Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome Processes Virus?


  • This topic is locked This topic is locked
27 replies to this topic

#1 spaeaurouge

spaeaurouge

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 03 November 2014 - 10:16 PM

I also have the multiple Google Chrome processes in the background using 20-80% cpu. They don't run when I log in as a different user. So, they are only effecting one user account.

 

Logs attached...

 

Help!!!

Attached Files



BC AdBot (Login to Remove)

 


#2 spaeaurouge

spaeaurouge
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 04 November 2014 - 12:19 AM

Looks like Malwarebytes took care of it.

 

Anyone know what damage this might have caused. What is it doing???



#3 spaeaurouge

spaeaurouge
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 04 November 2014 - 08:01 PM

came back.

 

any chance I can get some help with this?



#4 spaeaurouge

spaeaurouge
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 04 November 2014 - 08:15 PM

similar symptoms, but no longer Google chrome listed as the processes description.

multiple cmd.exe*32 processes running and many IE application running but they cannot be closed (end task).

cpu at ~80% so computer is slow!!!! 

 

I ran malwarbytes anti-malware again and another 5 infected files found.

I an currently running mlwarebytes anti-rootkit and so far 6 malware files found.

 

what else can I do??? help...



#5 spaeaurouge

spaeaurouge
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 05 November 2014 - 11:07 AM

Beuller..... Beuller.....Beuller.......



#6 spaeaurouge

spaeaurouge
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 05 November 2014 - 09:21 PM

bump

any help here



#7 spaeaurouge

spaeaurouge
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 06 November 2014 - 07:08 PM

hello... anyone out there that wants to help me?

 

Well, I figured out what the virus did, which is to corrupt every photograph on my computer and added a html link https://paytordmbdekmizq.torsona.com/Lj3bca which I have not visited but assume they want money to decrypt their hack.

 

Fortunately, I have everything backed up!!! So, not really to worried about it, but do want to make sure the virus is gone!

 

any help appreciated



#8 spaeaurouge

spaeaurouge
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 06 November 2014 - 09:21 PM

help???????????????????????



#9 spaeaurouge

spaeaurouge
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 07 November 2014 - 01:27 AM

bump



#10 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:56 PM

Posted 09 November 2014 - 10:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554609 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#11 spaeaurouge

spaeaurouge
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 09 November 2014 - 09:00 PM

1. the virus is encrypting jpg files on my computer. I have run malwarebytes and it seems to work but the virus keeps coming back.

2. DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17088  BrowserJavaVersion: 10.67.2
Run by fire at 17:49:35 on 2014-11-09
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8173.5856 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Milestone\Milestone Surveillance\ImageImportService.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Milestone\Milestone Surveillance\ImageServer.exe
C:\Program Files (x86)\Milestone\Milestone Surveillance\ELFFLogCheckerService.exe
C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.ServiceControl.Service.exe
C:\MPICH2\bin\smpd.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Milestone\XProtect Mobile Server\VideoOS.MobileServer.Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://24.43.242.74/kxhcm10.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP10EP1-16277/webex/ieatgpc1.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{39915215-F6F8-44F6-8C12-5F0EB1FDE0A6} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{941E72AB-45BF-42F2-B9FD-C406DD939796} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{AC251586-620A-4407-8113-123019DB5830} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\fire\AppData\Roaming\Mozilla\Firefox\Profiles\8s2c90cc.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2010-9-19 23080]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-25 55280]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-29 238080]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-1 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-6-23 586880]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-6-22 21992]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-7-23 438616]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-3 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-3 968504]
R2 Milestone Image Import Service;Milestone Image Import Service;C:\Program Files (x86)\Milestone\Milestone Surveillance\ImageImportService.exe [2012-8-24 11387848]
R2 Milestone Image Server;Milestone Image Server;C:\Program Files (x86)\Milestone\Milestone Surveillance\ImageServer.exe [2012-8-24 13649336]
R2 Milestone Log Check Service;Milestone Log Check Service;C:\Program Files (x86)\Milestone\Milestone Surveillance\ELFFLogCheckerService.exe [2012-8-24 1185232]
R2 Milestone Service Control;Milestone Service Control;C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.ServiceControl.Service.exe [2012-8-24 22528]
R2 Milestone XProtect Mobile Service;Milestone XProtect Mobile Service;C:\Program Files (x86)\Milestone\XProtect Mobile Server\VideoOS.MobileServer.Service.exe [2012-8-23 257992]
R2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;C:\MPICH2\bin\smpd.exe [2011-9-1 1224192]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2010-12-2 1251840]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2010-12-8 122856]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2010-12-8 369640]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-13 96896]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-1-3 79240]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-1-3 15752]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-11-3 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-11-3 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-11-3 63704]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-21 452200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Milestone Recording Server;Milestone Recording Server;C:\Program Files (x86)\Milestone\Milestone Surveillance\RecordingServer.exe [2012-8-24 13083072]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-4-25 1431888]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2010-3-8 121800]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-7-17 125584]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 Spyder4;Datacolor Spyder4;C:\Windows\System32\drivers\dccmtr.sys [2011-7-12 15360]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-22 1255736]
S4 QuickBooksDB21;QuickBooksDB21;C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB21 --> C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB21 [?]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-11-10 01:00:27 -------- d-----w- C:\Kodak Temp
2014-11-09 20:38:37 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{41140FE5-CCF8-467A-B7CE-6A3B8D217C62}\mpengine.dll
2014-11-07 20:02:59 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-11-07 20:02:59 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5367582C-3042-47FB-9A9F-5AA98A500174}\gapaengine.dll
2014-11-07 20:02:45 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-06 17:23:48 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-11-06 17:23:46 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-11-06 16:15:49 -------- d-----w- C:\Windows\pss
2014-11-05 01:02:29 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-04 22:53:05 -------- d--h--w- C:\7807dae
2014-11-04 04:03:54 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-04 04:03:36 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-04 04:03:36 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-04 04:03:36 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-04 04:03:36 -------- d-----w- C:\ProgramData\Malwarebytes
2014-11-04 04:03:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-04 04:03:21 -------- d-----w- C:\Users\fire\AppData\Local\Programs
2014-11-04 03:10:07 -------- d-----w- C:\FRST
2014-11-04 01:48:51 -------- d-----w- C:\Users\fire\AppData\Local\Mozilla
2014-11-04 01:38:38 -------- d-----w- C:\Users\fire\AppData\Local\ATI
2014-11-02 21:56:51 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E8BB72F-78E1-45D0-8319-9D6183F6DD5E}\mpengine.dll
2014-10-22 20:40:01 -------- d--h--w- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
.
==================== Find3M  ====================
.
2014-10-30 11:25:26 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-08 01:14:57 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-16 00:13:36 737280 ----a-w- C:\Windows\iun6002.exe
2014-09-15 03:54:03 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-15 03:54:03 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-17 04:00:04 2239488 ----a-w- C:\Windows\System32\wininet.dll
2014-08-17 03:58:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-17 03:58:48 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-17 03:58:48 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-08-17 03:58:18 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-17 03:57:51 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-17 03:57:32 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-17 03:57:30 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-17 03:57:30 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-08-17 03:57:18 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-16 07:25:09 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-16 06:43:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-16 06:34:34 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-08-16 05:53:37 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
.
============= FINISH: 17:50:18.44 ===============

 

3. yes, I have win7 install disc.

 

Attached Files



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:56 PM

Posted 10 November 2014 - 09:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

====


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#13 spaeaurouge

spaeaurouge
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 10 November 2014 - 12:13 PM

Thank you!!!!!!!!!!!!!

 

ComboFix 14-11-10.02 - fire 11/10/2014   8:45.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8173.5972 [GMT -8:00]
Running from: c:\users\fire\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\uninstaller.exe
c:\users\mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8C608901-F50F-4B6F-8D95-312C750D3EEF}.xps
c:\users\mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\plot.log
c:\users\mark\AppData\Roaming\FrameworkUpdate7
c:\users\mark\AppData\Roaming\redline2stapler.tmp
c:\users\mark\g2mdlhlpx.exe
c:\windows\iun6002.exe
c:\windows\SysWow64\local.txt
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-10 to 2014-11-10  )))))))))))))))))))))))))))))))
.
.
2014-11-10 16:58 . 2014-11-10 16:58 -------- d-----w- c:\users\QBDataServiceUser21\AppData\Local\temp
2014-11-10 16:58 . 2014-11-10 16:58 -------- d-----w- c:\users\mark\AppData\Local\temp
2014-11-10 16:58 . 2014-11-10 16:58 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-11-10 16:58 . 2014-11-10 16:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-10 16:56 . 2014-11-10 16:56 -------- d-----w- c:\users\laurie\AppData\Local\temp
2014-11-10 16:56 . 2014-11-10 16:56 -------- d-----w- c:\users\Kelly\AppData\Local\temp
2014-11-10 16:56 . 2014-11-10 16:56 -------- d-----w- c:\users\Austin\AppData\Local\temp
2014-11-10 01:00 . 2014-11-10 01:34 -------- d-----w- C:\Kodak Temp
2014-11-09 20:38 . 2014-10-20 10:37 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41140FE5-CCF8-467A-B7CE-6A3B8D217C62}\mpengine.dll
2014-11-07 20:02 . 2014-11-06 17:28 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-11-07 20:02 . 2014-11-06 17:28 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5367582C-3042-47FB-9A9F-5AA98A500174}\gapaengine.dll
2014-11-07 20:02 . 2014-10-20 10:37 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-06 17:23 . 2014-11-06 17:23 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-11-06 17:23 . 2014-11-06 17:24 -------- d-----w- c:\program files\Microsoft Security Client
2014-11-05 01:02 . 2014-11-07 15:14 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-11-04 23:09 . 2014-11-05 01:19 -------- d-----w- c:\users\mark\AppData\Roaming\Emedytud
2014-11-04 22:53 . 2014-11-05 22:20 -------- d-----w- C:\7807dae
2014-11-04 04:03 . 2014-11-10 16:40 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-04 04:03 . 2014-11-06 16:41 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-04 04:03 . 2014-11-04 04:03 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-11-04 04:03 . 2014-11-04 04:03 -------- d-----w- c:\programdata\Malwarebytes
2014-11-04 04:03 . 2014-10-01 19:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-04 04:03 . 2014-10-01 19:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-04 04:03 . 2014-11-04 04:03 -------- d-----w- c:\users\fire\AppData\Local\Programs
2014-11-04 03:10 . 2014-11-04 23:04 -------- d-----w- C:\FRST
2014-11-04 01:48 . 2014-11-04 01:49 -------- d-----w- c:\users\fire\AppData\Local\Mozilla
2014-11-04 01:38 . 2014-11-04 01:38 -------- d-----w- c:\users\fire\AppData\Roaming\ATI
2014-11-04 01:38 . 2014-11-04 01:38 -------- d-----w- c:\users\fire\AppData\Local\ATI
2014-11-02 21:56 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E8BB72F-78E1-45D0-8319-9D6183F6DD5E}\mpengine.dll
2014-10-22 20:40 . 2014-11-10 16:40 -------- d--h--w- c:\programdata\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-30 11:25 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-09 02:59 . 2011-06-23 15:13 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-10-08 01:14 . 2014-10-08 01:15 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-15 03:54 . 2012-04-26 00:08 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-15 03:54 . 2011-06-23 14:58 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-23 02:07 . 2014-08-28 19:02 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 19:02 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-28 19:02 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-17 04:00 . 2014-10-09 03:07 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2014-08-17 04:00 . 2014-10-09 03:06 2239488 ----a-w- c:\windows\system32\wininet.dll
2014-08-17 03:59 . 2014-10-09 03:06 1407488 ----a-w- c:\windows\system32\urlmon.dll
2014-08-17 03:59 . 2014-10-09 03:07 197120 ----a-w- c:\windows\system32\msrating.dll
2014-08-17 03:59 . 2014-10-09 03:07 97280 ----a-w- c:\windows\system32\mshtmled.dll
2014-08-17 03:59 . 2014-10-09 03:06 19280384 ----a-w- c:\windows\system32\mshtml.dll
2014-08-17 03:59 . 2014-10-09 03:06 603136 ----a-w- c:\windows\system32\msfeeds.dll
2014-08-17 03:58 . 2014-10-09 03:06 53248 ----a-w- c:\windows\system32\jsproxy.dll
2014-08-17 03:58 . 2014-10-09 03:06 855552 ----a-w- c:\windows\system32\jscript.dll
2014-08-17 03:58 . 2014-10-09 03:06 3959296 ----a-w- c:\windows\system32\jscript9.dll
2014-08-17 03:58 . 2014-10-09 03:07 67072 ----a-w- c:\windows\system32\iesetup.dll
2014-08-17 03:58 . 2014-10-09 03:07 526336 ----a-w- c:\windows\system32\ieui.dll
2014-08-17 03:58 . 2014-10-09 03:06 136704 ----a-w- c:\windows\system32\iesysprep.dll
2014-08-17 03:58 . 2014-10-09 03:06 2655232 ----a-w- c:\windows\system32\iertutil.dll
2014-08-17 03:58 . 2014-10-09 03:06 39936 ----a-w- c:\windows\system32\iernonce.dll
2014-08-17 03:58 . 2014-10-09 03:06 255488 ----a-w- c:\windows\system32\iedkcs32.dll
2014-08-17 03:58 . 2014-10-09 03:06 15399424 ----a-w- c:\windows\system32\ieframe.dll
2014-08-17 03:58 . 2014-10-09 03:07 451584 ----a-w- c:\windows\system32\dxtmsft.dll
2014-08-17 03:58 . 2014-10-09 03:07 281600 ----a-w- c:\windows\system32\dxtrans.dll
2014-08-17 03:58 . 2014-10-09 03:06 1508864 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-17 03:57 . 2014-10-09 03:06 1766400 ----a-w- c:\windows\SysWow64\wininet.dll
2014-08-17 03:57 . 2014-10-09 03:06 2861568 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-08-17 03:57 . 2014-10-09 03:07 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-08-17 03:57 . 2014-10-09 03:06 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-08-17 03:57 . 2014-10-09 03:06 1440768 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-08-16 07:25 . 2014-10-09 03:07 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-08-16 06:43 . 2014-10-09 03:07 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-08-16 06:34 . 2014-10-09 03:06 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-08-16 05:53 . 2014-10-09 03:06 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-07-23 688984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Milestone Recording Server;Milestone Recording Server;c:\program files (x86)\Milestone\Milestone Surveillance\RecordingServer.exe;c:\program files (x86)\Milestone\Milestone Surveillance\RecordingServer.exe [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Spyder4;Datacolor Spyder4;c:\windows\system32\DRIVERS\dccmtr.sys;c:\windows\SYSNATIVE\DRIVERS\dccmtr.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 QuickBooksDB21;QuickBooksDB21;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Milestone Image Import Service;Milestone Image Import Service;c:\program files (x86)\Milestone\Milestone Surveillance\ImageImportService.exe;c:\program files (x86)\Milestone\Milestone Surveillance\ImageImportService.exe [x]
S2 Milestone Image Server;Milestone Image Server;c:\program files (x86)\Milestone\Milestone Surveillance\ImageServer.exe;c:\program files (x86)\Milestone\Milestone Surveillance\ImageServer.exe [x]
S2 Milestone Log Check Service;Milestone Log Check Service;c:\program files (x86)\Milestone\Milestone Surveillance\ELFFLogCheckerService.exe;c:\program files (x86)\Milestone\Milestone Surveillance\ELFFLogCheckerService.exe [x]
S2 Milestone Service Control;Milestone Service Control;c:\program files (x86)\Milestone\Milestone Surveillance\VideoOS.ServiceControl.Service.exe;c:\program files (x86)\Milestone\Milestone Surveillance\VideoOS.ServiceControl.Service.exe [x]
S2 Milestone XProtect Mobile Service;Milestone XProtect Mobile Service;c:\program files (x86)\Milestone\XProtect Mobile Server\VideoOS.MobileServer.Service.exe;c:\program files (x86)\Milestone\XProtect Mobile Server\VideoOS.MobileServer.Service.exe [x]
S2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;c:\mpich2\bin\smpd.exe;c:\mpich2\bin\smpd.exe [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856]
"MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE" [2009-12-15 508312]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://24.43.242.74/kxhcm10.ocx
FF - ProfilePath - c:\users\fire\AppData\Roaming\Mozilla\Firefox\Profiles\8s2c90cc.default\
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\fire\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\fire\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\fire\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-2005 ASHRAE HandbookFundamentals - c:\windows\iun6002.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-10  09:06:06
ComboFix-quarantined-files.txt  2014-11-10 17:06
.
Pre-Run: 354,376,318,976 bytes free
Post-Run: 362,219,012,096 bytes free
.
- - End Of File - - CB2777C58B915DC4FEF1D2B7401D736D
A36C5E4F47E84449FF07ED3517B43A31

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by fire (administrator) on EVERETT on 10-11-2014 09:09:57
Running from C:\Users\fire\Desktop
Loaded Profile: fire (Available profiles: mark & fire & QBDataServiceUser21 & Kelly & laurie & Austin & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Milestone\Milestone Surveillance\ImageImportService.exe
(Milestone Systems A/S) C:\Program Files (x86)\Milestone\Milestone Surveillance\ImageServer.exe
() C:\Program Files (x86)\Milestone\Milestone Surveillance\ELFFLogCheckerService.exe
(Milestone Systems A/S) C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.ServiceControl.Service.exe
() C:\MPICH2\bin\smpd.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Prolific Technology Inc.) C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe
() C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Milestone Systems A/S) C:\Program Files (x86)\Milestone\XProtect Mobile Server\VideoOS.MobileServer.Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-20] (Logitech, Inc.)
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-14] (CANON INC.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCEF842838737CC01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1009611085-2517016385-803879319-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {2E28242B-A689-11D4-80F2-0040266CBB8D} http://24.43.242.74/kxhcm10.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP10EP1-16277/webex/ieatgpc1.cab
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\fire\AppData\Roaming\Mozilla\Firefox\Profiles\8s2c90cc.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-04-25]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-05-16]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-04-25]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-11-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-01] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Milestone Image Import Service; C:\Program Files (x86)\Milestone\Milestone Surveillance\ImageImportService.exe [11387848 2012-08-24] ()
R2 Milestone Image Server; C:\Program Files (x86)\Milestone\Milestone Surveillance\ImageServer.exe [13649336 2012-08-24] (Milestone Systems A/S)
R2 Milestone Log Check Service; C:\Program Files (x86)\Milestone\Milestone Surveillance\ELFFLogCheckerService.exe [1185232 2012-08-24] ()
S2 Milestone Recording Server; C:\Program Files (x86)\Milestone\Milestone Surveillance\RecordingServer.exe [13083072 2012-08-24] (Milestone Systems A/S)
R2 Milestone Service Control; C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.ServiceControl.Service.exe [22528 2012-08-24] (Milestone Systems A/S) [File not signed]
R2 Milestone XProtect Mobile Service; C:\Program Files (x86)\Milestone\XProtect Mobile Server\VideoOS.MobileServer.Service.exe [257992 2012-08-23] (Milestone Systems A/S)
R2 mpich2_smpd; C:\MPICH2\bin\smpd.exe [1224192 2011-09-01] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PLFlash DeviceIoControl Service; C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe [81920 2008-12-05] (Prolific Technology Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
S4 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-05-17] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1251840 2010-12-02] () [File not signed]
S4 QuickBooksDB21; C:\Program Files (x86)\Intuit\QuickBooks 2011\QBDBMgrN.exe [679936 2010-04-27] (Intuit, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-23] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 Spyder4; C:\Windows\System32\DRIVERS\dccmtr.sys [15360 2011-06-02] (Datacolor)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 09:09 - 2014-11-10 09:10 - 00017861 _____ () C:\Users\fire\Desktop\FRST.txt
2014-11-10 09:09 - 2014-11-10 09:09 - 00000000 ____D () C:\Users\fire\Desktop\FRST-OlderVersion
2014-11-10 09:06 - 2014-11-10 09:06 - 00023146 _____ () C:\ComboFix.txt
2014-11-10 08:43 - 2014-11-10 08:43 - 05598341 ____R (Swearware) C:\Users\fire\Downloads\ComboFix.exe
2014-11-10 08:28 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-10 08:28 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-10 08:28 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-10 08:28 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-10 08:28 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-10 08:28 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-10 08:28 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-10 08:28 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-10 08:27 - 2014-11-10 09:06 - 00000000 ____D () C:\Qoobox
2014-11-10 08:27 - 2014-11-10 09:04 - 00000000 ____D () C:\Windows\erdnt
2014-11-10 08:27 - 2014-11-10 08:27 - 05598341 ____R (Swearware) C:\Users\mark\Desktop\ComboFix.exe
2014-11-09 17:55 - 2014-11-09 17:55 - 00011815 _____ () C:\Users\fire\Desktop\bleeping computer.zip
2014-11-09 17:53 - 2014-11-09 17:53 - 00000000 ____D () C:\Users\fire\AppData\Roaming\WinRAR
2014-11-09 17:48 - 2014-11-09 17:48 - 00688992 ____R (Swearware) C:\Users\fire\Desktop\dds.com
2014-11-09 17:00 - 2014-11-09 17:34 - 00000000 ____D () C:\Kodak Temp
2014-11-06 09:24 - 2014-11-06 09:24 - 00002163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-11-06 09:23 - 2014-11-06 09:24 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-11-06 09:23 - 2014-11-06 09:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-11-06 09:15 - 2014-11-06 09:15 - 00001166 _____ () C:\Users\mark\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-06 08:41 - 2014-11-06 08:57 - 00000000 ____D () C:\Users\mark\Desktop\mbar
2014-11-06 08:40 - 2014-11-06 08:41 - 14349744 _____ (Malwarebytes Corp.) C:\Users\mark\Desktop\mbar-1.07.0.1012.exe
2014-11-06 08:15 - 2014-11-06 08:15 - 00000000 ____D () C:\Windows\pss
2014-11-04 17:34 - 2014-11-06 09:42 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-11-04 17:02 - 2014-11-07 07:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-04 17:01 - 2014-11-04 17:19 - 00000000 ____D () C:\Users\fire\Desktop\mbar
2014-11-04 16:36 - 2014-11-04 16:36 - 14349744 _____ (Malwarebytes Corp.) C:\Users\fire\Desktop\mbar-1.07.0.1012.exe
2014-11-04 15:09 - 2014-11-04 17:19 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Emedytud
2014-11-04 14:53 - 2014-11-05 14:20 - 00000000 ____D () C:\7807dae
2014-11-04 14:53 - 2014-11-04 16:05 - 00000000 _____ () C:\ProgramData\@system.temp
2014-11-04 14:53 - 2014-11-04 14:53 - 00000448 ____H () C:\Users\mark\AppData\Roaming\麽鎒駓覜
2014-11-04 14:53 - 2014-11-04 14:53 - 00000160 ____H () C:\ProgramData\@system3.att
2014-11-04 14:51 - 2014-11-04 14:51 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-03 20:03 - 2014-11-10 08:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-03 20:03 - 2014-11-06 08:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-03 20:03 - 2014-11-03 20:03 - 00001148 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-03 20:03 - 2014-11-03 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-03 20:03 - 2014-11-03 20:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-03 20:03 - 2014-11-03 20:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-03 20:03 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-03 20:03 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-03 19:10 - 2014-11-10 09:09 - 00000000 ____D () C:\FRST
2014-11-03 19:01 - 2014-11-10 09:09 - 02116096 _____ (Farbar) C:\Users\fire\Desktop\FRST64.exe
2014-11-03 17:48 - 2014-11-03 17:49 - 00000000 ____D () C:\Users\fire\AppData\Roaming\Mozilla
2014-11-03 17:48 - 2014-11-03 17:49 - 00000000 ____D () C:\Users\fire\AppData\Local\Mozilla
2014-11-03 17:38 - 2014-11-03 17:38 - 00000000 ____D () C:\Users\fire\AppData\Roaming\ATI
2014-11-03 17:38 - 2014-11-03 17:38 - 00000000 ____D () C:\Users\fire\AppData\Local\ATI
2014-10-22 12:40 - 2014-11-10 09:06 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 09:06 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Default
2014-11-10 08:59 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-10 08:55 - 2011-06-23 06:41 - 00000000 ____D () C:\Users\mark
2014-11-10 08:45 - 2011-06-23 06:41 - 01716178 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 08:40 - 2009-07-13 20:45 - 00022096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 08:40 - 2009-07-13 20:45 - 00022096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 08:33 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-10 08:33 - 2009-07-13 20:51 - 00154112 _____ () C:\Windows\setupact.log
2014-11-10 08:32 - 2010-11-20 19:47 - 00942722 _____ () C:\Windows\PFRO.log
2014-11-10 08:31 - 2012-11-06 14:21 - 00000000 ____D () C:\Users\mark\Documents\Outlook Files
2014-11-10 08:24 - 2011-06-23 06:56 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6F26C169-FB4D-4FD6-A1FC-A0335A509750}
2014-11-09 17:36 - 2013-07-08 07:43 - 00004784 _____ () C:\Windows\SysWOW64\log.dat
2014-11-09 12:39 - 2009-07-13 21:13 - 00784008 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 09:57 - 2012-04-25 16:47 - 00000000 ____D () C:\Windows\AutoKMS
2014-11-05 07:18 - 2011-06-29 16:21 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-04 17:21 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\addins
2014-11-04 16:19 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-04 15:04 - 2014-07-17 14:36 - 00000000 ____D () C:\FORTRAN
2014-11-04 15:04 - 2012-11-13 14:23 - 00000000 ____D () C:\Garmin
2014-11-04 15:04 - 2012-11-07 09:41 - 00000000 ____D () C:\Fire Models Excell
2014-11-04 15:04 - 2012-11-07 09:41 - 00000000 ____D () C:\Fire Models
2014-11-04 15:03 - 2012-11-07 09:29 - 00000000 ____D () C:\FDS Mark
2014-11-04 15:00 - 2011-06-22 17:04 - 00000000 ____D () C:\FDS Everett
2014-11-04 14:58 - 2012-05-25 10:46 - 00000000 ____D () C:\CONTAM 3.0
2014-11-04 14:58 - 2012-04-25 17:02 - 00000000 ____D () C:\Autodesk
2014-11-04 14:56 - 2014-06-24 13:59 - 00000000 ____D () C:\AMD
2014-11-04 14:56 - 2014-02-27 20:10 - 00000000 ____D () C:\002
2014-11-04 14:55 - 2014-02-25 17:09 - 00000000 ____D () C:\001
2014-11-03 21:06 - 2013-07-09 12:11 - 00000000 ____D () C:\Program Files (x86)\SweetIM
2014-11-03 21:05 - 2012-02-19 09:20 - 00000000 ____D () C:\Users\mark\AppData\Local\Adobe
2014-11-03 17:38 - 2011-07-01 10:36 - 00147016 _____ () C:\Users\fire\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-03 16:37 - 2012-11-10 16:38 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-03 16:26 - 2014-08-08 16:09 - 00000000 ___RD () C:\Users\mark\Google Drive
2014-11-02 20:43 - 2013-03-12 19:31 - 00000000 ____D () C:\Users\mark\AppData\Local\GARMIN_Corp
2014-11-02 20:42 - 2012-11-14 17:47 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-11-02 20:42 - 2012-11-14 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-10-30 03:25 - 2010-11-20 19:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-28 16:37 - 2013-06-19 07:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-25 12:58 - 2012-11-21 14:51 - 00014801 _____ () C:\Users\mark\Documents\plot.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-05 14:14

==================== End Of Log ============================

 

Attached Files



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:56 PM

Posted 10 November 2014 - 02:38 PM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1009611085-2517016385-803879319-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S4 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
U3 catchme; \??\C:\ComboFix\catchme.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now?

#15 spaeaurouge

spaeaurouge
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 10 November 2014 - 03:28 PM

Yipee!!! So far so good. I will let you know if it returns. Thank you....

 

LMK what I can do to support this site.


Edited by spaeaurouge, 10 November 2014 - 03:28 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users