

Lots of new tabs open prompting me to download updates to media players and some start downloading immediately.
 
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.21.2
Run by Admin at 10:12:39 on 2014-06-20
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4030.1472 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Symantec Endpoint Protection.cloud *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Symantec Endpoint Protection.cloud *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection.cloud *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Symantec.cloud\PlatformAgent\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Symantec.cloud\PlatformAgent32\ccSvcHst.exe
C:\Program Files\Symantec.cloud\AntiVirus\AVAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\symantec.cloud\antivirus\ssDVAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Symantec.cloud\PlatformAgent\PAUI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Admin\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe
C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Admin\AppData\Local\VNT\vntldr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\twain_32\Dell\DELL2145\Scan2Pc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mspaint.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Avery Toolbar: {41565256-3700-A76A-76A7-7A786E7484D7} - 
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\IPS\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Avery Toolbar: {41565256-3700-A76A-76A7-7A786E7484D7} - 
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\coieplg.dll
uRun: [googletalk] C:\Users\Admin\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Spotify Web Helper] "C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [GoogleChromeAutoLaunch_A5B343D047FD8BD2F268B0EA0F8DBD7C] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [openvpn-gui] C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
mRun: [CMS] "C:\Program Files (x86)\CMS\EXE\Open.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [STO Backup Service] C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe
mRun: [STO Launcher Service] C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe /run
mRun: [VNT] C:\Program Files (x86)\VNT\vntldr.exe
mRun: [Dell PanelMgr] C:\Windows\Dell\PanelMgr\SSMMgr.exe /autorun
mRun: [2145cn Scan2PC] "C:\Windows\twain_32\Dell\DELL2145\Scan2Pc.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CINEFO~1.LNK - C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Capture Selection - C:\Program Files (x86)\SmarThru Office\WebCapture.dll2.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Save as HTML - C:\Program Files (x86)\SmarThru Office\WebCapture.dll1.htm
IE: Save Selected Text - C:\Program Files (x86)\SmarThru Office\WebCapture.dll.htm
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Web Capture - C:\Program Files (x86)\SmarThru Office\WebCapture.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {3D6F2DBA-F4E5-40A6-8725-E99BC96CC23A} - hxxp://65.254.18.46:90/speco_control.cab
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://65.254.18.46:120/RemoteWeb.cab
DPF: {542CB1D4-810D-4864-8F91-D530B50E89AE} - hxxp://65.254.18.46:120/Components.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://65.254.18.46:120/VideoViewer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {A6B11FA9-502E-44BE-8D0F-BC76CE036AE4} - hxxp://65.254.18.46:90/speco_webviewer.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: Interfaces\{4CC9F4C3-E0E8-4251-8FC5-20284771BE05} : DHCPNameServer = 10.5.1.5 10.242.2.1
TCP: Interfaces\{BC08FC82-5059-4A8D-ACE9-C77E1EAA6C45} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{C340CD87-13B6-42FF-9AE0-C39B2FE16476} : NameServer = 10.5.1.5,8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
x64-Run: [SymantecPaui] "C:\Program Files\Symantec.cloud\PlatformAgent\PAUI.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 173.9.184.67 remote.s---------e.com
Hosts: 10.5.1.5 s---------e.com
Hosts: 172.0.68.177 webservnet
Hosts: 172.0.68.177 webservnet.s---------e.com
Hosts: 10.20.170.20                            iportal.g----t.com 
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zi8svfq0.default\
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\SymDS64.sys [2014-2-23 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\SymEFA64.sys [2014-2-23 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [2014-6-9 1530160]
R1 ccSet_Cloud;CC Standalone Settings Manager;C:\Windows\SysWOW64\drivers\Symantec.cloud\ccSetx64.sys [2013-1-31 167072]
R1 ccSet_NIS;Endpoint Protection.cloud Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccSetx64.sys [2014-2-23 169048]
R1 Ext2Fsd;Linux ext2 file system driver;C:\Windows\System32\drivers\ext2fsd.sys [2013-9-5 744072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20140619.001\IDSviA64.sys [2014-6-19 525016]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\Ironx64.sys [2014-2-23 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2014-2-23 433752]
R2 monblanking;monblanking;C:\Windows\System32\drivers\monblanking.sys [2013-5-10 34960]
R2 NIS;Endpoint Protection.cloud;C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\ccSvcHst.exe [2014-2-23 144368]
R2 SsPaAdm;Symantec.cloud Cloud Agent;C:\Program Files\Symantec.cloud\PlatformAgent\ccSvcHst.exe [2013-1-31 191856]
R2 ssPaSetMgr;Symantec.cloud Scheduler;C:\Program Files\Symantec.cloud\PlatformAgent32\ccSvcHst.exe [2013-1-31 138272]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2012-12-14 11576]
R2 ssSpnAv;Symantec.cloud Endpoint Protection;C:\Program Files\Symantec.cloud\AntiVirus\AVAgent.exe [2014-2-23 418720]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-5-10 130560]
R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-5-10 1858048]
R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-5-10 483328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-6-13 142128]
R3 staccel;staccel;C:\Windows\System32\drivers\staccel.sys [2011-12-22 35168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-18 111616]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-4-13 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-13 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-06-19 16:20:31 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82CE724F-08A2-4E34-B7D3-0510D6414186}\mpengine.dll
2014-06-18 19:07:58 -------- d-----w- C:\Windows\XSxS
2014-06-18 16:19:57 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-17 22:49:57 -------- d-----w- C:\Program Files (x86)\GUMA93C.tmp
2014-06-10 16:21:42 -------- d-sh--w- C:\$RECYCLE.BIN
2014-06-10 15:38:25 98816 ----a-w- C:\Windows\sed.exe
2014-06-10 15:38:25 256000 ----a-w- C:\Windows\PEV.exe
2014-06-10 15:38:25 208896 ----a-w- C:\Windows\MBR.exe
.
==================== Find3M  ====================
.
.
============= FINISH: 10:13:16.61 ===============
 


BC AdBot (Login to Remove)

 


m

#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:52 AM

Posted 24 June 2014 - 01:12 PM

Hi SwordSlayer954,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

In the upper right hand corner of the topic you will see the Follow This Topic button. Click on this then choose Receive Notification Immediately and then click Follow This Topic and you will be sent an email once I have posted a response and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

Combofix

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

You can download Combofix from one of these links.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<
3. Double click on combofix.exe & follow the prompts.

Important:

  • Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

In your next reply, please include:

  • Combofix log
  • How is your computer running now? Please be as descriptive as possible. Include any word-for-word error messages that you may have, and/or screenshots of strange behavior.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:52 AM

Posted 29 June 2014 - 09:26 PM

Hi SwordSlayer954,
 
It has been five days since my last post, do you still need help?
 
If you do, please follow the previous instructions. :thumbup2:


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#4 SwordSlayer954

SwordSlayer954
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 30 June 2014 - 09:38 AM

My IT guy installed a new firewall and its blocking all downloads from this site, I'll download at home and bring comboxfix in on a flashdrive

 

Will update tomorrow.  Thanks



#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:52 AM

Posted 30 June 2014 - 10:45 PM

Hi SwordSlayer954,

I take it this is a business computer?

If so, I strongly recommend you to ask your IT suppport/network Administrator to fix this. After all they are paid to do so.

I ask this for several reasons:

  • There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware.
  • Any infection could jump terminals in a computer network.
  • There may also be legal issues regarding any loss of business data that I do not wish to deal with.
  • Some people who come here use their computers for work, and the computers may contain the patient records of a physician or the financial records of an accountant's clients or credit card and bank account information of their employer's customers.
  • There may be tremendous risks and legal liability for such users for not fully securing the computer. We will not know this unless we ask. We do not want to be accidentally putting those we help in vulnerable positions for law suits.
  • Business factors outweigh technical factors in making the reformat and reinstall decision. Sometimes friends give missing CDs or lack of expertise as a reason for not doing a reformat and reinstall.
  • The cost of replacing missing Windows XP and MS Office CDs and getting an Microsoft Certified Systems Engineer to come in for 3 hours to do the reinstall and apply all the critical updates, is trivial compared with the potential cost of a multi-million dollar lawsuit for breach of trust if confidential client or patient information is disclosed.
  • In specific situations where highly confidential information about others is on the computer, and a backdoor virus or trojan is found, we are helping people more by identifying that they have a backdoor trojan which puts them in a particularly vulnerable situation and sending them to seek local professional help from a Microsoft Certified Systems Engineer or Certified Information Systems Security Professional or Global Information Assurance Certification Certified Security Expert or Certified Computing Professional or Internet Service Provider than we would be trying to fully resolve their problems long distance.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:52 AM

Posted 19 July 2014 - 08:57 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:52 AM

Posted 29 July 2014 - 02:50 PM

This topic has been re-opened at the request of the person who originally posted.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:52 AM

Posted 29 July 2014 - 02:50 PM

This topic has been re-opened at the request of the person who originally posted.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:52 AM

Posted 29 July 2014 - 02:51 PM

Please note what I posted previously:
 

Hi SwordSlayer954,

I take it this is a business computer?

If so, I strongly recommend you to ask your IT suppport/network Administrator to fix this. After all they are paid to do so.

I ask this for several reasons:

  • There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware.
  • Any infection could jump terminals in a computer network.
  • There may also be legal issues regarding any loss of business data that I do not wish to deal with.
  • Some people who come here use their computers for work, and the computers may contain the patient records of a physician or the financial records of an accountant's clients or credit card and bank account information of their employer's customers.
  • There may be tremendous risks and legal liability for such users for not fully securing the computer. We will not know this unless we ask. We do not want to be accidentally putting those we help in vulnerable positions for law suits.
  • Business factors outweigh technical factors in making the reformat and reinstall decision. Sometimes friends give missing CDs or lack of expertise as a reason for not doing a reformat and reinstall.
  • The cost of replacing missing Windows XP and MS Office CDs and getting an Microsoft Certified Systems Engineer to come in for 3 hours to do the reinstall and apply all the critical updates, is trivial compared with the potential cost of a multi-million dollar lawsuit for breach of trust if confidential client or patient information is disclosed.
  • In specific situations where highly confidential information about others is on the computer, and a backdoor virus or trojan is found, we are helping people more by identifying that they have a backdoor trojan which puts them in a particularly vulnerable situation and sending them to seek local professional help from a Microsoft Certified Systems Engineer or Certified Information Systems Security Professional or Global Information Assurance Certification Certified Security Expert or Certified Computing Professional or Internet Service Provider than we would be trying to fully resolve their problems long distance.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 SwordSlayer954

SwordSlayer954
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 31 July 2014 - 10:21 AM

I'm the owner of the company and I say IT guy very loosely.  He's more of a programmer that does some troubleshooting from time to time.

 

 

Since running combofix the computer doesn't seem like something is running in the background all the time and I had a small window with no tabs opening up and downloads automatically starting but they are back.  I get ChromePlayer a lot.

 

 

 

 

 

--------------------

 

 

ComboFix 14-07-29.01 - Admin 07/30/2014   9:38.3.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4030.1613 [GMT -4:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection.cloud *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection.cloud *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection.cloud *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-28 to 2014-07-30  )))))))))))))))))))))))))))))))
.
.
2014-07-30 13:47 . 2014-07-30 13:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-07-30 13:47 . 2014-07-30 13:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-30 06:35 . 2014-07-30 06:35 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00446E71-382E-4B70-806C-9AED43224CDF}\offreg.dll
2014-07-30 06:33 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00446E71-382E-4B70-806C-9AED43224CDF}\mpengine.dll
2014-07-11 12:58 . 2014-07-11 12:58 -------- d-----w- c:\program files (x86)\OpenVPN Technologies
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-23 14:52 . 2012-04-13 18:33 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-06-08 09:13 . 2014-06-11 04:59 506368 ----a-w- c:\windows\system32\aepdu.dll
2014-06-08 09:08 . 2014-06-11 04:59 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-06-01 21:17 . 2012-04-13 18:40 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-05-30 10:21 . 2014-06-11 05:00 23414784 ----a-w- c:\windows\system32\mshtml.dll
2014-05-30 10:02 . 2014-06-11 05:00 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-30 10:02 . 2014-06-11 05:00 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-05-30 09:45 . 2014-06-11 05:00 2768384 ----a-w- c:\windows\system32\iertutil.dll
2014-05-30 09:39 . 2014-06-11 05:00 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-05-30 09:39 . 2014-06-11 05:00 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-05-30 09:38 . 2014-06-11 05:00 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-05-30 09:28 . 2014-06-11 05:00 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-05-30 09:27 . 2014-06-11 05:00 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-05-30 09:24 . 2014-06-11 05:00 574976 ----a-w- c:\windows\system32\ieui.dll
2014-05-30 09:21 . 2014-06-11 05:00 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-05-30 09:21 . 2014-06-11 05:00 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-05-30 09:20 . 2014-06-11 05:00 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-05-30 09:11 . 2014-06-11 05:00 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-05-30 09:08 . 2014-06-11 05:00 5782528 ----a-w- c:\windows\system32\jscript9.dll
2014-05-30 09:06 . 2014-06-11 05:00 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2014-05-30 09:02 . 2014-06-11 05:00 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-30 08:55 . 2014-06-11 05:00 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 08:49 . 2014-06-11 05:00 195584 ----a-w- c:\windows\system32\msrating.dll
2014-05-30 08:46 . 2014-06-11 05:00 85504 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-30 08:44 . 2014-06-11 05:00 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-05-30 08:44 . 2014-06-11 05:00 295424 ----a-w- c:\windows\system32\dxtrans.dll
2014-05-30 08:43 . 2014-06-11 05:00 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-05-30 08:42 . 2014-06-11 05:00 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:35 . 2014-06-11 05:00 608768 ----a-w- c:\windows\system32\ie4uinit.exe
2014-05-30 08:29 . 2014-06-11 05:00 631808 ----a-w- c:\windows\system32\msfeeds.dll
2014-05-30 08:28 . 2014-06-11 05:00 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-05-30 08:27 . 2014-06-11 05:00 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-05-30 08:24 . 2014-06-11 05:00 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-05-30 08:23 . 2014-06-11 05:00 2040832 ----a-w- c:\windows\system32\inetcpl.cpl
2014-05-30 08:10 . 2014-06-11 05:00 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56 . 2014-06-11 05:00 2266112 ----a-w- c:\windows\system32\wininet.dll
2014-05-30 07:56 . 2014-06-11 05:00 4244992 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-05-30 07:50 . 2014-06-11 05:00 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49 . 2014-06-11 05:00 1964544 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-05-30 07:43 . 2014-06-11 05:00 13522944 ----a-w- c:\windows\system32\ieframe.dll
2014-05-30 07:30 . 2014-06-11 05:00 1398272 ----a-w- c:\windows\system32\urlmon.dll
2014-05-30 07:21 . 2014-06-11 05:00 1790976 ----a-w- c:\windows\SysWow64\wininet.dll
2014-05-30 07:13 . 2014-06-11 05:00 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-05-08 03:22 . 2014-05-08 03:22 26624 ----a-w- c:\windows\system32\drivers\tapoas.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41565256-3700-A76A-76A7-7A786E7484D7}]
c:\program files (x86)\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{41565256-3700-A76A-76A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{41565256-3700-a76a-76a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Admin\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Spotify Web Helper"="c:\users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-29 1178168]
"GoogleChromeAutoLaunch_A5B343D047FD8BD2F268B0EA0F8DBD7C"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-07-15 860488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"openvpn-gui"="c:\program files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe" [2010-05-07 265216]
"CMS"="c:\program files (x86)\CMS\EXE\Open.exe" [2010-11-08 329728]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-18 152392]
"STO Backup Service"="c:\program files (x86)\SmarThru Office\BackUpSvr.exe" [2010-08-03 184320]
"STO Launcher Service"="c:\program files (x86)\SmarThru Office\x64\LegacyLauncher.exe" [2010-08-03 381440]
"VNT"="c:\program files (x86)\VNT\vntldr.exe" [2014-03-18 196048]
"Dell PanelMgr"="c:\windows\Dell\PanelMgr\SSMMgr.exe" [2013-10-02 632128]
"2145cn Scan2PC"="c:\windows\twain_32\Dell\DELL2145\Scan2Pc.exe" [2008-12-16 503808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CineForm Status.lnk - c:\program files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe [2012-10-28 152064]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-5-10 4554752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk * \0BootDefrag.exe
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 tapoas;TAP Adapter OAS NDIS 6.0;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20140718.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [x]
S1 ccSet_Cloud;CC Standalone Settings Manager;c:\windows\SysWOW64\Drivers\Symantec.cloud\ccSetx64.sys;c:\windows\SysWOW64\Drivers\Symantec.cloud\ccSetx64.sys [x]
S1 ccSet_NIS;Endpoint Protection.cloud Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S1 Ext2Fsd;Linux ext2 file system driver; [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20140729.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20140729.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S2 monblanking;monblanking;c:\windows\system32\DRIVERS\monblanking.sys;c:\windows\SYSNATIVE\DRIVERS\monblanking.sys [x]
S2 NIS;Endpoint Protection.cloud;c:\program files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\ccSvcHst.exe;c:\program files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 SsPaAdm;Symantec.cloud Cloud Agent;c:\program files\Symantec.cloud\PlatformAgent\ccSvcHst.exe;c:\program files\Symantec.cloud\PlatformAgent\ccSvcHst.exe [x]
S2 ssPaSetMgr;Symantec.cloud Scheduler;c:\program files\Symantec.cloud\PlatformAgent32\ccSvcHst.exe;c:\program files\Symantec.cloud\PlatformAgent32\ccSvcHst.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 ssSpnAv;Symantec.cloud Endpoint Protection;c:\program files\Symantec.cloud\AntiVirus\AVAgent.exe;c:\program files\Symantec.cloud\AntiVirus\AVAgent.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [x]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 staccel;staccel;c:\windows\system32\DRIVERS\staccel.sys;c:\windows\SYSNATIVE\DRIVERS\staccel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-17 18:56 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-30 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2014-03-17 06:19]
.
2014-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-07 17:54]
.
2014-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-07 17:54]
.
2014-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295138405-3196286204-682247274-1000Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-17 03:05]
.
2014-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295138405-3196286204-682247274-1000UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-17 03:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-10-11 2041192]
"SymantecPaui"="c:\program files\Symantec.cloud\PlatformAgent\PAUI.exe" [2013-08-09 2403216]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Capture Selection - c:\program files (x86)\SmarThru Office\WebCapture.dll2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Save as HTML - c:\program files (x86)\SmarThru Office\WebCapture.dll1.htm
IE: Save Selected Text - c:\program files (x86)\SmarThru Office\WebCapture.dll.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Web Capture - c:\program files (x86)\SmarThru Office\WebCapture.dll
Trusted Zone: adp.com\ewallet
Trusted Zone: adp.com\totalsource
TCP: Interfaces\{C340CD87-13B6-42FF-9AE0-C39B2FE16476}: NameServer = 10.5.1.7,8.8.8.8
DPF: {3D6F2DBA-F4E5-40A6-8725-E99BC96CC23A} - hxxp://65.254.18.46:90/speco_control.cab
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://65.254.18.46:120/RemoteWeb.cab
DPF: {542CB1D4-810D-4864-8F91-D530B50E89AE} - hxxp://65.254.18.46:120/Components.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://65.254.18.46:120/VideoViewer.cab
DPF: {A6B11FA9-502E-44BE-8D0F-BC76CE036AE4} - hxxp://65.254.18.46:90/speco_webviewer.cab
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zi8svfq0.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Citrix\GoToMyPC\g2svc.exe
c:\program files (x86)\Citrix\GoToMyPC\g2comm.exe
c:\program files (x86)\Citrix\GoToMyPC\g2pre.exe
c:\program files (x86)\Citrix\GoToMyPC\g2tray.exe
c:\program files (x86)\Glary Utilities 4\Integrator.exe
.
**************************************************************************
.
Completion time: 2014-07-30  09:58:01 - machine was rebooted
ComboFix-quarantined-files.txt  2014-07-30 13:57
ComboFix2.txt  2014-07-29 16:09
ComboFix3.txt  2014-06-10 16:20
.
Pre-Run: 28,332,433,408 bytes free
Post-Run: 28,110,028,800 bytes free
.
- - End Of File - - F655296AC820ECAD49B778AD862F13A4
8F558EB6672622401DA993E1E865C861


#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:52 AM

Posted 31 July 2014 - 09:01 PM

Ok, please download the latest version of Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator"
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 SwordSlayer954

SwordSlayer954
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 04 August 2014 - 08:27 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Admin (administrator) on ADMIN-PC on 04-08-2014 09:22:22
Running from C:\Users\Admin\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
(Symantec Corporation) C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\ccSvcHst.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
(Symantec Corporation) C:\Program Files\Symantec.cloud\PlatformAgent\ccSvcHst.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Symantec Corporation) C:\Program Files\Symantec.cloud\PlatformAgent32\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Symantec.cloud\AntiVirus\AVAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files\Symantec.cloud\AntiVirus\ssDVAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Symantec Corporation) C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\ccSvcHst.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Spotify Ltd) C:\Users\Admin\AppData\Roaming\Spotify\spotify.exe
() C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2041192 2012-10-10] ()
HKLM\...\Run: [SymantecPaui] => C:\Program Files\Symantec.cloud\PlatformAgent\PAUI.exe [2403216 2013-08-09] (Symantec Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [openvpn-gui] => C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe [265216 2010-05-07] ()
HKLM-x32\...\Run: [CMS] => C:\Program Files (x86)\CMS\EXE\Open.exe [329728 2010-11-08] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [STO Backup Service] => C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe [184320 2010-08-03] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [STO Launcher Service] => C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe [381440 2010-08-03] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [VNT] => C:\Program Files (x86)\VNT\vntldr.exe [196048 2014-03-18] (APN LLC.)
HKLM-x32\...\Run: [Dell PanelMgr] => C:\Windows\Dell\PanelMgr\SSMMgr.exe [632128 2013-10-02] ()
HKLM-x32\...\Run: [2145cn Scan2PC] => C:\Windows\twain_32\Dell\DELL2145\Scan2Pc.exe [503808 2008-12-16] ()
HKU\S-1-5-21-295138405-3196286204-682247274-1000\...\Run: [googletalk] => C:\Users\Admin\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-295138405-3196286204-682247274-1000\...\Run: [Spotify Web Helper] => C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-29] (Spotify Ltd)
HKU\S-1-5-21-295138405-3196286204-682247274-1000\...\Run: [GoogleChromeAutoLaunch_A5B343D047FD8BD2F268B0EA0F8DBD7C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
BootExecute: autocheck autochk *  BootDefrag.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0503A7DE0FBDCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Avery Toolbar -> {41565256-3700-A76A-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll" No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll" No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {3D6F2DBA-F4E5-40A6-8725-E99BC96CC23A} http://65.254.18.46:90/speco_control.cab
DPF: HKLM-x32 {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://65.254.18.46:120/RemoteWeb.cab
DPF: HKLM-x32 {542CB1D4-810D-4864-8F91-D530B50E89AE} http://65.254.18.46:120/Components.cab
DPF: HKLM-x32 {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://65.254.18.46:120/VideoViewer.cab
DPF: HKLM-x32 {A6B11FA9-502E-44BE-8D0F-BC76CE036AE4} http://65.254.18.46:90/speco_webviewer.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{C340CD87-13B6-42FF-9AE0-C39B2FE16476}: [NameServer]10.5.1.7,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zi8svfq0.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Admin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Admin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Admin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Admin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFF [2014-02-24]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Extension: (Avery Toolbar) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaigmelgfmkfjicbbgbkcbagedejhj [2013-09-26]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (HootSuite Hootlet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2013-01-17]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-07]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2013-07-03]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-07]
CHR Extension: (Search by Image (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2013-02-11]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-05-13]
CHR Extension: (Facebook Invite Them All) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jladghljinmlokelojmdmblikkifabea [2014-04-01]
CHR Extension: (Todoist: To-Do list and Task Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2013-04-09]
CHR Extension: (RT News) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kloiceblkijlknknaibcaieiicafajlo [2013-09-09]
CHR Extension: (Norton Security Toolbar) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-05-15]
CHR Extension: (Hangouts) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-05-21]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Weather Underground) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2013-09-26]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-07]
CHR HKLM-x32\...\Chrome\Extension: [aaaaigmelgfmkfjicbbgbkcbagedejhj] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVRV7\CRX\ToolbarCR.crx [2012-11-07]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\Exts\Chrome.crx [2014-04-02]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 NIS; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 OpenVPNService; C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe [39936 2010-05-07] () [File not signed]
R2 SsPaAdm; C:\Program Files\Symantec.cloud\PlatformAgent\ccSvcHst.exe [191856 2013-01-31] (Symantec Corporation)
R2 ssPaSetMgr; C:\Program Files\Symantec.cloud\PlatformAgent32\ccSvcHst.exe [138272 2013-01-31] (Symantec Corporation)
R2 ssSpnAv; C:\Program Files\Symantec.cloud\AntiVirus\AVAgent.exe [418720 2014-01-16] (Symantec Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [130560 2010-05-10] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1858048 2010-05-10] () [File not signed]
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [483328 2010-05-10] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_Cloud; C:\Windows\SysWOW64\Drivers\Symantec.cloud\ccSetx64.sys [167072 2013-01-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2013-10-02] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-10] (Symantec Corporation)
R1 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [744072 2009-07-26] (www.ext2fsd.com)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20140731.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)
R2 monblanking; C:\Windows\System32\DRIVERS\monblanking.sys [34960 2014-01-30] (Citrix Systems, Inc.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20140803.034\ENG64.SYS [126040 2014-08-01] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20140803.034\EX64.SYS [2099288 2014-08-01] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R3 staccel; C:\Windows\System32\DRIVERS\staccel.sys [35168 2011-12-22] (ShoreTel, Inc)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-02-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [26624 2014-05-07] (The OpenVPN Project)
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-04 09:22 - 2014-08-04 09:23 - 00023450 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-08-04 09:22 - 2014-08-04 09:22 - 00000000 ____D () C:\FRST
2014-08-04 09:21 - 2014-08-04 09:21 - 02094080 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-08-02 18:10 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 18:10 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 18:10 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 18:10 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 18:09 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 18:09 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 18:09 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 18:09 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 10:43 - 2014-07-30 10:43 - 00010653 _____ () C:\Users\Admin\Desktop\call history.txt
2014-07-30 10:35 - 2014-07-30 10:35 - 00013109 _____ () C:\Users\Admin\Downloads\UnbilledVoice.xls
2014-07-30 09:58 - 2014-07-30 09:58 - 00023688 _____ () C:\ComboFix.txt
2014-07-30 09:30 - 2014-07-30 09:30 - 00001412 _____ () C:\Users\Admin\Desktop\hosts1.txt
2014-07-29 12:00 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-29 12:00 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-29 12:00 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-29 12:00 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-29 12:00 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-29 12:00 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-29 12:00 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-29 12:00 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-29 11:05 - 2014-07-29 11:05 - 05563986 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2014-07-28 11:15 - 2014-07-28 11:15 - 00045356 _____ () C:\Users\Admin\Downloads\529DBC75-9A97-47C8-9D86-27E784463598-72295-OF.TIF
2014-07-16 10:00 - 2014-07-16 10:11 - 00000000 ____D () C:\Users\Admin\Desktop\Thank Yous
2014-07-14 12:32 - 2014-07-14 12:32 - 00014290 _____ () C:\Users\Admin\Downloads\Inventory 20140710.xlsx
2014-07-11 09:04 - 2014-07-11 09:05 - 05309099 _____ () C:\Users\Admin\Downloads\openvpn-connect-2.0.8.106 (1).msi
2014-07-11 09:01 - 2014-07-11 09:05 - 00003718 _____ () C:\Users\Admin\ovpntray.log
2014-07-11 09:01 - 2014-07-11 09:01 - 00001359 _____ () C:\Users\Public\Desktop\OpenVPN Connect.lnk
2014-07-11 08:58 - 2014-07-11 08:58 - 00000000 ____D () C:\Program Files (x86)\OpenVPN Technologies
2014-07-11 08:54 - 2014-07-11 08:54 - 05309099 _____ () C:\Users\Admin\Downloads\openvpn-connect-2.0.8.106.msi
2014-07-10 11:11 - 2014-07-10 11:20 - 00000000 ____D () C:\Users\Admin\Desktop\CA Orders
2014-07-10 10:54 - 2014-07-10 10:54 - 00042887 _____ () C:\Users\Admin\Desktop\TSG Canadian DID Service Availability by Rate Center (1).xlsx
2014-07-10 10:53 - 2014-07-10 10:54 - 00013892 _____ () C:\Users\Admin\Desktop\TSG Canadian TN Order Form 5-21-14 (1).xlsx
2014-07-09 12:31 - 2014-07-09 12:31 - 00001397 _____ () C:\Users\Admin\Desktop\Cic'ing TOLL FREE NUMBERS.txt
2014-07-07 12:08 - 2014-07-11 09:32 - 00007606 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-04 09:23 - 2014-08-04 09:22 - 00023450 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-08-04 09:22 - 2014-08-04 09:22 - 00000000 ____D () C:\FRST
2014-08-04 09:21 - 2014-08-04 09:21 - 02094080 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-08-04 09:21 - 2013-04-09 13:04 - 00000000 ____D () C:\ProgramData\Symantec.Cloud
2014-08-04 09:18 - 2012-11-07 14:38 - 00000000 ____D () C:\Users\Admin\Documents\Outlook Files
2014-08-04 09:03 - 2012-04-13 14:12 - 01070609 _____ () C:\Windows\WindowsUpdate.log
2014-08-04 09:01 - 2012-11-07 14:33 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Spotify
2014-08-04 08:55 - 2012-11-07 13:55 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-04 08:54 - 2013-05-17 14:00 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295138405-3196286204-682247274-1000UA.job
2014-08-04 02:00 - 2012-12-07 11:58 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-08-03 17:53 - 2013-05-17 14:00 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295138405-3196286204-682247274-1000Core.job
2014-08-03 15:04 - 2012-11-07 13:55 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-31 11:23 - 2012-11-07 14:33 - 00000000 ____D () C:\Users\Admin\AppData\Local\Spotify
2014-07-30 16:48 - 2009-07-14 00:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-30 16:48 - 2009-07-14 00:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-30 10:43 - 2014-07-30 10:43 - 00010653 _____ () C:\Users\Admin\Desktop\call history.txt
2014-07-30 10:35 - 2014-07-30 10:35 - 00013109 _____ () C:\Users\Admin\Downloads\UnbilledVoice.xls
2014-07-30 09:58 - 2014-07-30 09:58 - 00023688 _____ () C:\ComboFix.txt
2014-07-30 09:58 - 2014-06-10 11:37 - 00000000 ____D () C:\Qoobox
2014-07-30 09:52 - 2014-03-18 13:49 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-07-30 09:52 - 2014-03-18 13:49 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-07-30 09:51 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-30 09:49 - 2014-03-23 01:00 - 00001711 _____ () C:\Windows\setupact.log
2014-07-30 09:49 - 2013-02-07 12:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-30 09:49 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-30 09:48 - 2014-04-09 12:09 - 00119888 _____ () C:\Windows\PFRO.log
2014-07-30 09:47 - 2014-06-10 11:37 - 00000000 ____D () C:\Windows\erdnt
2014-07-30 09:30 - 2014-07-30 09:30 - 00001412 _____ () C:\Users\Admin\Desktop\hosts1.txt
2014-07-29 12:12 - 2014-03-18 13:49 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DiskDefrag
2014-07-29 11:05 - 2014-07-29 11:05 - 05563986 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2014-07-28 11:15 - 2014-07-28 11:15 - 00045356 _____ () C:\Users\Admin\Downloads\529DBC75-9A97-47C8-9D86-27E784463598-72295-OF.TIF
2014-07-23 10:52 - 2012-04-13 14:33 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-22 08:40 - 2012-12-14 13:31 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-07-18 12:31 - 2009-07-14 01:13 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-17 12:02 - 2013-08-29 10:44 - 00000000 ____D () C:\Users\Admin\Desktop\Broward Airboat Club
2014-07-16 10:11 - 2014-07-16 10:00 - 00000000 ____D () C:\Users\Admin\Desktop\Thank Yous
2014-07-14 12:32 - 2014-07-14 12:32 - 00014290 _____ () C:\Users\Admin\Downloads\Inventory 20140710.xlsx
2014-07-11 09:32 - 2014-07-07 12:08 - 00007606 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2014-07-11 09:05 - 2014-07-11 09:04 - 05309099 _____ () C:\Users\Admin\Downloads\openvpn-connect-2.0.8.106 (1).msi
2014-07-11 09:05 - 2014-07-11 09:01 - 00003718 _____ () C:\Users\Admin\ovpntray.log
2014-07-11 09:01 - 2014-07-11 09:01 - 00001359 _____ () C:\Users\Public\Desktop\OpenVPN Connect.lnk
2014-07-11 09:01 - 2012-04-13 14:12 - 00000000 ____D () C:\Users\Admin
2014-07-11 08:58 - 2014-07-11 08:58 - 00000000 ____D () C:\Program Files (x86)\OpenVPN Technologies
2014-07-11 08:54 - 2014-07-11 08:54 - 05309099 _____ () C:\Users\Admin\Downloads\openvpn-connect-2.0.8.106.msi
2014-07-10 11:20 - 2014-07-10 11:11 - 00000000 ____D () C:\Users\Admin\Desktop\CA Orders
2014-07-10 10:54 - 2014-07-10 10:54 - 00042887 _____ () C:\Users\Admin\Desktop\TSG Canadian DID Service Availability by Rate Center (1).xlsx
2014-07-10 10:54 - 2014-07-10 10:53 - 00013892 _____ () C:\Users\Admin\Desktop\TSG Canadian TN Order Form 5-21-14 (1).xlsx
2014-07-09 12:31 - 2014-07-09 12:31 - 00001397 _____ () C:\Users\Admin\Desktop\Cic'ing TOLL FREE NUMBERS.txt
2014-07-07 10:34 - 2013-05-15 10:47 - 00002032 ____H () C:\Users\Admin\Documents\Default.rdp
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-29 15:58
 
==================== End Of Log ============================


#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:52 AM

Posted 04 August 2014 - 08:39 AM

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 SwordSlayer954

SwordSlayer954
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 05 August 2014 - 09:40 AM

# AdwCleaner v3.302 - Report created 05/08/2014 at 09:49:15
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Admin - ADMIN-PC
# Running from : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Program Files (x86)\VNT
Folder Found : C:\Users\Admin\AppData\Local\VNT
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VNT]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
[ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zi8svfq0.default\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3999 octets] - [11/04/2014 11:38:24]
AdwCleaner[R1].txt - [1024 octets] - [01/05/2014 10:31:55]
AdwCleaner[R2].txt - [1081 octets] - [05/08/2014 09:49:15]
AdwCleaner[S0].txt - [4101 octets] - [11/04/2014 11:40:07]
AdwCleaner[S1].txt - [1086 octets] - [01/05/2014 10:41:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1261 octets] ##########


#15 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:52 AM

Posted 05 August 2014 - 10:37 AM

Unfortunately, the Adwcleaner log doesn't show us any we can fix.

 

Please explain in detail any remaining trouble you're having, including any possible error messages.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users