Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake updates in new tab browser hijack


  • This topic is locked This topic is locked
16 replies to this topic

#1 memorium

memorium

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 19 August 2014 - 09:17 PM

When I go to websites, be they Google or simple text-based browser games with no adds, new tabs open frequently with alerts that pretend to be about Java, Norton 360, and other legitimate products. Several of them download an exe file right away. I have Norton 360, but the scan finds nothing. Neither does Norton Power Erasor (which now gives me a message about NPE reestablishing a connection instead of finishing the scan), nor Norton Bootable Recovery Tool. I have also tried, in Safe Mode, and after running rkill to terminate processes, the following programs: Malaware Bytes, Spybot, Adaware, HitmanPro, TDSSKiller, RogueKiller, ADW Cleaner, JRT (which does not work anymore; a blank cmd.exe window opens and nothing happens), YAC, and Windows Defender Offline. As you can see, I tried pretty much everything, to no avail. The only other perhaps-useful information I can provide is that YAC warned me today that svchost.exe was trying to modify preferences for Chrome and Firefox. Oh, and this happens on Chrome and IE; not sure about Firefox. Here are the logs.

 

Edit: Forgot to say that there are no suspicious software, extension, or plugin that I can find.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239
Run by Amber at 19:04:41 on 2014-08-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8091.5236 [GMT -7:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Norton 360 Premier Edition *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 Premier Edition *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Norton 360 Premier Edition *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
c:\windows\system32\svchost.exe -k dcomlaunch
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Windows\system32\nvvsvc.exe
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k localservicenetworkrestricted
C:\Program Files (x86)\iSafe\iSafeSvc.exe
C:\Program Files (x86)\iSafe\iSafeSvc2.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
c:\windows\system32\svchost.exe -k localservice
c:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
c:\windows\system32\svchost.exe -k gpsvcgroup
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
c:\windows\system32\svchost.exe -k networkservice
C:\Windows\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k wbiosvcgroup
c:\windows\system32\svchost.exe -k localservicenonetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
C:\Program Files (x86)\iSafe\iSafeTray.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\N360.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\N360.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
c:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP SimplePass\BioMonitor.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted
C:\Users\Amber\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\iSafe\ipcdl.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\ips\ipsbho.dll
BHO: HP SimplePass Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\coieplg.dll
TB: HP SimplePass Toolbar: {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\coieplg.dll
uRun: [Google Update] "C:\Users\Amber\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 178.62.21.137 162.243.207.106 75.75.75.75
TCP: Interfaces\{FDF8B930-6C39-4447-911A-E9C2635A35B3} : DHCPNameServer = 178.62.21.137 162.243.207.106 75.75.75.75
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs=  c:\windows\syswow64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {6032497A-4479-462B-ADB8-A0A372BB9A23} - msiexec /fu {6032497A-4479-462B-ADB8-A0A372BB9A23} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\ssvhaxvt.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Amber\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
FF - ExtSQL: 2014-08-17 13:01; firefox-hotfix@mozilla.org; C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\ssvhaxvt.default\extensions\firefox-hotfix@mozilla.org.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2011-12-5 16152]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-8 30056]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1505000.013\symds64.sys [2014-8-9 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1505000.013\symefa64.sys [2014-8-9 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\BASHDefs\20140816.001\BHDrvx64.sys [2014-8-15 1588016]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1505000.013\ccsetx64.sys [2014-8-9 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\IPSDefs\20140819.001\IDSviA64.sys [2014-8-19 525016]
R1 iSafeKrnl;iSafeKrnl Mini-Filter Driver;C:\Program Files (x86)\iSafe\iSafeKrnl.sys [2014-8-19 247488]
R1 iSafeKrnlKit;iSafeKrnl Kit Driver;C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [2014-8-19 78016]
R1 iSafeKrnlR3;iSafeKrnl Ring3 Driver;C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys [2014-8-19 65216]
R1 iSafeNetFilter;iSafeNetFilter NDIS Driver;C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [2014-8-19 49320]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1505000.013\ironx64.sys [2014-8-9 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1505000.013\symnets.sys [2014-8-9 593112]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2011-12-11 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-11-29 34872]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-4 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-6-4 128280]
R2 iSafeService;iSafeService;C:\Program Files (x86)\iSafe\iSafeSvc.exe [2014-8-19 118048]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-4 161560]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [2014-6-3 706864]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\n360.exe [2014-8-9 265040]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-8-10 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-8-10 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-8-10 171928]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-4 363800]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-8-15 142128]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-4 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2011-12-5 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2011-12-5 785688]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-9 25816]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-6-4 1813056]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-4 565352]
R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2011-10-13 20016]
R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2011-12-9 269640]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/06/04 16:50:46;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-9 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-9 860472]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
S3 iSafeKrnlBoot;iSafeKrnl Boot Driver;C:\Windows\System32\drivers\iSafeKrnlBoot.sys [2014-8-19 45248]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-9 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-6-4 259688]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-24 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-24 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-12 1255736]
.
=============== Created Last 30 ================
.
2014-08-20 01:55:36 -------- d-----w- C:\Users\Amber\AppData\Local\HP
2014-08-19 23:32:44 -------- d-----w- C:\Windows\Microsoft Antimalware
2014-08-19 15:54:41 -------- d-----w- C:\Users\Amber\AppData\Roaming\eCyber
2014-08-19 15:54:34 45248 ----a-w- C:\Windows\System32\drivers\iSafeKrnlBoot.sys
2014-08-19 15:54:33 -------- d-----w- C:\Windows\System32\log
2014-08-19 15:54:32 -------- d-----w- C:\Program Files (x86)\iSafe
2014-08-19 15:54:12 -------- d-----w- C:\Users\Amber\AppData\Roaming\iSafe
2014-08-15 20:17:52 -------- d-----w- C:\NBRT
2014-08-15 15:06:46 33512 ----a-w- C:\Windows\SysWow64\drivers\TrueSight.sys
2014-08-15 15:06:45 -------- d-----w- C:\ProgramData\RogueKiller
2014-08-15 12:12:20 -------- d-----w- C:\Users\Amber\AppData\Local\Adobe
2014-08-15 02:05:59 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-08-13 19:39:52 -------- d-----w- C:\ProgramData\HitmanPro
2014-08-13 19:22:35 -------- d-----w- C:\Windows\ERUNT
2014-08-13 19:16:53 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-08-13 19:16:23 -------- d-----w- C:\AdwCleaner
2014-08-11 00:19:11 -------- d-----w- C:\Users\Amber\AppData\Roaming\LavasoftStatistics
2014-08-11 00:18:33 -------- d-----w- C:\Program Files\Lavasoft
2014-08-11 00:17:35 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2014-08-10 23:17:42 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-08-10 23:17:41 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-08-10 23:17:38 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-10 03:38:09 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-10 03:37:53 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-10 03:37:53 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-10 03:37:53 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-10 03:37:53 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-10 03:37:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-10 03:37:00 -------- d-----w- C:\Users\Amber\AppData\Local\Programs
2014-08-10 03:28:02 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2014-08-10 03:27:59 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2014-08-10 03:27:59 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2014-08-10 03:27:44 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64\0700000.012
2014-08-10 03:27:44 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64
2014-08-10 03:27:44 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2014-08-09 23:47:23 -------- d-----w- C:\NPE
2014-08-09 23:45:45 -------- d-----w- C:\Users\Amber\AppData\Local\NPE
2014-08-09 17:34:01 875736 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\srtsp64.sys
2014-08-09 17:34:01 593112 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\symnets.sys
2014-08-09 17:34:01 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\symds64.sys
2014-08-09 17:34:01 36952 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\srtspx64.sys
2014-08-09 17:34:01 264280 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\ironx64.sys
2014-08-09 17:34:01 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\symelam.sys
2014-08-09 17:34:01 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\ccsetx64.sys
2014-08-09 17:34:01 1148120 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\symefa64.sys
2014-08-09 17:33:55 -------- d-----w- C:\Windows\System32\drivers\N360x64\1505000.013
2014-07-23 02:33:51 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
.
==================== Find3M  ====================
.
2014-08-15 02:24:18 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-15 02:24:18 699568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-07 02:06:41 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-07 02:01:34 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-16 03:25:04 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:24 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-16 02:12:11 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-12 07:52:08 986560 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-06 06:16:07 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-06-06 06:12:57 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 19:04:58.49 ===============

Attached Files


Edited by memorium, 19 August 2014 - 10:55 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 24 August 2014 - 09:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/545010 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 memorium

memorium
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 24 August 2014 - 11:06 PM

The problem is described clearly in the original post. Here are the new logs. Also, I do not have Windows discs per say, but I have recovery disks that came with this computer and I assume that they amount to the same thing.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239
Run by Amber at 21:04:56 on 2014-08-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8091.4223 [GMT -7:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Norton 360 Premier Edition *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 Premier Edition *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Norton 360 Premier Edition *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
c:\windows\system32\svchost.exe -k dcomlaunch
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Windows\system32\nvvsvc.exe
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k localservicenetworkrestricted
C:\Program Files (x86)\iSafe\iSafeSvc.exe
C:\Program Files (x86)\iSafe\iSafeSvc2.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
c:\windows\system32\svchost.exe -k localservice
c:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
c:\windows\system32\svchost.exe -k gpsvcgroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k networkservice
C:\Windows\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k wbiosvcgroup
C:\Windows\system32\taskhost.exe
c:\windows\system32\svchost.exe -k localservicenonetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\iSafe\iSafeTray.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\N360.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\N360.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
c:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\SearchIndexer.exe
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\iSafe\ipcdl.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\HP SimplePass\BioMonitor.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_176_ActiveX.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\ips\ipsbho.dll
BHO: HP SimplePass Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\coieplg.dll
TB: HP SimplePass Toolbar: {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\coieplg.dll
uRun: [Google Update] "C:\Users\Amber\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - 
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 178.62.21.137 162.243.207.106 75.75.75.75
TCP: Interfaces\{FDF8B930-6C39-4447-911A-E9C2635A35B3} : DHCPNameServer = 178.62.21.137 162.243.207.106 75.75.75.75
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - 
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs=  c:\windows\syswow64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {6032497A-4479-462B-ADB8-A0A372BB9A23} - msiexec /fu {6032497A-4479-462B-ADB8-A0A372BB9A23} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\ssvhaxvt.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Amber\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
FF - ExtSQL: 2014-08-17 13:01; firefox-hotfix@mozilla.org; C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\ssvhaxvt.default\extensions\firefox-hotfix@mozilla.org.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2011-12-5 16152]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-8 30056]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1505000.013\symds64.sys [2014-8-9 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1505000.013\symefa64.sys [2014-8-9 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\BASHDefs\20140816.001\BHDrvx64.sys [2014-8-15 1588016]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1505000.013\ccsetx64.sys [2014-8-9 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\IPSDefs\20140822.001\IDSviA64.sys [2014-8-22 525016]
R1 iSafeKrnl;iSafeKrnl Mini-Filter Driver;C:\Program Files (x86)\iSafe\iSafeKrnl.sys [2014-8-19 247488]
R1 iSafeKrnlKit;iSafeKrnl Kit Driver;C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [2014-8-19 78016]
R1 iSafeKrnlR3;iSafeKrnl Ring3 Driver;C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys [2014-8-19 65216]
R1 iSafeNetFilter;iSafeNetFilter NDIS Driver;C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [2014-8-19 49320]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1505000.013\ironx64.sys [2014-8-9 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1505000.013\symnets.sys [2014-8-9 593112]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2011-12-11 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-11-29 34872]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-4 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-6-4 128280]
R2 iSafeService;iSafeService;C:\Program Files (x86)\iSafe\iSafeSvc.exe [2014-8-19 118048]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-4 161560]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [2014-6-3 706864]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\n360.exe [2014-8-9 265040]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-8-10 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-8-10 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-8-10 171928]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-4 363800]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-8-15 142128]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-4 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2011-12-5 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2011-12-5 785688]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-9 25816]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-6-4 1813056]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-4 565352]
R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2011-10-13 20016]
R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2011-12-9 269640]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/06/04 16:50:46;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-9 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-9 860472]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
S3 iSafeKrnlBoot;iSafeKrnl Boot Driver;C:\Windows\System32\drivers\iSafeKrnlBoot.sys [2014-8-19 45248]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-9 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-6-4 259688]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-24 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-24 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-12 1255736]
.
=============== Created Last 30 ================
.
2014-08-20 01:55:36 -------- d-----w- C:\Users\Amber\AppData\Local\HP
2014-08-19 23:32:44 -------- d-----w- C:\Windows\Microsoft Antimalware
2014-08-19 15:54:41 -------- d-----w- C:\Users\Amber\AppData\Roaming\eCyber
2014-08-19 15:54:34 45248 ----a-w- C:\Windows\System32\drivers\iSafeKrnlBoot.sys
2014-08-19 15:54:33 -------- d-----w- C:\Windows\System32\log
2014-08-19 15:54:32 -------- d-----w- C:\Program Files (x86)\iSafe
2014-08-19 15:54:12 -------- d-----w- C:\Users\Amber\AppData\Roaming\iSafe
2014-08-15 20:17:52 -------- d-----w- C:\NBRT
2014-08-15 15:06:46 33512 ----a-w- C:\Windows\SysWow64\drivers\TrueSight.sys
2014-08-15 15:06:45 -------- d-----w- C:\ProgramData\RogueKiller
2014-08-15 12:12:20 -------- d-----w- C:\Users\Amber\AppData\Local\Adobe
2014-08-15 02:05:59 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-08-13 19:39:52 -------- d-----w- C:\ProgramData\HitmanPro
2014-08-13 19:22:35 -------- d-----w- C:\Windows\ERUNT
2014-08-13 19:16:53 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-08-13 19:16:23 -------- d-----w- C:\AdwCleaner
2014-08-11 00:19:11 -------- d-----w- C:\Users\Amber\AppData\Roaming\LavasoftStatistics
2014-08-11 00:18:33 -------- d-----w- C:\Program Files\Lavasoft
2014-08-11 00:17:35 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2014-08-10 23:17:42 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-08-10 23:17:41 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-08-10 23:17:38 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-10 03:38:09 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-10 03:37:53 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-10 03:37:53 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-10 03:37:53 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-10 03:37:53 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-10 03:37:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-10 03:37:00 -------- d-----w- C:\Users\Amber\AppData\Local\Programs
2014-08-10 03:28:02 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2014-08-10 03:27:59 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2014-08-10 03:27:59 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2014-08-10 03:27:44 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64\0700000.012
2014-08-10 03:27:44 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64
2014-08-10 03:27:44 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2014-08-09 23:47:23 -------- d-----w- C:\NPE
2014-08-09 23:45:45 -------- d-----w- C:\Users\Amber\AppData\Local\NPE
2014-08-09 17:34:01 875736 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\srtsp64.sys
2014-08-09 17:34:01 593112 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\symnets.sys
2014-08-09 17:34:01 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\symds64.sys
2014-08-09 17:34:01 36952 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\srtspx64.sys
2014-08-09 17:34:01 264280 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\ironx64.sys
2014-08-09 17:34:01 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\symelam.sys
2014-08-09 17:34:01 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\ccsetx64.sys
2014-08-09 17:34:01 1148120 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\symefa64.sys
2014-08-09 17:33:55 -------- d-----w- C:\Windows\System32\drivers\N360x64\1505000.013
.
==================== Find3M  ====================
.
2014-08-15 02:24:18 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-15 02:24:18 699568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-07 02:06:41 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-07 02:01:34 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-16 03:25:04 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:24 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-16 02:12:11 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-12 07:52:08 986560 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-06 06:16:07 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-06-06 06:12:57 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 21:05:22.11 ===============
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:10 PM

Posted 25 August 2014 - 09:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the  Scan  button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
 
IMPORTANT
 
  • If you click the Clean button all items listed in the report will be removed.
 
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
 
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the  Scan  button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===
 
Download the  version of this tool for your operating system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===
 
Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.
 
How is the computer running?
Wait for further instructions.


#5 memorium

memorium
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 25 August 2014 - 11:08 AM

A new tab opened and downloaded "Software_update" after ADW Cleaner rebooted my computer. It wanted to delete all of the iSafe files, but I believe that is part of YAC (Yet Another Cleaner). Here are the logs.

 

# AdwCleaner v3.308 - Report created 25/08/2014 at 08:52:14
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Amber - NEW-PRECIOUS
# Running from : C:\Users\Amber\Downloads\adwcleaner_3.308.exe
# Option : Clean
 
***** [ Services ] *****
 
[x] Not Deleted : iSafeKrnl
[x] Not Deleted : iSafeKrnlBoot
[x] Not Deleted : iSafeKrnlKit
[x] Not Deleted : iSafeKrnlR3
[x] Not Deleted : iSafeNetFilter
[x] Not Deleted : iSafeService
 
***** [ Files / Folders ] *****
 
[x] Not Deleted : C:\Program Files (x86)\iSafe
[x] Not Deleted : C:\Users\Amber\AppData\Local\Temp\iSafeRightKeyScan
[x] Not Deleted : C:\Users\Amber\AppData\Roaming\eCyber
[x] Not Deleted : C:\Users\Amber\AppData\Roaming\iSafe
Folder Deleted : C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
[x] Not Deleted : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
[x] Not Deleted : C:\Windows\System32\log\iSafeKrnlCall.log
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5411D116-5A37-47D4-B154-5F7FCD9062F0}
[x] Not Deleted : HKLM\SOFTWARE\iSafe
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v17.0 (en-US)
 
[ File : C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\ssvhaxvt.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk
 
*************************
 
AdwCleaner[R0].txt - [3019 octets] - [13/08/2014 12:16:36]
AdwCleaner[R1].txt - [1229 octets] - [15/08/2014 08:14:26]
AdwCleaner[R2].txt - [2282 octets] - [25/08/2014 08:45:38]
AdwCleaner[S0].txt - [3017 octets] - [13/08/2014 12:18:32]
AdwCleaner[S1].txt - [1294 octets] - [15/08/2014 08:15:17]
AdwCleaner[S2].txt - [2251 octets] - [25/08/2014 08:52:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2311 octets] ##########
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by Amber (administrator) on NEW-PRECIOUS on 25-08-2014 08:57:21
Running from C:\Users\Amber\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc2.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeTray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\n360.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\n360.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(HP) C:\Program Files (x86)\HP SimplePass\BioMonitor.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\iSafe\ipcdl.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-05] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-737546675-1009404535-226138185-1001\...\Run: [Google Update] => C:\Users\Amber\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-11] (Google Inc.)
HKU\S-1-5-21-737546675-1009404535-226138185-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-737546675-1009404535-226138185-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-737546675-1009404535-226138185-1001\...\RunOnce: [Application Restart #1] => C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-08-06] (Google Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0E456B4D00B5CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKCU - {FD40BDB3-63F5-479E-AF60-BF7D9526D679} URL = 
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: HP SimplePass Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - HP SimplePass Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
Tcpip\Parameters: [DhcpNameServer] 178.62.21.137 162.243.207.106 75.75.75.75
 
FireFox:
========
FF ProfilePath: C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\ssvhaxvt.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: about:home
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Amber\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Amber\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-08-17]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2014-08-17]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn [2014-08-25]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\IPSFF [2014-04-03]
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Docs) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-15]
CHR Extension: (Google Drive) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-15]
CHR Extension: (YouTube) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-15]
CHR Extension: (Google Search) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-15]
CHR Extension: (Norton Identity Safe) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-15]
CHR Extension: (Website Logon) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfgjjhcgfbfkkoelpepohanhmbhdanh [2014-08-15]
CHR Extension: (Google Wallet) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-15]
CHR Extension: (Gmail) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-15]
CHR HKLM-x32\...\Chrome\Extension: [jpfgjjhcgfbfkkoelpepohanhmbhdanh] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2011-12-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [260424 2011-12-11] (HP)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [118048 2014-08-07] (Elex do Brasil Participações Ltda)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [706864 2014-06-03] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\N360.exe [265040 2014-07-31] (Symantec Corporation)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [269640 2011-12-09] (AuthenTec, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\BASHDefs\20140816.001\BHDrvx64.sys [1588016 2014-08-15] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2014-02-24] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-08-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\IPSDefs\20140822.001\IDSvia64.sys [525016 2014-04-03] (Symantec Corporation)
R1 iSafeKrnl; C:\Program Files (x86)\iSafe\iSafeKrnl.sys [247488 2014-08-07] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45248 2014-08-07] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [78016 2014-08-07] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys [65216 2014-08-07] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [49320 2014-08-06] (Elex do Brasil Participações Ltda)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\VirusDefs\20140824.018\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\VirusDefs\20140824.018\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [20016 2011-10-13] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2013-10-29] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2013-10-29] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-08-15] ()
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-25 08:57 - 2014-08-25 08:57 - 00021041 _____ () C:\Users\Amber\Downloads\FRST.txt
2014-08-25 08:57 - 2014-08-25 08:57 - 00000000 ____D () C:\FRST
2014-08-25 08:56 - 2014-08-25 08:56 - 02103296 _____ (Farbar) C:\Users\Amber\Downloads\FRST64.exe
2014-08-25 08:43 - 2014-08-25 08:44 - 01364531 _____ () C:\Users\Amber\Downloads\adwcleaner_3.308.exe
2014-08-24 21:05 - 2014-08-24 21:05 - 00028910 _____ () C:\Users\Amber\Desktop\dds.txt
2014-08-24 21:05 - 2014-08-24 21:05 - 00010072 _____ () C:\Users\Amber\Desktop\attach.txt
2014-08-19 19:03 - 2014-08-19 19:03 - 00688992 ____R (Swearware) C:\Users\Amber\Downloads\dds.com
2014-08-19 18:55 - 2014-08-19 18:55 - 00000000 ____D () C:\Users\Amber\AppData\Local\HP
2014-08-19 16:32 - 2014-08-19 16:32 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-08-19 11:27 - 2014-08-19 11:27 - 00159578 _____ () C:\Users\Amber\Downloads\JavaRa-2.6.zip
2014-08-19 11:25 - 2014-08-19 11:25 - 00886288 _____ (Microsoft Corporation) C:\Users\Amber\Downloads\mssstool64.exe
2014-08-19 08:54 - 2014-08-25 08:53 - 00000000 ____D () C:\Program Files (x86)\iSafe
2014-08-19 08:54 - 2014-08-23 17:36 - 00000000 ____D () C:\Users\Amber\AppData\Roaming\iSafe
2014-08-19 08:54 - 2014-08-19 08:54 - 00001780 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-08-19 08:54 - 2014-08-19 08:54 - 00001780 _____ () C:\ProgramData\Desktop\YAC.lnk
2014-08-19 08:54 - 2014-08-19 08:54 - 00000000 ____D () C:\Windows\system32\log
2014-08-19 08:54 - 2014-08-19 08:54 - 00000000 ____D () C:\Users\Amber\AppData\Roaming\eCyber
2014-08-19 08:54 - 2014-08-19 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2014-08-19 08:54 - 2014-08-07 23:24 - 00045248 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-08-19 08:53 - 2014-08-19 08:53 - 12925224 _____ (Elex do Brasil Participações Ltda) C:\Users\Amber\Downloads\yet_another_cleaner_sk.exe
2014-08-18 14:55 - 2014-08-18 14:56 - 04991400 _____ (Adobe Systems Inc.) C:\Users\Amber\Downloads\Shockwave_Installer_Slim.exe
2014-08-18 14:53 - 2014-08-18 14:53 - 00918440 _____ (Oracle Corporation) C:\Users\Amber\Downloads\chromeinstall-7u67.exe
2014-08-18 11:29 - 2014-08-19 14:02 - 00000000 ____D () C:\Program Files\Java
2014-08-18 11:29 - 2014-08-18 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-08-18 11:19 - 2014-08-18 11:21 - 162831776 _____ (Oracle Corporation) C:\Users\Amber\Downloads\jdk-8u11-windows-x64.exe
2014-08-17 14:21 - 2014-08-17 14:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-16 21:46 - 2014-08-16 21:46 - 00000000 ____D () C:\Users\Amber\AppData\Roaming\Oracle
2014-08-16 21:45 - 2014-08-16 21:45 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-15 13:17 - 2014-08-15 13:17 - 00000000 ____D () C:\NBRT
2014-08-15 08:35 - 2014-08-15 08:35 - 01016261 _____ (Thisisu) C:\Users\Amber\Downloads\kkj.exe
2014-08-15 08:06 - 2014-08-15 08:06 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-15 08:06 - 2014-08-15 08:06 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-15 07:54 - 2014-08-19 11:30 - 00002956 _____ () C:\Users\Amber\Desktop\Rkill.txt
2014-08-15 07:50 - 2014-08-15 07:50 - 04851288 _____ () C:\Users\Amber\Downloads\RogueKiller.exe
2014-08-15 07:49 - 2014-08-15 07:49 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Amber\Downloads\rkill.exe
2014-08-15 07:48 - 2014-08-15 07:49 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Amber\Downloads\tdsskiller.exe
2014-08-15 05:12 - 2014-08-25 08:49 - 00000000 ____D () C:\Users\Amber\AppData\Local\Adobe
2014-08-14 19:07 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 19:07 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 19:07 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 19:07 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 19:07 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 19:07 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 19:07 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 19:07 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 19:07 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 19:07 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 19:07 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 19:07 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 19:07 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 19:07 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 19:07 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 19:07 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 19:07 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 19:07 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 19:07 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 19:07 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 19:07 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 19:07 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 19:07 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 19:07 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 19:07 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 19:07 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 19:07 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 19:07 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 19:07 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 19:07 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 19:07 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 19:07 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 19:07 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 19:07 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 19:07 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 19:07 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 19:07 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 19:07 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 19:07 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 19:07 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 19:07 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 19:07 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 19:07 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 19:06 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 19:06 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 19:06 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 19:06 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 19:06 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 19:06 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 19:06 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 19:06 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 19:06 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 19:06 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 19:06 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 19:06 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 19:06 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 19:06 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 19:06 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 19:06 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 19:06 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 19:06 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 19:06 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 19:06 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 19:06 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 19:06 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 19:06 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 19:05 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 19:05 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 19:05 - 2014-07-15 20:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 19:05 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 19:05 - 2014-07-15 19:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 19:05 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 19:05 - 2014-07-15 19:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 19:05 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 19:05 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 19:05 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 19:05 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 19:05 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 19:05 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 19:05 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 19:05 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 19:05 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 19:05 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 19:05 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 19:05 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 19:05 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 19:05 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 19:05 - 2014-06-12 00:52 - 00986560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 19:05 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 19:05 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 19:05 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 19:05 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 19:05 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 19:05 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 19:05 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 12:39 - 2014-08-13 12:49 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-13 12:22 - 2014-08-13 12:22 - 00000000 ____D () C:\Windows\ERUNT
2014-08-13 12:16 - 2014-08-25 08:52 - 00000000 ____D () C:\AdwCleaner
2014-08-13 12:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-13 12:15 - 2014-08-13 12:15 - 00127730 _____ () C:\Users\Amber\Documents\cc_20140813_121532.reg
2014-08-13 11:54 - 2014-08-13 11:55 - 11188736 _____ (SurfRight B.V.) C:\Users\Amber\Downloads\HitmanPro_x64.exe
2014-08-10 17:26 - 2014-08-10 17:26 - 00000000 ____D () C:\Users\Amber\AppData\Roaming\Lavasoft
2014-08-10 17:19 - 2014-08-25 08:53 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-08-10 17:19 - 2014-08-25 08:53 - 00002305 _____ () C:\ProgramData\Desktop\Ad-Aware Antivirus.lnk
2014-08-10 17:19 - 2014-08-10 17:19 - 00000000 ____D () C:\Users\Amber\AppData\Roaming\LavasoftStatistics
2014-08-10 17:19 - 2014-08-10 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-08-10 17:18 - 2014-08-10 17:18 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-10 17:17 - 2014-08-10 17:17 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-08-10 17:17 - 2014-08-10 17:17 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-08-10 17:16 - 2014-08-10 17:16 - 01707144 _____ () C:\Users\Amber\Downloads\Adaware_Installer.exe
2014-08-10 16:39 - 2014-08-10 16:49 - 00000183 _____ () C:\Windows\wininit.ini
2014-08-10 16:17 - 2014-08-10 16:39 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-10 16:17 - 2014-08-10 16:19 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-10 16:17 - 2014-08-10 16:17 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-10 16:17 - 2014-08-10 16:17 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-10 16:17 - 2014-08-10 16:17 - 00001379 _____ () C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk
2014-08-10 16:17 - 2014-08-10 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-10 16:17 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-10 16:16 - 2014-08-10 16:16 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Amber\Downloads\spybot-2.4.exe
2014-08-09 20:38 - 2014-08-15 08:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-09 20:37 - 2014-08-13 18:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-09 20:37 - 2014-08-09 20:37 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-09 20:37 - 2014-08-09 20:37 - 00001102 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-09 20:37 - 2014-08-09 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-09 20:37 - 2014-08-09 20:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-09 20:37 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-09 20:37 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-09 20:37 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-09 20:33 - 2014-08-09 20:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Amber\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 20:28 - 2012-07-25 22:32 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-08-09 20:27 - 2014-08-09 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
2014-08-09 20:27 - 2014-08-09 20:27 - 00000000 ____D () C:\Windows\system32\Drivers\NBRTWizardx64
2014-08-09 20:27 - 2014-08-09 20:27 - 00000000 ____D () C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2014-08-09 20:27 - 2012-07-25 22:32 - 00125872 _____ (GEAR Software Inc.) C:\Windows\system32\GEARAspi64.dll
2014-08-09 20:27 - 2012-07-25 22:32 - 00106928 _____ (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2014-08-09 20:23 - 2014-08-09 20:23 - 01022080 _____ (Symantec Corporation) C:\Users\Amber\Downloads\NBRT-Retail-Downloader.exe
2014-08-09 16:54 - 2014-08-09 16:54 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-08-09 16:47 - 2014-08-15 11:38 - 00000000 ____D () C:\NPE
2014-08-09 16:45 - 2014-08-15 11:45 - 00000000 ____D () C:\Users\Amber\AppData\Local\NPE
2014-08-03 14:15 - 2014-08-03 18:46 - 00001004 _____ () C:\Users\Amber\Documents\Motif Hotel Seattle.txt
2014-08-03 08:59 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 08:59 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 08:59 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 08:59 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-03 08:59 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-03 08:59 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-03 08:59 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-03 08:59 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-03 08:59 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-03 08:59 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 08:59 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 08:59 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-03 08:59 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 08:59 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-03 00:33 - 2014-08-03 00:33 - 00000100 _____ () C:\Users\Amber\Documents\Seattle Hotes.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-25 08:57 - 2014-08-25 08:57 - 00021041 _____ () C:\Users\Amber\Downloads\FRST.txt
2014-08-25 08:57 - 2014-08-25 08:57 - 00000000 ____D () C:\FRST
2014-08-25 08:57 - 2012-06-11 13:25 - 01860406 _____ () C:\Windows\WindowsUpdate.log
2014-08-25 08:56 - 2014-08-25 08:56 - 02103296 _____ (Farbar) C:\Users\Amber\Downloads\FRST64.exe
2014-08-25 08:53 - 2014-08-19 08:54 - 00000000 ____D () C:\Program Files (x86)\iSafe
2014-08-25 08:53 - 2014-08-10 17:19 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-08-25 08:53 - 2014-08-10 17:19 - 00002305 _____ () C:\ProgramData\Desktop\Ad-Aware Antivirus.lnk
2014-08-25 08:53 - 2012-06-12 16:40 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-08-25 08:53 - 2010-11-20 20:47 - 01030650 _____ () C:\Windows\PFRO.log
2014-08-25 08:53 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-25 08:53 - 2009-07-13 21:51 - 00128472 _____ () C:\Windows\setupact.log
2014-08-25 08:53 - 2009-07-13 21:45 - 05035464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 08:52 - 2014-08-13 12:16 - 00000000 ____D () C:\AdwCleaner
2014-08-25 08:49 - 2014-08-15 05:12 - 00000000 ____D () C:\Users\Amber\AppData\Local\Adobe
2014-08-25 08:46 - 2009-07-13 21:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-25 08:46 - 2009-07-13 21:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-25 08:45 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-25 08:44 - 2014-08-25 08:43 - 01364531 _____ () C:\Users\Amber\Downloads\adwcleaner_3.308.exe
2014-08-25 08:42 - 2012-06-11 13:28 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E11A167B-CA77-436A-BF8B-30EACFA26632}
2014-08-25 08:39 - 2012-12-25 13:50 - 00000000 ____D () C:\Users\Amber\AppData\Roaming\Skype
2014-08-25 00:05 - 2012-06-11 13:37 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-737546675-1009404535-226138185-1001UA.job
2014-08-24 21:05 - 2014-08-24 21:05 - 00028910 _____ () C:\Users\Amber\Desktop\dds.txt
2014-08-24 21:05 - 2014-08-24 21:05 - 00010072 _____ () C:\Users\Amber\Desktop\attach.txt
2014-08-24 14:05 - 2012-06-11 13:37 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-737546675-1009404535-226138185-1001Core.job
2014-08-24 01:49 - 2013-12-22 11:42 - 00015773 _____ () C:\Users\Amber\Documents\BoLModMuteRules.txt
2014-08-23 17:36 - 2014-08-19 08:54 - 00000000 ____D () C:\Users\Amber\AppData\Roaming\iSafe
2014-08-23 17:36 - 2013-10-20 13:26 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-08-23 09:04 - 2014-07-22 07:12 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAmber
2014-08-23 09:04 - 2014-07-22 07:12 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForAmber.job
2014-08-23 00:10 - 2013-01-05 23:15 - 00006255 _____ () C:\Users\Amber\Documents\Syrinx.txt
2014-08-22 21:56 - 2012-06-16 11:04 - 00000000 ____D () C:\Users\Amber\AppData\Local\CrashDumps
2014-08-19 19:03 - 2014-08-19 19:03 - 00688992 ____R (Swearware) C:\Users\Amber\Downloads\dds.com
2014-08-19 18:55 - 2014-08-19 18:55 - 00000000 ____D () C:\Users\Amber\AppData\Local\HP
2014-08-19 16:32 - 2014-08-19 16:32 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-08-19 14:02 - 2014-08-18 11:29 - 00000000 ____D () C:\Program Files\Java
2014-08-19 11:30 - 2014-08-15 07:54 - 00002956 _____ () C:\Users\Amber\Desktop\Rkill.txt
2014-08-19 11:27 - 2014-08-19 11:27 - 00159578 _____ () C:\Users\Amber\Downloads\JavaRa-2.6.zip
2014-08-19 11:25 - 2014-08-19 11:25 - 00886288 _____ (Microsoft Corporation) C:\Users\Amber\Downloads\mssstool64.exe
2014-08-19 09:04 - 2012-07-17 21:14 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-19 09:04 - 2012-06-11 15:36 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-19 08:54 - 2014-08-19 08:54 - 00001780 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-08-19 08:54 - 2014-08-19 08:54 - 00001780 _____ () C:\ProgramData\Desktop\YAC.lnk
2014-08-19 08:54 - 2014-08-19 08:54 - 00000000 ____D () C:\Windows\system32\log
2014-08-19 08:54 - 2014-08-19 08:54 - 00000000 ____D () C:\Users\Amber\AppData\Roaming\eCyber
2014-08-19 08:54 - 2014-08-19 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2014-08-19 08:53 - 2014-08-19 08:53 - 12925224 _____ (Elex do Brasil Participações Ltda) C:\Users\Amber\Downloads\yet_another_cleaner_sk.exe
2014-08-18 14:56 - 2014-08-18 14:55 - 04991400 _____ (Adobe Systems Inc.) C:\Users\Amber\Downloads\Shockwave_Installer_Slim.exe
2014-08-18 14:56 - 2014-02-25 19:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-18 14:56 - 2012-02-23 20:34 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-08-18 14:53 - 2014-08-18 14:53 - 00918440 _____ (Oracle Corporation) C:\Users\Amber\Downloads\chromeinstall-7u67.exe
2014-08-18 11:29 - 2014-08-18 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-08-18 11:21 - 2014-08-18 11:19 - 162831776 _____ (Oracle Corporation) C:\Users\Amber\Downloads\jdk-8u11-windows-x64.exe
2014-08-17 14:21 - 2014-08-17 14:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-16 21:46 - 2014-08-16 21:46 - 00000000 ____D () C:\Users\Amber\AppData\Roaming\Oracle
2014-08-16 21:45 - 2014-08-16 21:45 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-15 18:09 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-15 13:17 - 2014-08-15 13:17 - 00000000 ____D () C:\NBRT
2014-08-15 11:45 - 2014-08-09 16:45 - 00000000 ____D () C:\Users\Amber\AppData\Local\NPE
2014-08-15 11:38 - 2014-08-09 16:47 - 00000000 ____D () C:\NPE
2014-08-15 08:35 - 2014-08-15 08:35 - 01016261 _____ (Thisisu) C:\Users\Amber\Downloads\kkj.exe
2014-08-15 08:24 - 2014-08-09 20:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-15 08:06 - 2014-08-15 08:06 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-15 08:06 - 2014-08-15 08:06 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-15 07:50 - 2014-08-15 07:50 - 04851288 _____ () C:\Users\Amber\Downloads\RogueKiller.exe
2014-08-15 07:49 - 2014-08-15 07:49 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Amber\Downloads\rkill.exe
2014-08-15 07:49 - 2014-08-15 07:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Amber\Downloads\tdsskiller.exe
2014-08-15 06:07 - 2013-04-14 09:13 - 00002326 _____ () C:\Users\Amber\Desktop\Google Chrome.lnk
2014-08-14 19:24 - 2012-02-23 20:25 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 19:24 - 2012-02-23 20:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 19:20 - 2013-03-26 07:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-14 19:20 - 2013-03-26 07:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-14 19:19 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 19:18 - 2013-04-13 23:47 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-08-14 19:18 - 2013-04-13 23:47 - 00002019 _____ () C:\ProgramData\Desktop\Adobe Reader X.lnk
2014-08-14 19:18 - 2012-02-23 20:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-08-14 19:16 - 2012-06-12 16:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 19:13 - 2013-08-14 07:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 19:11 - 2012-06-18 07:06 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 19:10 - 2013-03-26 07:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-14 19:07 - 2014-06-12 22:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 18:55 - 2014-08-09 20:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-13 12:49 - 2014-08-13 12:39 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-13 12:22 - 2014-08-13 12:22 - 00000000 ____D () C:\Windows\ERUNT
2014-08-13 12:15 - 2014-08-13 12:15 - 00127730 _____ () C:\Users\Amber\Documents\cc_20140813_121532.reg
2014-08-13 11:55 - 2014-08-13 11:54 - 11188736 _____ (SurfRight B.V.) C:\Users\Amber\Downloads\HitmanPro_x64.exe
2014-08-13 11:33 - 2012-02-23 20:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers
2014-08-10 17:26 - 2014-08-10 17:26 - 00000000 ____D () C:\Users\Amber\AppData\Roaming\Lavasoft
2014-08-10 17:19 - 2014-08-10 17:19 - 00000000 ____D () C:\Users\Amber\AppData\Roaming\LavasoftStatistics
2014-08-10 17:19 - 2014-08-10 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-08-10 17:18 - 2014-08-10 17:18 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-10 17:17 - 2014-08-10 17:17 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-08-10 17:17 - 2014-08-10 17:17 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-08-10 17:16 - 2014-08-10 17:16 - 01707144 _____ () C:\Users\Amber\Downloads\Adaware_Installer.exe
2014-08-10 16:49 - 2014-08-10 16:39 - 00000183 _____ () C:\Windows\wininit.ini
2014-08-10 16:39 - 2014-08-10 16:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-10 16:19 - 2014-08-10 16:17 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-10 16:17 - 2014-08-10 16:17 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-10 16:17 - 2014-08-10 16:17 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-10 16:17 - 2014-08-10 16:17 - 00001379 _____ () C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk
2014-08-10 16:17 - 2014-08-10 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-10 16:16 - 2014-08-10 16:16 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Amber\Downloads\spybot-2.4.exe
2014-08-09 21:38 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Cursors
2014-08-09 21:37 - 2012-06-12 16:40 - 00000000 ____D () C:\Windows\AutoKMS
2014-08-09 20:37 - 2014-08-09 20:37 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-09 20:37 - 2014-08-09 20:37 - 00001102 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-09 20:37 - 2014-08-09 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-09 20:37 - 2014-08-09 20:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-09 20:34 - 2014-08-09 20:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Amber\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 20:28 - 2014-08-09 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
2014-08-09 20:28 - 2012-06-11 13:33 - 00000000 ____D () C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-08-09 20:28 - 2012-06-04 16:47 - 00000000 ____D () C:\ProgramData\Norton
2014-08-09 20:27 - 2014-08-09 20:27 - 00000000 ____D () C:\Windows\system32\Drivers\NBRTWizardx64
2014-08-09 20:27 - 2014-08-09 20:27 - 00000000 ____D () C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2014-08-09 20:24 - 2014-04-03 13:49 - 00001336 _____ () C:\Users\Amber\Desktop\Norton Installation Files.lnk
2014-08-09 20:24 - 2012-06-11 13:33 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-08-09 20:23 - 2014-08-09 20:23 - 01022080 _____ (Symantec Corporation) C:\Users\Amber\Downloads\NBRT-Retail-Downloader.exe
2014-08-09 19:43 - 2013-03-08 20:45 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-09 16:54 - 2014-08-09 16:54 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-08-09 16:49 - 2014-04-03 13:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 Premier Edition
2014-08-09 16:49 - 2012-06-11 13:36 - 00003238 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-08-09 16:49 - 2012-06-11 13:36 - 00002495 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-08-09 16:49 - 2012-06-11 13:36 - 00002495 _____ () C:\ProgramData\Desktop\Norton 360.lnk
2014-08-09 16:49 - 2012-06-11 13:36 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-08-09 16:47 - 2012-06-12 16:40 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-08-07 23:24 - 2014-08-19 08:54 - 00045248 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-08-06 19:06 - 2014-08-14 19:05 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 19:01 - 2014-08-14 19:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-03 18:46 - 2014-08-03 14:15 - 00001004 _____ () C:\Users\Amber\Documents\Motif Hotel Seattle.txt
2014-08-03 00:33 - 2014-08-03 00:33 - 00000100 _____ () C:\Users\Amber\Documents\Seattle Hotes.txt
2014-07-31 16:41 - 2014-08-14 19:07 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 16:16 - 2014-08-14 19:07 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-26 16:28 - 2012-06-04 16:48 - 00000000 ____D () C:\Program Files (x86)\HP SimplePass
 
Some content of TEMP:
====================
C:\Users\Amber\AppData\Local\Temp\Quarantine.exe
C:\Users\Amber\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-17 17:52
 
==================== End Of Log ============================

 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:10 PM

Posted 26 August 2014 - 07:40 AM

It wanted to delete all of the iSafe files, but I believe that is part of YAC (Yet Another Cleaner). Here are the logs.

Our recommendation is to remove this program.

Remove it using the Add/Remove program listed under
Yet Another Cleaner! (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION

===

Run this fix to complete the removal.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-737546675-1009404535-226138185-1001\...\Run: [AdobeBridge] => [X]
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
R2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [118048 2014-08-07] (Elex do Brasil Participações Ltda)
R1 iSafeKrnl; C:\Program Files (x86)\iSafe\iSafeKrnl.sys [247488 2014-08-07] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45248 2014-08-07] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [78016 2014-08-07] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys [65216 2014-08-07] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [49320 2014-08-06] (Elex do Brasil Participações Ltda)
AlternateDataStreams: C:\ProgramData\Temp:6AF67671
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#7 memorium

memorium
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 28 August 2014 - 06:50 PM

I was away for a couple of days. Here are the logs.

 

While running Security Check as an administrator, I received an error about a line not being able to run or something to that effect.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-08-2014
Ran by Amber at 2014-08-28 16:45:10 Run:1
Running from C:\Users\Amber\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-737546675-1009404535-226138185-1001\...\Run: [AdobeBridge] => [X]
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
R2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [118048 2014-08-07] (Elex do Brasil Participações Ltda)
R1 iSafeKrnl; C:\Program Files (x86)\iSafe\iSafeKrnl.sys [247488 2014-08-07] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45248 2014-08-07] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [78016 2014-08-07] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys [65216 2014-08-07] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [49320 2014-08-06] (Elex do Brasil Participações Ltda)
AlternateDataStreams: C:\ProgramData\Temp:6AF67671
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe
 
End
*****************
 
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
HKU\S-1-5-21-737546675-1009404535-226138185-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
iSafeService => Service not found.
iSafeKrnl => Service not found.
iSafeKrnlBoot => Service not found.
iSafeKrnlKit => Service not found.
iSafeKrnlR3 => Service not found.
iSafeNetFilter => Service not found.
C:\ProgramData\Temp => ":6AF67671" ADS removed successfully.
C:\Program Files (x86)\iSafe => No running process found
 
==== End of Fixlog ====
 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Ad-Aware Antivirus           
Norton 360 Premier Edition   
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Adobe Reader 10.1.11 Adobe Reader out of Date!  
 Mozilla Firefox 17.0 Firefox out of Date!  
 Google Chrome 36.0.1985.125  
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 4% 
````````````````````End of Log`````````````````````` 
 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:10 PM

Posted 29 August 2014 - 07:10 AM

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 memorium

memorium
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 29 August 2014 - 11:34 PM

I updated Adobe Reader, then I checked to make sure there were no earlier versions and there were none. I then closed Chrome, reopened it, and minutes later a new tab opened by itself, showing some ad for a media player of some sort. It is sadly not resolved yet.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:10 PM

Posted 30 August 2014 - 07:06 AM

Click on the Customize and Control Google Chrome Select Settings
p22003758.gif
On Start up > Set pages
Remove any links you do not wish to open at start up.

If that fails to solve your problem click on the Advanced settings link in the bottom and Reset the Browser settings.
===

#11 memorium

memorium
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 31 August 2014 - 12:42 PM

My home page was set to open a new tab, so I reset my browser settings again, close and reopened the browser, and an ad popped up again.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:10 PM

Posted 01 September 2014 - 06:57 AM


Your Chrome profile or Preferences files may be the cause of this.

You can Delete and reinstall chrome.

I would remove Chrome using the Add/Remove Programs.
Restart the computer normally.
Re-install Chrome.

Save your Bookmarks before proceeding.
https://support.google.com/chrome/answer/96816?hl=en

They can be imported back to the new version.
===

OR

Create a new browser user profile.
Refer to this page.

https://support.google.com/chrome/answer/142059

===

Keep me posted.

#13 memorium

memorium
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 01 September 2014 - 11:53 AM

I uninstalled Chrome, restarted the computer, then reinstalled Chrome. The pop-ups are still happening, and I should also point out that they happen in all three browsers.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:10 PM

Posted 01 September 2014 - 12:38 PM

Your router may possibly be infected. If using one then proceed.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html


How To Set Up a Network Router
http://compnetworking.about.com/od/homenetworking/ht/routerconfigure.htm

===

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

If that fails to remove the Redirects try this.
...

Reset all you Browsers.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Internet Explorer:
Menu > Tools > Internet Options > General Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

How is it now?

#15 memorium

memorium
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 03 September 2014 - 08:57 PM

It looks like resetting the router (and doing the rest of the stuff described in your post) fixed the problem. I thought a while ago that the router was a likely suspect, given that the program were not finding any malware, but then I read that it was very rare and that it happened to router with weak passwords. Mine has always had a long, complex password, so I did not dig any deeper.

 

Thank you for your help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users