Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dllhost.exe*32


  • This topic is locked This topic is locked
16 replies to this topic

#1 techpriest099

techpriest099

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 09 October 2014 - 12:31 PM

recently my parents computer is running extremely slow, and hte HDD is filling up task manager reveals when logged on to a specific user that there are multiple instances of Dllhost.exe*32 running, Running Malwarebytes doesnt find anything 

 



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:46 PM

Posted 11 October 2014 - 07:42 PM

Please download the appropriate version of Farbar Recovery Scan Tool (FRST.exe) from here:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ (for 32bit systems)
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ (for 64bit systems)
save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 techpriest099

techpriest099
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 14 October 2014 - 08:39 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-10-2014
Ran by Hoss (administrator) on THESUN on 14-10-2014 20:27:18
Running from C:\Users\Hoss\Desktop
Loaded Profiles: Norma & Hoss (Available profiles: Norma & Dad & Aaron & Hoss & Todd & UpdatusUser & Mary J)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Flexera Software, Inc.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1320469461\ee\aolsoftware.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
() C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
() C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AOL LLC) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.6\waol.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Flexera Software, Inc.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.6\waol.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1320469461\ee\aolsoftware.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
() C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
() C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1320469461\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [307200 2011-06-15] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300472 2010-05-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-03-03] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2010-12-23] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG)
HKLM-x32\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe [293360 2011-07-13] (Rovi Corporation)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe [84464 2011-07-08] ()
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe [506352 2011-06-12] ()
HKLM-x32\...\Run: [{64ccf24e-ba9d-2db1-1ffa-beb8c25d8151}] => "C:\ProgramData\Microsoft\{64ccf24e-ba9d-2db1-1ffa-beb8c25d8151}\{64ccf24e-ba9d-2db1-1ffa-beb8c25d8151}.exe"
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2014-08-07] (alch)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3746852212-3520548824-1429738255-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKU\S-1-5-21-3746852212-3520548824-1429738255-1000\...\Run: [2573983726] => C:\Windows\system32\rundll32.exe "c:\users\norma\appdata\roaming\1235082616\ethernethelper.dll",DllRegisterServer
HKU\S-1-5-21-3746852212-3520548824-1429738255-1000\...\Run: [SupporterBeerware] => C:\Windows\system32\rundll32.exe "C:\Users\Norma\AppData\Local\SupporterBeerware\SupporterBeerware.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-3746852212-3520548824-1429738255-1000\...\Run: [Dfguzsugqlr] => rundll32.exe "C:\Users\Norma\AppData\Local\Temp\\1e7c\AppData\Local\Microsoft\Dfguzsugqlr.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-3746852212-3520548824-1429738255-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE [42320 2011-04-25] (AOL Inc.)
HKU\S-1-5-21-3746852212-3520548824-1429738255-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-21-3746852212-3520548824-1429738255-1003\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKU\S-1-5-21-3746852212-3520548824-1429738255-1003\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [468192 2014-09-01] (Sony)
HKU\S-1-5-21-3746852212-3520548824-1429738255-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-08] (SUPERAntiSpyware)
HKU\S-1-5-21-3746852212-3520548824-1429738255-1003\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE [42320 2011-04-25] (AOL Inc.)
HKU\S-1-5-21-3746852212-3520548824-1429738255-1003\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-3746852212-3520548824-1429738255-1003\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d7thmqv2.lnk
ShortcutTarget: d7thmqv2.lnk -> C:\PROGRA~3\\2vqmht7d.jss (No File)
Startup: C:\Users\Norma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk -> C:\Users\Hoss\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
Startup: C:\Users\Norma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Utilman.lnk
ShortcutTarget: Utilman.lnk -> C:\Users\Hoss\AppData\Roaming\Microsoft\Windows\IEUpdate\Utilman.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x157928CFA9A0CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
 
FireFox:
========
FF ProfilePath: C:\Users\Hoss\AppData\Roaming\Mozilla\Firefox\Profiles\2t6f8gw0.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-06-08]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-04]
CHR Extension: (Bejeweled) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-10-09]
CHR Extension: (Angry Birds) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-10-09]
CHR Extension: (Google Docs) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-17]
CHR Extension: (Google Drive) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-17]
CHR Extension: (Last.fm free music player) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbncpldmanoknoahidbgmkgobgmhnafh [2014-10-09]
CHR Extension: (WiBit) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejaaogemoligmkbmeafkhnaegkggihf [2014-10-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-30]
CHR Extension: (YouTube) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-17]
CHR Extension: (Adblock Plus) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-09]
CHR Extension: (Slacker Radio) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckngegfcpnbbcejpfnakcdcjgigaiole [2014-10-09]
CHR Extension: (Google Search) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-17]
CHR Extension: (Google Sheets) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-04]
CHR Extension: (Readium) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2014-10-09]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2014-10-09]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-10-09]
CHR Extension: (Oogle) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf [2014-10-09]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-10-09]
CHR Extension: (Dropbox) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-10-09]
CHR Extension: (KingsRoad) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbcbablgmkkdnioiekpgjfacejkfomlg [2014-10-09]
CHR Extension: (Google Wallet) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-11]
CHR Extension: (Blue Space Sunset Chrome Theme) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndfdjfoclbidmgpmbelcieibgjjfdog [2014-10-09]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-03-17]
CHR Extension: (Gmail) - C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-17]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2011-02-09] ()
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [21488 2011-07-15] ()
S4 BOTService; C:\Program Files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe [211440 2011-07-14] (Rovi Corporation)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-07-19] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-19] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1095664 2011-07-13] (Rovi Corporation)
S2 RoxWatch12; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [340976 2011-07-13] (Rovi Corporation)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [569024 2014-02-07] (Valve Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-26] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SysCow; C:\Windows\System32\drivers\syscowad64v.sys [164848 2010-05-23] (Sonic Solutions)
R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
U2 SBKUPNT; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-14 20:27 - 2014-10-14 20:29 - 00027371 _____ () C:\Users\Hoss\Desktop\FRST.txt
2014-10-14 20:27 - 2014-10-14 20:27 - 00000000 ____D () C:\FRST
2014-10-14 20:26 - 2014-10-14 20:26 - 02110464 _____ (Farbar) C:\Users\Hoss\Desktop\FRST64.exe
2014-10-09 12:24 - 2014-10-09 13:10 - 00017557 _____ () C:\Users\Hoss\Desktop\dds.txt
2014-10-09 12:24 - 2014-10-09 13:10 - 00012238 _____ () C:\Users\Hoss\Desktop\attach.txt
2014-10-09 12:22 - 2014-10-09 12:22 - 00712656 _____ ( ) C:\Users\Hoss\Downloads\FileOpenerSetup.exe
2014-10-09 12:22 - 2014-10-09 12:22 - 00688992 ____R (Swearware) C:\Users\Hoss\Downloads\dds.com
2014-10-09 12:18 - 2014-10-09 12:18 - 19362952 _____ (IObit ) C:\Users\Hoss\Downloads\imfv2-setup-for-review.exe
2014-10-09 12:18 - 2014-10-09 12:18 - 19362952 _____ (IObit ) C:\Users\Hoss\Downloads\imfv2-setup-for-review (1).exe
2014-10-09 11:10 - 2014-10-09 11:10 - 00000000 ____D () C:\Users\Norma\AppData\Roaming\SUPERAntiSpyware.com
2014-10-04 16:20 - 2014-10-04 16:20 - 00000000 ____D () C:\Users\Hoss\Downloads\backups
2014-10-04 16:06 - 2014-10-04 16:12 - 00013862 _____ () C:\Users\Hoss\Downloads\hijackthis.log
2014-10-04 16:05 - 2014-10-04 16:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hoss\Downloads\HijackThis.exe
2014-09-28 15:05 - 2014-09-28 15:05 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\AOL
2014-09-25 16:40 - 2014-09-25 16:41 - 00000000 _____ () C:\Users\Mary J\Documents\Nuance Image Printer Writer Port
2014-09-25 16:40 - 2014-09-25 16:40 - 00000000 ____D () C:\Users\Mary J\AppData\Roaming\Zeon
2014-09-25 16:40 - 2014-09-25 16:40 - 00000000 ____D () C:\Users\Mary J\AppData\Roaming\Nuance
2014-09-24 15:15 - 2014-09-24 15:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 09:51 - 2014-09-25 11:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-09-19 08:30 - 2014-09-19 08:31 - 00000000 ____D () C:\Users\Mary J\AppData\Roaming\Mozilla
2014-09-19 08:30 - 2014-09-19 08:31 - 00000000 ____D () C:\Users\Mary J\AppData\Local\Mozilla
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-14 20:30 - 2014-09-03 13:06 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-14 20:29 - 2011-11-12 11:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-14 20:24 - 2014-08-07 09:13 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-14 20:23 - 2011-11-12 11:33 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-14 19:56 - 2014-07-09 14:56 - 00000292 _____ () C:\Windows\Tasks\Rocket Updater.job
2014-10-14 19:42 - 2012-06-22 12:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-10 18:07 - 2013-08-07 19:27 - 00288712 _____ () C:\Windows\DPINST.LOG
2014-10-10 18:06 - 2013-08-07 19:26 - 00002026 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-10-10 18:06 - 2013-08-07 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-10-10 18:06 - 2011-11-08 21:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-09 13:09 - 2009-07-13 23:45 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-09 13:09 - 2009-07-13 23:45 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-09 13:00 - 2012-07-05 17:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-09 13:00 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-09 13:00 - 2009-07-13 23:51 - 00017378 _____ () C:\Windows\setupact.log
2014-10-09 11:20 - 2011-11-11 15:13 - 00848712 _____ () C:\Windows\PFRO.log
2014-10-08 17:37 - 2011-11-05 00:08 - 00000000 ____D () C:\Users\Aaron
2014-10-04 16:40 - 2013-02-05 02:09 - 00000000 ____D () C:\Windows\Minidump
2014-10-04 15:58 - 2014-07-30 15:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-04 15:49 - 2011-11-05 16:30 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-04 15:48 - 2012-06-24 18:24 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
2014-10-04 15:39 - 2011-11-06 14:17 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\uTorrent
2014-10-04 15:28 - 2012-12-12 23:38 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Dropbox
2014-10-02 14:10 - 2011-11-05 16:30 - 00000967 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-10-02 14:10 - 2011-11-05 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-02 07:50 - 2014-08-11 11:10 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-25 18:59 - 2009-07-14 00:13 - 00779134 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 11:32 - 2012-05-19 15:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 20:20 - 2011-11-12 11:33 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 07:42 - 2012-06-22 12:30 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 07:42 - 2012-05-27 18:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 07:42 - 2011-11-05 00:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3746852212-3520548824-1429738255-1004\$f83701e612214b861be6a3237b866ed0
 
Files to move or delete:
====================
C:\ProgramData\d7thmqv2.fee
C:\ProgramData\d7thmqv2.odd
C:\ProgramData\d7thmqv2.reg
 
 
Some content of TEMP:
====================
C:\Users\Aaron\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprjset8.dll
C:\Users\Dad\AppData\Local\Temp\install_flashplayer11x64_mssd_aih.exe
C:\Users\Dad\AppData\Local\Temp\KMP_3.7.0.113.exe
C:\Users\Dad\AppData\Local\Temp\otigopr.dll
C:\Users\Dad\AppData\Local\Temp\txnovnt.dll
C:\Users\Hoss\AppData\Local\Temp\_is59F3.exe
C:\Users\Norma\AppData\Local\Temp\7Scj.dll
C:\Users\Norma\AppData\Local\Temp\eoprity.dll
C:\Users\Norma\AppData\Local\Temp\msqfzhx.dll
C:\Users\Norma\AppData\Local\Temp\wtvppdp.exe
C:\Users\Norma\AppData\Local\Temp\xqeagao.dll
C:\Users\Norma\AppData\Local\Temp\zezwirw.dll
C:\Users\Todd\AppData\Local\Temp\kzjabyw.dll
C:\Users\Todd\AppData\Local\Temp\Pterra.exe
C:\Users\Todd\AppData\Local\Temp\vookbxp.dll
C:\Users\Todd\AppData\Local\Temp\zrjlivi.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-06 00:00
 
==================== End Of Log ============================



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:46 PM

Posted 15 October 2014 - 10:07 AM

I'd like to see the Addition.txt as well if you could please attach it (it will be on the desktop)

Please do the following:

Download attached fixlist.txt file and save it to the Desktop.

Attached File  FixList.txt   1.41KB   8 downloads

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 techpriest099

techpriest099
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 21 October 2014 - 03:10 PM

the process was started this morning around 830 and the fixapp is still running at 3pm is that expected? 

 

Attached Files



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:46 PM

Posted 21 October 2014 - 05:25 PM

that does seem a little long.

Please run the following:

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 techpriest099

techpriest099
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 24 October 2014 - 10:08 AM

done

 

 

 

ComboFix 14-10-24.01 - Hoss 10/24/2014   9:24.2.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4030.2635 [GMT -5:00]
Running from: c:\users\Hoss\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-24 to 2014-10-24  )))))))))))))))))))))))))))))))
.
.
2014-10-24 14:45 . 2014-10-24 14:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-10-24 14:45 . 2014-10-24 14:45 -------- d-----w- c:\users\Todd\AppData\Local\temp
2014-10-24 14:45 . 2014-10-24 14:45 -------- d-----w- c:\users\Norma\AppData\Local\temp
2014-10-24 14:45 . 2014-10-24 14:45 -------- d-----w- c:\users\Mary J\AppData\Local\temp
2014-10-24 14:45 . 2014-10-24 14:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-24 14:45 . 2014-10-24 14:45 -------- d-----w- c:\users\Dad\AppData\Local\temp
2014-10-24 14:45 . 2014-10-24 14:45 -------- d-----w- c:\users\Aaron\AppData\Local\temp
2014-10-24 14:22 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-10-24 14:22 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-10-24 14:22 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-10-24 14:22 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-10-24 14:20 . 2014-05-14 14:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-10-24 14:20 . 2014-05-14 14:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-10-24 14:20 . 2014-05-14 14:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-10-24 14:20 . 2014-05-14 14:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-10-15 01:27 . 2014-10-21 13:14 -------- d-----w- C:\FRST
2014-10-09 16:10 . 2014-10-09 16:10 -------- d-----w- c:\users\Norma\AppData\Roaming\SUPERAntiSpyware.com
2014-09-28 20:05 . 2014-09-28 20:05 -------- d-----w- c:\users\Todd\AppData\Roaming\AOL
2014-09-25 21:40 . 2014-09-25 21:40 -------- d-----w- c:\users\Mary J\AppData\Roaming\Zeon
2014-09-25 21:40 . 2014-09-25 21:40 -------- d-----w- c:\users\Mary J\AppData\Roaming\Nuance
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-04 20:58 . 2014-07-30 20:01 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-24 12:42 . 2012-05-27 23:51 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 12:42 . 2011-11-05 05:12 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-08 03:05 . 2014-08-08 03:05 0 ----a-w- c:\users\Dad\AppData\Roaming\ixyqux.dll
2014-08-06 15:50 . 2014-08-06 15:50 123672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-05-21 324976]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2014-09-01 468192]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-10-08 7767832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files (x86)\Common Files\AOL\1320469461\ee\AOLSoftware.exe" [2010-03-08 41800]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-03-04 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-12-23 2629632]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2011-07-13 293360]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]
"CPMonitor"="c:\program files (x86)\Roxio 2012\5.0\CPMonitor.exe" [2011-07-08 84464]
"Desktop Disc Tool"="c:\program files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe" [2011-06-13 506352]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-08-25 5188112]
"ClamWin"="c:\program files (x86)\ClamWin\bin\ClamTray.exe" [2014-08-08 86016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 BOTService;BOTService;c:\program files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe;c:\program files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys;c:\windows\SYSNATIVE\Drivers\Sahdad64.sys [x]
S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys;c:\windows\SYSNATIVE\Drivers\Saibad64.sys [x]
S0 SysCow;SysCow;c:\windows\system32\drivers\syscowad64v.sys;c:\windows\SYSNATIVE\drivers\syscowad64v.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys;c:\windows\SYSNATIVE\Drivers\SaibVdAd64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-21 17:28 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 12:42]
.
2014-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 06:28]
.
2014-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 06:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - c:\program files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Hoss\AppData\Roaming\Mozilla\Firefox\Profiles\2t6f8gw0.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-24  09:49:12
ComboFix-quarantined-files.txt  2014-10-24 14:49
ComboFix2.txt  2014-10-24 13:56
.
Pre-Run: 66,796,953,600 bytes free
Post-Run: 66,575,970,304 bytes free
.
- - End Of File - - B8CD06CFE2EBE296D723F14EE71B079D
A36C5E4F47E84449FF07ED3517B43A31
 


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:46 PM

Posted 24 October 2014 - 10:19 AM

Open Malwarebytes:

  • On the Settings tab >Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> If an update is available, click the "Update Now" button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click "Apply Actions"
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • Attach the resulting log.
     
     
    NEXT


    Download AdwCleaner from here and save it to your desktop.
    • Run AdwCleaner and select Scan
    • If items are found, please select the Clean button
    • Once done it will ask to reboot, allow the reboot
    • On reboot a log will be produced, please attach the content of the log to your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 techpriest099

techpriest099
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 24 October 2014 - 11:54 AM

done

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/24/2014
Scan Time: 11:23:11 AM
Logfile: 10-24.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.10.24.06
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Hoss
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 583777
Time Elapsed: 16 min, 20 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
# AdwCleaner v4.001 - Report created 24/10/2014 at 11:47:46
# DB v2014-10-23.2
# Updated 20/10/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Hoss - THESUN
# Running from : C:\Users\Hoss\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Norma\AppData\Local\Rocket
Folder Deleted : C:\Users\Norma\AppData\Roaming\RocketUpdater
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\Users\Hoss\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop
File Deleted : C:\Users\Norma\AppData\Roaming\Mozilla\Firefox\Profiles\kn4qkqsz.default\user.js
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Rocket Updater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1518085A-ED17-437A-9E51-341796DA3170}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6765055A-6FA2-4A59-9BC1-E80167E690FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7471FDF2-F581-4FA6-9C73-F29EA897F4FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{77D804E7-4020-4D30-A0D1-029EF10E6AF8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85A57945-962A-43D6-82CF-E8018BAC91C2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8620341E-9F11-4EE4-AB73-C285D869A942}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{891B33F0-EB99-4AAF-9D69-4F9CC83FAEC9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BCD2900F-FAAD-459A-820E-6C7E34B62D31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1667F75-620F-4E30-B62C-8082372A0E5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C82BFE3F-4D68-4FD2-A524-4637AB22FC99}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7AB9FEB-10A3-4488-B455-DC9A70E22BC0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16736
 
 
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
 
 
-\\ Google Chrome v38.0.2125.104
 
 
*************************
 
AdwCleaner[R0].txt - [3643 octets] - [24/10/2014 11:43:24]
AdwCleaner[S0].txt - [3625 octets] - [24/10/2014 11:47:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3685 octets] ##########
 


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:46 PM

Posted 24 October 2014 - 12:12 PM

that looks a lot better.

 

How is the computer running now, are there any outstanding issues?

 

Please run the following:

 

please run a free online scan with the ESET Online Scanner

 

US Link: http://www.eset.com/us/online-scanner/

EU Link: http://www.eset.eu/online-scanner/

 

Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Attach the log as a reply to your next reply..
  • Close the ESET online scan, and let me know how things are now.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 techpriest099

techpriest099
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 08 November 2014 - 11:53 AM

eset scan complete, found over 7k threats most are filecoder.cr or some nonsense the text file is too big to attach and I cant cut and paste it

please advise



#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:46 PM

Posted 08 November 2014 - 01:54 PM

re-run it and allow ESET to remove the threats detected.

 

Please advise how the computer is running now and if there are any outstanding issues.


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 techpriest099

techpriest099
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 22 November 2014 - 07:10 PM

so my system is infected with cryptowall, from what I have read online there is no way to recover those files if you do not have a back up, can you confirm this am I royally screwed?



#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:46 PM

Posted 22 November 2014 - 07:18 PM

read these articles:
https://www.fox-it.com/en/press-releases/fireeye-fox-announce-new-service-help-cryptolocker-victims/
http://www.fireeye.com/blog/corporate/2014/08/your-locker-of-information-for-cryptolocker-decryption.html

then go here:
https://www.decryptcryptolocker.com/

check the thread here:
http://www.bleepingcomputer.com/forums/t/506924/cryptolocker-hijack-program/page-207#entry3441295



Were the ESET detections all related to cryptowall?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 techpriest099

techpriest099
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 22 November 2014 - 08:36 PM

the majority were movies and photos on an external HDD






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users