Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Powelik is still on my pc after using ESET, need help


  • This topic is locked This topic is locked
15 replies to this topic

#1 Droc

Droc

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 12 December 2014 - 12:18 AM

Hey Bleepingcomputer, I picked up this trojan powelik virus last week. First, I used the Notron powelik removel tool they have out now and it didn't work, although it seemed to help at first. But Norton keeps finding the Trojan virus and takes care of it and I have to reboot. But I keeps happening. I found your web site and quickly read everything and downloaded ESET and ran it. ESET found powelik*32 and removed it. But I'm still getting CPU activity from dllhost.exe, descrition:COM surrogate. My system is 64 bit, don't know is that matters to the trojan. I tried two other removal tools before coming here, but I stopped them when I got to a paid for my service now, and then after reading your website I quickly removed the tools from my PC. So, I still have this thing and I'm afraid to use my PC for anything because I know someone my be watching.

Here is my Log-

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16599 BrowserJavaVersion: 11.25.2
Run by Dere at 19:58:39 on 2014-12-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8183.5380 [GMT -8:00]
.
AV: Norton 360 Premier Edition *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 Premier Edition *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Cooler Master Storm Sirus\CPL\Storm Sirus.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\VIA_XHCI\usb3Monitor.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
C:\Program Files\ASUS Xonar DGX Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
C:\ProgramData\HP Link5 Config\PelLinkS.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Thrustmaster\T500 RS Racing wheel\drivers\amd64\tmInstall.EXE
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\BeepApp.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\splwow64.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.kptv.com/home
uSearch Bar = Preserve
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
uProxyOverride = 12.242.16.8;192.168.*.*;*.local;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: Any Calculator Toolbar: {64f2dc90-9d55-4bb3-ae33-1b195b641458} - C:\Program Files (x86)\Any_Calculator\tbAny_.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\PlusIEContextMenu.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: ZeonIEEventHelper Class: {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
TB: Any Calculator Toolbar: {64F2DC90-9D55-4BB3-AE33-1B195B641458} - C:\Program Files (x86)\Any_Calculator\tbAny_.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coieplg.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Nuance PDF: {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler
mRun: [PDF8 Registry Controller] "C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe"
mRun: [PDFProHook] "C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe"
mRun: [Nuance PDF Converter Professional 8-reminder] "C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter Professional 8\Ereg\Ereg.ini"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STRATA~1.LNK - C:\Program Files (x86)\StrataTicker\StrataTicker.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: En&queue current page with BID - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: Open with Nuance PDF Converter 8 - C:\Program Files (x86)\Nuance\PDF Professional 8\cnvres_eng.dll /100
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{39968C27-287A-45EB-9CF5-405132056AC3} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.yahoo.com
x64-mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
x64-BHO: SaverExxtEnsioon: {4102A820-146A-7AEB-8BE7-D97C21282082} -
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
x64-BHO: 500Coupons: {86942379-72ED-C950-8FFA-66526B3899B1} -
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Cm106Sound] C:\Program Files\Cooler Master Storm Sirus\CPL\Storm Sirus.exe /h /d
x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-Run: [VIAxHCUtl] C:\VIA_XHCI\usb3Monitor.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-3-10 225296]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys [2014-10-12 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys [2014-10-12 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [2014-12-11 1587416]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys [2014-10-12 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\IPSDefs\20141211.001\IDSviA64.sys [2014-12-11 637656]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys [2014-10-12 266968]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\1506000.020\symtdiv.sys [2014-10-12 510168]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/10/17 00:34:05];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-10-21 146928]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2008-9-4 122880]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-9-19 1148744]
R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-3-10 192512]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-1 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-1 969016]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-8-10 227184]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe [2014-10-12 265040]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-5-26 1795912]
R2 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [2012-10-23 135056]
R2 PelLinkS;PelLinkS;C:\ProgramData\HP Link5 Config\PelLinkS.exe [2010-11-19 178072]
R2 tmInstall;Thrustmaster Device Driver Installer;C:\Program Files\Thrustmaster\T500 RS Racing wheel\drivers\amd64\tmInstall.exe [2014-1-21 28160]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-8-16 592120]
R3 cmudaxp;ASUS Xonar DGX Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2014-5-7 2727936]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-9 142640]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2014-5-24 98464]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-11-1 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-11-1 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-11-1 64216]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-3-10 26168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 CMUAC;USB Audio Class 1.0 and 2.0 Device Driver;C:\Windows\System32\drivers\CMUAC.SYS [2014-2-16 111104]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2012-11-20 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 HPMoA407;Mouse Suite Driver_A407 (WDF Version);C:\Windows\System32\drivers\HPMoA407.sys [2011-10-30 25088]
S3 HPubA407;USB Mouse Low Filter Driver_A407 (WDF Version);C:\Windows\System32\drivers\HPubA407.sys [2011-10-30 18944]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-8-4 327704]
S3 LVUVC64;Logitech Webcam 905(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-8-4 6379288]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2011-4-4 21504]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-9-9 25888]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SkyhawkeUSBLan;SkyhawkeUSBLan;C:\Windows\System32\drivers\btblan.sys [2010-4-15 47600]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-11-22 16152]
S3 tmbulk;Thrustmaster Series Bulk Driver (tmbulk);C:\Windows\System32\drivers\tmbulk.sys [2014-1-21 88368]
S3 tmhidusb;Thrustmaster HID USB Driver;C:\Windows\System32\drivers\tmhidusb.sys [2014-1-21 149296]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;C:\Windows\System32\drivers\ViaHub3.sys [2014-5-7 204800]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;C:\Windows\System32\drivers\xhcdrv.sys [2014-5-7 256000]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-8-16 90776]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2014-12-12 03:10:49 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-10 16:32:26 112710672 ----a-w- C:\Windows\System32\mrt.exe
2014-12-10 05:00:36 0 ----a-w- C:\autoexec.bat
2014-12-10 05:00:06 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 05:00:06 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-10 04:57:04 3044736 ----a-w- C:\Program Files\SpyHunter-Installer.exe
2014-12-03 02:06:01 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-12-03 01:51:29 347136 ----a-w- C:\Windows\System32\schannel.dll
2014-12-02 22:51:08 129752 ----a-w- C:\Windows\System32\drivers\4620535D.sys
2014-11-25 03:20:48 129752 ----a-w- C:\Windows\System32\drivers\05F33084.sys
2014-11-25 03:20:48 129752 ----a-w- C:\Windows\System32\drivers\03E8308D.sys
2014-11-24 22:12:45 17874432 ----a-w- C:\Windows\System32\mshtml.dll
2014-11-24 22:04:56 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-11-24 21:59:39 448512 ----a-w- C:\Windows\System32\html.iec
2014-11-24 21:54:00 10921984 ----a-w- C:\Windows\System32\ieframe.dll
2014-11-24 21:53:14 2339840 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-24 21:47:43 1388032 ----a-w- C:\Windows\System32\urlmon.dll
2014-11-24 21:47:12 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-11-24 21:45:49 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-24 21:45:37 237056 ----a-w- C:\Windows\System32\url.dll
2014-11-24 21:45:29 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2014-11-24 21:44:58 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-24 21:44:55 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-24 21:44:51 2157056 ----a-w- C:\Windows\System32\iertutil.dll
2014-11-24 21:44:49 816640 ----a-w- C:\Windows\System32\jscript.dll
2014-11-24 21:44:40 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2014-11-24 21:44:21 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
2014-11-24 21:44:11 282112 ----a-w- C:\Windows\System32\dxtrans.dll
2014-11-24 21:44:08 55296 ----a-w- C:\Windows\System32\msfeedsbs.dll
2014-11-24 21:44:05 11264 ----a-w- C:\Windows\System32\msfeedssync.exe
2014-11-24 21:43:51 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2014-11-24 21:43:44 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-24 21:43:33 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-11-24 21:42:58 248320 ----a-w- C:\Windows\System32\ieui.dll
2014-11-24 20:44:32 367104 ----a-w- C:\Windows\SysWow64\html.iec
2014-11-24 20:41:46 12369920 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-11-24 20:40:49 1810944 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-24 20:37:23 9740800 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-11-24 20:35:45 1139712 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-11-24 20:35:25 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-24 20:34:40 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-24 20:34:05 231936 ----a-w- C:\Windows\SysWow64\url.dll
2014-11-24 20:33:59 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-11-24 20:33:56 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-24 20:33:47 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-24 20:33:26 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2014-11-24 20:33:21 1802752 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-11-24 20:33:15 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-11-24 20:33:03 41472 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2014-11-24 20:32:53 353792 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2014-11-24 20:32:49 223232 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2014-11-24 20:32:48 10752 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2014-11-24 20:32:47 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-11-24 20:32:42 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-11-24 20:32:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-24 20:32:17 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-11-21 21:24:47 129752 ----a-w- C:\Windows\System32\drivers\023335C2.sys
2014-11-21 14:14:18 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 14:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 14:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-18 22:56:48 1202848 ----a-w- C:\Windows\SysWow64\FM20.DLL
2014-11-07 01:33:21 974848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-07 01:28:24 1209856 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-10-31 23:11:19 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-10-31 23:06:30 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-24 16:16:42 2391 ----a-w- C:\Windows\patsearch.bin
2014-10-24 01:04:29 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-24 01:03:40 499200 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-10-24 00:39:49 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-24 00:39:19 656384 ----a-w- C:\Windows\System32\kerberos.dll
2014-10-18 01:08:10 564224 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-18 00:46:22 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-12 23:52:40 2782208 ----a-w- C:\Windows\System32\win32k.sys
2014-10-10 01:10:24 548352 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-10 01:09:30 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-10 01:09:23 1689600 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-10 01:01:46 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-10 01:00:34 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-09 23:53:20 619520 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-09 23:22:16 619520 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-03 01:18:20 274432 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:17:16 396800 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:17:16 115712 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:03:12 313344 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 01:02:20 201728 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 01:01:59 474624 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 01:01:59 446976 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-02 23:49:01 88576 ----a-w- C:\Windows\SysWow64\audiodg.exe
2014-02-13 21:03:54 3153408 ----a-w- C:\Program Files (x86)\SKSS.exe
2013-08-06 20:35:52 15225800 ----a-r- C:\Program Files (x86)\haspdinst.exe
2001-11-27 19:14:00 753664 ----a-r- C:\Program Files (x86)\spr32d30.dll
.
============= FINISH: 19:59:28.90 ===============

 

Attached File  attach.txt   11.81KB   0 downloads



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 PM

Posted 12 December 2014 - 07:28 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I have given you the All clear. Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Edited by RPMcMurphy, 12 December 2014 - 07:30 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 Droc

Droc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 14 December 2014 - 08:03 PM

Attached File  Addition.txt   44.02KB   1 downloadsHey, sorry for the delay, I was out of town, but here is the logs you need.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Dere (administrator) on HOME on 14-12-2014 16:54:57
Running from C:\Users\Dere\Desktop
Loaded Profile: Dere (Available profiles: Dere)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(C-MEDIA Electronics INC.) C:\Program Files\Cooler Master Storm Sirus\CPL\Storm Sirus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\SysWOW64\HsMgr.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Windows\system\HsMgr64.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
(CMedia) C:\Program Files\ASUS Xonar DGX Audio\Customapp\AsusAudioCenter.exe
() C:\ProgramData\HP Link5 Config\PelLinkS.exe
(Thrustmaster®) C:\Program Files\Thrustmaster\T500 RS Racing wheel\drivers\amd64\tmInstall.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
() C:\Windows\SysWOW64\BeepApp.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cm106Sound] => C:\Program Files\Cooler Master Storm Sirus\CPL\Storm Sirus.exe [278016 2011-07-14] (C-MEDIA Electronics INC.)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-10] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-10] ()
HKLM\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-16] (NVIDIA Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [PDF8 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe [178576 2012-10-23] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe [2013072 2012-10-23] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nuance PDF Converter Professional 8-reminder] => C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe [333712 2012-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-3941653321-956662587-3663273246-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-04-29] (Google Inc.)
HKU\S-1-5-21-3941653321-956662587-3663273246-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
AppInit_DLLs: C:\PROGRA~3\WINSYS~1\WINSYS~2.DLL => C:\ProgramData\Win sys filter\Winsysfilter_x64.dll [4483584 2013-12-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrataTicker.lnk
ShortcutTarget: StrataTicker.lnk -> C:\Program Files (x86)\StrataTicker\StrataTicker.exe (No File)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3941653321-956662587-3663273246-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3941653321-956662587-3663273246-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3941653321-956662587-3663273246-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kptv.com/home
URLSearchHook: HKLM-x32 - Any Calculator Toolbar - {64f2dc90-9d55-4bb3-ae33-1b195b641458} - C:\Program Files (x86)\Any_Calculator\tbAny_.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {54257364-7F94-4D84-A202-5EAA91FC9748} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM -> {F21403DD-AC44-4E23-A5A0-95B57FD6E5FA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {54257364-7F94-4D84-A202-5EAA91FC9748} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT322387
SearchScopes: HKLM-x32 -> {F21403DD-AC44-4E23-A5A0-95B57FD6E5FA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-3941653321-956662587-3663273246-1000 -> {54257364-7F94-4D84-A202-5EAA91FC9748} URL =
SearchScopes: HKU\S-1-5-21-3941653321-956662587-3663273246-1000 -> {F21403DD-AC44-4E23-A5A0-95B57FD6E5FA} URL =
BHO: SaverExxtEnsioon -> {4102A820-146A-7AEB-8BE7-D97C21282082} -> C:\ProgramData\SaverExxtEnsioon\hgv.x64.dll No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: 500Coupons -> {86942379-72ED-C950-8FFA-66526B3899B1} -> C:\ProgramData\500Coupons\tR4uAKrud.x64.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3941653321-956662587-3663273246-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3941653321-956662587-3663273246-1000 -> No Name - {64F2DC90-9D55-4BB3-AE33-1B195B641458} -  No File
Toolbar: HKU\S-1-5-21-3941653321-956662587-3663273246-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31010.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/vbp;version=0.9.17 -> C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.17 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.17 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKU\S-1-5-21-3941653321-956662587-3663273246-1000: @movenetworks.com/Quantum Media Player -> C:\Users\Dere\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Plugin HKU\S-1-5-21-3941653321-956662587-3663273246-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkorswim\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKU\S-1-5-21-3941653321-956662587-3663273246-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkorswim\nptossc.dll (TD Ameritrade)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-12-14]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-10-17]
FF HKU\S-1-5-21-3941653321-956662587-3663273246-1000\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Dere\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\Dere\AppData\Roaming\Move Networks [2010-01-20]

Chrome:
=======
CHR Profile: C:\Users\Dere\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Dere\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-03-12]
CHR Extension: (Wondershare Video Converter Ultimate) - C:\Users\Dere\AppData\Local\Google\Chrome\User Data\Default\Extensions\chgdeabpmphfhkoemjjglmilajldekbp [2014-11-01]
CHR Extension: (Yahoo! Toolbar for Chrome) - C:\Users\Dere\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-11-01]
CHR Extension: (DivX HiQ) - C:\Users\Dere\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2014-11-01]
CHR Extension: (SaverExxtEnsioon) - C:\Users\Dere\AppData\Local\Google\Chrome\User Data\Default\Extensions\iffjlbmbboclbfdnjcchfnabjjbeojkd [2013-12-31]
CHR Extension: (Skype Click to Call) - C:\Users\Dere\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-01]
CHR Extension: (No Name) - C:\Users\Dere\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-03-12]
CHR Extension: (Norton Security Toolbar) - C:\Users\Dere\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-11-01]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Dere\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-11-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-12]
CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRChromePlugin.crx [2012-12-13]
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-07]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-12]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2008-09-04] (AMD) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-16] (NVIDIA Corporation)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
R2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () [File not signed]
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [227184 2011-08-10] ()
R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-16] (NVIDIA Corporation)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
R2 PelLinkS; C:\ProgramData\HP Link5 Config\PelLinkS.exe [178072 2010-11-19] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 tmInstall; C:\Program Files\Thrustmaster\T500 RS Racing wheel\drivers\amd64\tmInstall.EXE [28160 2013-08-22] (Thrustmaster®)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 CMUAC; C:\Windows\System32\DRIVERS\CMUAC.SYS [111104 2011-07-13] (C-Media Inc.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2727936 2011-12-19] (C-Media Inc)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
S3 HPMoA407; C:\Windows\System32\DRIVERS\HPMoA407.sys [25088 2010-10-25] (TPMX Electronics Ltd.)
S3 HPubA407; C:\Windows\System32\Drivers\HPubA407.sys [18944 2010-11-04] (TPMX Electronics Ltd.)
R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\IPSDefs\20141212.002\IDSvia64.sys [637656 2014-11-19] (Symantec Corporation)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20141214.002\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20141214.002\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S3 SkyhawkeUSBLan; C:\Windows\System32\DRIVERS\btblan.sys [47600 2010-04-15] (Belcarra Technologies)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-11-23] ()
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMTDIV.SYS [510168 2014-02-17] (Symantec Corporation)
S3 tmbulk; C:\Windows\System32\Drivers\tmbulk.sys [88368 2013-06-12] (© Guillemot R&D, 2011. All rights reserved.)
S3 tmhidusb; C:\Windows\System32\DRIVERS\tmhidusb.sys [149296 2013-08-27] (Thrustmaster)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-08-02] (Apple, Inc.) [File not signed]
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [204800 2011-11-14] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [256000 2011-11-14] (VIA Technologies, Inc.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-10-21] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [X]
S3 PCDSRVC{4942F9C0-0B403F17-06000000}_0; \??\c:\pcdr5\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 16:54 - 2014-12-14 16:55 - 00028207 _____ () C:\Users\Dere\Desktop\FRST.txt
2014-12-14 16:53 - 2014-12-14 16:53 - 02119168 _____ (Farbar) C:\Users\Dere\Desktop\FRST64.exe
2014-12-14 16:34 - 2014-12-14 16:55 - 00000000 ____D () C:\FRST
2014-12-14 16:31 - 2014-12-14 16:31 - 02119168 _____ (Farbar) C:\Users\Dere\Downloads\frst64.exe
2014-12-11 20:00 - 2014-12-11 20:00 - 00012096 _____ () C:\Users\Dere\Desktop\attach.txt
2014-12-11 20:00 - 2014-12-11 19:59 - 00026412 _____ () C:\Users\Dere\Desktop\dds.txt
2014-12-11 19:57 - 2014-12-11 19:58 - 00688992 ____R (Swearware) C:\Users\Dere\Downloads\dds.com
2014-12-10 23:23 - 2014-12-10 23:23 - 00000000 ____H () C:\Users\Dere\Documents\Default.rdp
2014-12-10 21:16 - 2014-12-10 21:16 - 00000000 ____D () C:\Users\Dere\AppData\Local\Western Digital
2014-12-10 18:44 - 2014-12-10 18:45 - 00000775 _____ () C:\Windows\KB884020.log
2014-12-10 17:22 - 2014-12-10 17:22 - 00844506 _____ () C:\Users\Dere\Desktop\ESETPoweliksCleaner.exe_20141210.172241.5532.log
2014-12-10 16:36 - 2014-12-10 16:37 - 00847402 _____ () C:\Users\Dere\Desktop\ESETPoweliksCleaner.exe_20141210.163656.1156.log
2014-12-10 15:54 - 2014-12-10 15:55 - 01688800 _____ () C:\Users\Dere\Desktop\ESETPoweliksCleaner.exe_20141210.155436.8028.log
2014-12-10 15:54 - 2014-12-10 15:54 - 00186568 _____ (ESET) C:\Users\Dere\Desktop\ESETPoweliksCleaner.exe
2014-12-10 08:31 - 2014-11-06 17:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 08:31 - 2014-11-06 17:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 08:28 - 2014-12-02 18:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-10 08:28 - 2014-12-02 17:51 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-09 21:00 - 2014-12-09 21:00 - 00000000 _____ () C:\autoexec.bat
2014-12-09 20:57 - 2014-12-09 20:57 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Program Files\SpyHunter-Installer.exe
2014-12-09 20:25 - 2014-12-09 20:27 - 00000000 ____D () C:\ProgramData\Unchecky
2014-12-09 20:25 - 2014-12-09 20:24 - 24489269 _____ () C:\Users\Dere\Downloads\setup_free.exe
2014-12-09 18:01 - 2014-12-09 18:05 - 00000050 _____ () C:\Users\Dere\Desktop\FixPoweliks32.log
2014-12-09 17:40 - 2014-12-09 17:56 - 00000050 _____ () C:\Users\Dere\Desktop\FixPoweliks64.log
2014-12-09 17:38 - 2014-11-24 13:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 17:38 - 2014-11-24 13:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 17:38 - 2014-11-24 12:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 17:38 - 2014-11-24 12:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 17:38 - 2014-11-24 12:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 17:38 - 2014-11-24 12:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 17:37 - 2014-11-24 14:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 17:37 - 2014-11-24 13:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-09 17:37 - 2014-11-24 13:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 17:37 - 2014-11-24 13:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 17:37 - 2014-11-24 13:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 17:37 - 2014-11-24 13:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 17:37 - 2014-11-24 13:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-09 17:37 - 2014-11-24 13:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 17:37 - 2014-11-24 13:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 17:37 - 2014-11-24 13:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-09 17:37 - 2014-11-24 13:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 17:37 - 2014-11-24 13:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 17:37 - 2014-11-24 13:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 17:37 - 2014-11-24 13:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 17:37 - 2014-11-24 13:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 17:37 - 2014-11-24 13:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-09 17:37 - 2014-11-24 13:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-09 17:37 - 2014-11-24 13:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 17:37 - 2014-11-24 13:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-09 17:37 - 2014-11-24 13:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 17:37 - 2014-11-24 12:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-09 17:37 - 2014-11-24 12:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 17:37 - 2014-11-24 12:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 17:37 - 2014-11-24 12:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 17:37 - 2014-11-24 12:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 17:37 - 2014-11-24 12:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-09 17:37 - 2014-11-24 12:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 17:37 - 2014-11-24 12:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-09 17:37 - 2014-11-24 12:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 17:37 - 2014-11-24 12:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-09 17:37 - 2014-11-24 12:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 17:37 - 2014-11-24 12:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-09 17:37 - 2014-11-24 12:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 17:37 - 2014-11-24 12:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 17:37 - 2014-11-24 12:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 17:37 - 2014-11-24 12:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 17:37 - 2014-11-24 12:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-09 17:37 - 2014-11-24 12:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-09 15:48 - 2014-12-09 15:48 - 03060320 ____N (Symantec Corporation) C:\Users\Dere\Downloads\NPE (10).exe
2014-12-04 19:31 - 2014-12-04 19:31 - 02747488 _____ (Symantec Corporation) C:\Users\Dere\Downloads\FixPoweliks64.exe
2014-12-02 14:51 - 2014-12-02 14:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\4620535D.sys
2014-11-24 20:15 - 2014-11-24 20:15 - 03060320 ____N (Symantec Corporation) C:\Users\Dere\Downloads\NPE (9).exe
2014-11-24 19:20 - 2014-11-24 19:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\05F33084.sys
2014-11-24 19:20 - 2014-11-24 19:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\03E8308D.sys
2014-11-21 14:43 - 2014-11-21 14:43 - 00020751 _____ () C:\Users\Dere\Downloads\Best Western Receipt.zip
2014-11-21 13:24 - 2014-11-21 13:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\023335C2.sys
2014-11-20 08:24 - 2014-10-23 17:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-20 08:24 - 2014-10-23 16:39 - 00656384 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 16:55 - 2009-03-10 08:24 - 00000000 ____D () C:\ProgramData\Temp
2014-12-14 16:26 - 2009-03-10 10:33 - 01735969 _____ () C:\Windows\WindowsUpdate.log
2014-12-14 15:59 - 2013-12-22 10:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-14 15:49 - 2013-10-13 21:40 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-14 15:30 - 2014-01-21 12:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-14 15:17 - 2006-11-02 04:46 - 00759082 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-14 15:13 - 2014-11-01 12:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-14 15:13 - 2008-09-19 02:55 - 00014466 _____ () C:\Windows\SysWOW64\NapaSet.txt
2014-12-14 15:11 - 2006-11-02 07:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-14 15:11 - 2006-11-02 07:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-14 15:09 - 2013-10-13 21:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-14 15:09 - 2006-11-02 07:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-14 15:08 - 2008-01-20 19:26 - 04465748 _____ () C:\Windows\PFRO.log
2014-12-12 16:00 - 2006-11-02 07:42 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-12 14:43 - 2014-01-05 18:59 - 00000000 ____D () C:\Users\Dere\Documents\TD Time Cards, Expense Reports, 2014
2014-12-12 14:40 - 2014-01-05 19:02 - 00000000 ____D () C:\Users\Dere\Documents\TD Daily Reports, 2014
2014-12-11 21:23 - 2009-12-28 12:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-10 17:07 - 2006-11-02 05:33 - 00000000 __RSD () C:\Windows\Media
2014-12-10 15:06 - 2009-03-10 08:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-10 08:38 - 2009-10-16 22:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 08:37 - 2013-07-24 07:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 08:32 - 2006-11-02 04:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-10 08:26 - 2010-06-04 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-09 21:00 - 2013-12-22 10:37 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 21:00 - 2012-12-03 08:54 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 21:00 - 2012-12-03 08:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 18:36 - 2013-02-22 14:51 - 00000000 ____D () C:\Windows\Minidump
2014-12-09 18:36 - 2009-03-10 07:58 - 00302797 _____ () C:\Windows\Minidump\Mini120914-01.dmp
2014-12-09 17:17 - 2010-12-14 15:02 - 00000000 ____D () C:\Windows\pss
2014-12-09 16:23 - 2014-11-01 12:55 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-09 16:23 - 2014-11-01 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-09 16:23 - 2014-11-01 12:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-09 16:10 - 2013-07-27 11:45 - 00000000 ____D () C:\Users\Dere\AppData\Local\NPE
2014-12-09 15:53 - 2014-06-24 14:05 - 00000000 ____D () C:\NPE
2014-12-08 17:44 - 2012-12-06 09:18 - 00000000 ____D () C:\Users\Dere\Documents\Resume
2014-12-04 19:08 - 2014-06-29 17:21 - 00000000 ____D () C:\Users\Dere\Desktop\lapdata
2014-12-04 18:56 - 2014-06-29 17:01 - 00000000 ____D () C:\Users\Dere\Desktop\laptimes
2014-12-01 17:05 - 2010-06-21 17:59 - 00000000 ____D () C:\Users\Dere\Documents\TD Electric
2014-11-30 09:58 - 2014-01-26 23:26 - 00000000 ____D () C:\Users\Dere\Documents\Formula 1
2014-11-27 19:15 - 2014-06-29 17:01 - 00000000 ____D () C:\Users\Dere\Desktop\fastest_laps
2014-11-25 21:42 - 2011-03-27 14:50 - 00000000 ____D () C:\Users\Dere\AppData\Local\CrashDumps
2014-11-24 19:23 - 2014-05-07 17:04 - 00000000 ____D () C:\VIA_XHCI
2014-11-24 14:04 - 2009-10-19 14:03 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-23 17:16 - 2009-10-17 18:11 - 00000000 ____D () C:\Users\Dere\AppData\Local\Google
2014-11-21 06:14 - 2014-11-01 12:55 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-11-01 12:55 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-11-01 12:55 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-16 15:20 - 2014-02-22 11:52 - 00010481 _____ () C:\Windows\setupact.log
2014-11-14 00:28 - 2012-11-20 12:20 - 00000000 ____D () C:\Users\Dere\AppData\Local\Windows Live

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-14 15:20

==================== End Of Log ============================



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 PM

Posted 14 December 2014 - 10:32 PM

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

Task: {4F1C2CC9-01E8-40BF-A99C-D7F7C56BB8A0} - \ArcadeParlor No Task File <==== ATTENTION
Task: {AB03DC50-FDB4-406A-9345-6799757A96F0} - \WSE_Vosteran No Task File <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3941653321-956662587-3663273246-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
EmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 Droc

Droc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 14 December 2014 - 11:36 PM

Ok, so I opened notepad, it has a list of 'Processes (Whitelisted)' on it. So, I hit the new tab and pasted it and saved it as fixlist and when I went to close the notepad with the 'Processes (Whitelisted)' in it the message I just pasted in the new notebox was at the top of this page and it asked if I wanted to save it, so I saved it as fixlist.  When the run the program and hit 'fix' and it pops up a warning box, Looks you dont know what to do. To prevent damage to the system the tool will exit.  Im pretty sure I did this wrong?



#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 PM

Posted 15 December 2014 - 10:49 PM

It sounds like you opened an existing notepad document - specifically your FRST log that you posted for me.  You need to start fresh with a new notepad document.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 Droc

Droc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 15 December 2014 - 11:12 PM

Yes, you are right, that is what I did. I figured it out a few hours ago and run the program and hit the fix tab and it's been scanning/working since. Does it usually take a few hours?



#8 Droc

Droc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 16 December 2014 - 01:31 AM

Ok, it finished, finally, and it was a couple hours, but here is the log.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by Dere at 2014-12-15 16:54:40 Run:1
Running from C:\Users\Dere\Desktop
Loaded Profile: Dere (Available profiles: Dere)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {4F1C2CC9-01E8-40BF-A99C-D7F7C56BB8A0} - \ArcadeParlor No Task File <==== ATTENTION
Task: {AB03DC50-FDB4-406A-9345-6799757A96F0} - \WSE_Vosteran No Task File <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3941653321-956662587-3663273246-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
EmptyTemp:

*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F1C2CC9-01E8-40BF-A99C-D7F7C56BB8A0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F1C2CC9-01E8-40BF-A99C-D7F7C56BB8A0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ArcadeParlor" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB03DC50-FDB4-406A-9345-6799757A96F0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB03DC50-FDB4-406A-9345-6799757A96F0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Vosteran" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3941653321-956662587-3663273246-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
EmptyTemp: => Removed 1.5 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====



#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 PM

Posted 16 December 2014 - 11:49 AM

Please do this next:

icon11.gif  Go to this page and download Malwarebytes Anti-Rootkit (MBAR)

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • MBAR will create logs that you will find in the same folder you found MBAR.exe.  Please post those for me to review.

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • MBAR log(s)
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 Droc

Droc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 17 December 2014 - 09:19 AM

Good Morning, so I ran the programs and produced the logs. I have Malwarebytes  install on my PC, so when I went to download the Malwarebytes Anti-Rootkit (MBAR), it said I had to completely turn off the malwarebytes.  But, I found that it had MBAR and it was disable, so I enabled it and ran it like you said too. I hope it produced the log you need, run time was rather long, but I didn't mind.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/16/2014
Scan Time: 4:33:54 PM
Logfile: Scan Log 12-16-14.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.16.05
Rootkit Database: v2014.12.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Dere

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 753292
Time Elapsed: 6 hr, 52 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

 

-----------------------------------------------------------------

 

 

 

ComboFix 14-12-14.01 - Dere 12/17/2014   5:35.4.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.8183.4176 [GMT -8:00]
Running from: c:\users\Dere\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 Premier Edition *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 Premier Edition *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SaveShare
c:\programdata\Win sys filter
c:\programdata\Win sys filter\Winsysfilter_x64.dll
c:\windows\msdownld.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-17 to 2014-12-17  )))))))))))))))))))))))))))))))
.
.
2014-12-17 10:15 . 2014-12-17 10:15 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D53060D6-12BC-40E0-ADEB-9F8E2A9B8ABA}\offreg.dll
2014-12-17 01:44 . 2014-12-17 01:44 -------- d-----w- c:\windows\LastGood
2014-12-17 00:21 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D53060D6-12BC-40E0-ADEB-9F8E2A9B8ABA}\mpengine.dll
2014-12-15 00:34 . 2014-12-16 06:10 -------- d-----w- C:\FRST
2014-12-11 05:16 . 2014-12-11 05:16 -------- d-----w- c:\users\Dere\AppData\Local\Western Digital
2014-12-10 16:31 . 2014-11-07 01:33 974848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-12-10 16:31 . 2014-11-07 01:28 1209856 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-12-10 16:28 . 2014-12-03 02:06 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2014-12-10 16:28 . 2014-12-03 01:51 347136 ----a-w- c:\windows\system32\schannel.dll
2014-12-10 04:57 . 2014-12-10 04:57 3044736 ----a-w- c:\program files\SpyHunter-Installer.exe
2014-12-10 04:25 . 2014-12-10 04:27 -------- d-----w- c:\programdata\Unchecky
2014-12-10 01:38 . 2014-11-24 21:53 2339840 ----a-w- c:\windows\system32\jscript9.dll
2014-12-10 01:38 . 2014-11-24 21:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-12-10 01:38 . 2014-11-24 20:40 1810944 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-12-10 01:38 . 2014-11-24 20:35 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2014-12-10 01:38 . 2014-11-24 20:33 421376 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-12-02 22:51 . 2014-12-02 22:51 129752 ----a-w- c:\windows\system32\drivers\4620535D.sys
2014-11-25 03:20 . 2014-11-25 03:20 129752 ----a-w- c:\windows\system32\drivers\03E8308D.sys
2014-11-25 03:20 . 2014-11-25 03:20 129752 ----a-w- c:\windows\system32\drivers\05F33084.sys
2014-11-21 21:24 . 2014-11-21 21:24 129752 ----a-w- c:\windows\system32\drivers\023335C2.sys
2014-11-20 16:24 . 2014-10-24 01:03 499200 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-20 16:24 . 2014-10-24 00:39 656384 ----a-w- c:\windows\system32\kerberos.dll
2014-11-18 22:56 . 2014-11-18 22:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-17 09:55 . 2014-11-01 20:57 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-17 02:32 . 2014-11-01 20:55 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-10 16:32 . 2006-11-02 12:35 112710672 ----a-w- c:\windows\system32\mrt.exe
2014-12-10 05:00 . 2012-12-03 16:54 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 05:00 . 2012-12-03 16:54 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-24 22:04 . 2009-10-19 22:03 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-21 14:14 . 2014-11-01 20:55 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 14:14 . 2014-11-01 20:55 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-31 23:11 . 2014-10-31 23:12 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-10-31 23:06 . 2014-10-31 23:07 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-24 01:04 . 2014-11-13 18:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-24 00:39 . 2014-11-13 18:01 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-18 01:08 . 2014-11-13 18:11 564224 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-18 00:46 . 2014-11-13 18:11 847360 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-12 23:52 . 2014-11-13 18:30 2782208 ----a-w- c:\windows\system32\win32k.sys
2014-10-10 01:10 . 2014-11-13 18:11 548352 ----a-w- c:\windows\system32\termsrv.dll
2014-10-10 01:09 . 2014-11-13 18:11 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-10 01:09 . 2014-11-13 18:11 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-10 01:01 . 2014-11-13 18:11 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-10 01:00 . 2014-11-13 18:11 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-09 23:53 . 2014-11-13 18:11 619520 ----a-w- c:\windows\system32\adtschema.dll
2014-10-09 23:22 . 2014-11-13 18:11 619520 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-10-03 01:18 . 2014-11-13 18:11 274432 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:17 . 2014-11-13 18:11 396800 ----a-w- c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:17 . 2014-11-13 18:11 115712 ----a-w- c:\windows\SysWow64\AudioSes.dll
2014-10-03 01:03 . 2014-11-13 18:11 313344 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 01:02 . 2014-11-13 18:11 201728 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 01:01 . 2014-11-13 18:11 474624 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 01:01 . 2014-11-13 18:11 446976 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-02 23:49 . 2014-11-13 18:11 88576 ----a-w- c:\windows\SysWow64\audiodg.exe
2014-02-13 21:03 . 2014-04-06 00:24 3153408 ----a-w- c:\program files (x86)\SKSS.exe
2013-08-06 20:35 . 2014-04-06 00:24 15225800 ----a-r- c:\program files (x86)\haspdinst.exe
2001-11-27 19:14 . 2014-04-06 00:24 753664 ----a-r- c:\program files (x86)\spr32d30.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-29 39408]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-11-18 1940160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-04-23 43848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-16 152392]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\isuspm.exe" [2011-10-13 2068856]
"PDF8 Registry Controller"="c:\program files (x86)\Nuance\PDF Professional 8\RegistryController.exe" [2012-10-24 178576]
"PDFProHook"="c:\program files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe" [2012-10-24 2013072]
"Nuance PDF Converter Professional 8-reminder"="c:\program files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe" [2012-10-11 333712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-16 01:27 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-03 05:00]
.
2014-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-22 01:21]
.
2014-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-22 01:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cm106Sound"="c:\program files\Cooler Master Storm Sirus\CPL\Storm Sirus.exe" [2011-07-15 278016]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"VIAxHCUtl"="c:\via_xhci\usb3Monitor.exe" [2011-07-12 331776]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.kptv.com/home
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 12.242.16.8;192.168.*.*;*.local;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: En&queue current page with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: Open with Nuance PDF Converter 8 - c:\program files (x86)\Nuance\PDF Professional 8\cnvres_eng.dll /100
Trusted Zone: intuit.com\accounts
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StrataTicker.lnk - c:\program files (x86)\StrataTicker\StrataTicker.exe
BHO-{4102A820-146A-7AEB-8BE7-D97C21282082} - c:\programdata\SaverExxtEnsioon\hgv.x64.dll
BHO-{86942379-72ED-C950-8FFA-66526B3899B1} - c:\programdata\500Coupons\tR4uAKrud.x64.dll
WebBrowser-{64F2DC90-9D55-4BB3-AE33-1B195B641458} - (no file)
AddRemove-PIXresizer_is1 - c:\program files (x86)\PIXresizer\unins000.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{EC8EAC95-AB39-4699-974D-A45DFE7C2764}\WeatherBugSetup.exe
AddRemove-{274E3C5C-178E-EAE2-A52F-2863C0EECD46} - c:\programdata\SaverExxtEnsioon\hgv.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{8AAF211B-043E02A9-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{4942F9C0-0B403F17-06000000}_0]
"ImagePath"="\??\c:\pcdr5\pcdsrvc_x64.pkms"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMTDIV.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32;c:\program files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{4102A820-146A-7AEB-8BE7-D97C21282082}"=hex:51,66,7a,6c,4c,1d,38,12,4e,ab,11,
   45,58,5a,85,3f,f4,f1,9a,3c,24,76,64,96
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{86942379-72ED-C950-8FFA-66526B3899B1}"=hex:51,66,7a,6c,4c,1d,38,12,17,20,87,
   82,df,3c,3e,8c,f0,ec,25,12,6e,66,dd,a5
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:77,f9,99,0f,09,f6,cf,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b5,f8,12,cc,67,bd,06,4a,82,cf,8b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b5,f8,12,cc,67,bd,06,4a,82,cf,8b,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2014-12-17  06:02:07
ComboFix-quarantined-files.txt  2014-12-17 14:02
.
Pre-Run: 399,857,848,320 bytes free
Post-Run: 398,944,808,960 bytes free
.
- - End Of File - - 9DF266AA5080DB12BE0F661CF9FDB075
 



#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 PM

Posted 17 December 2014 - 08:30 PM

Please do this next:

icon11.gif  Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard,  then paste it into Notepad, make sure there is no space before and above File::

File::
c:\windows\system32\drivers\03E8308D.sys
c:\windows\system32\drivers\05F33084.sys
c:\windows\system32\drivers\023335C2.sys
DDS::
uInternet Settings,ProxyOverride = 12.242.16.8;192.168.*.*;*.local;localhost
Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Edited by RPMcMurphy, 17 December 2014 - 08:31 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 Droc

Droc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 18 December 2014 - 12:52 AM

It finished running the combo program and here is the log.

 

 

 

ComboFix 14-12-14.01 - Dere 12/17/2014  18:25:49.5.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.8183.5597 [GMT -8:00]
Running from: c:\users\Dere\Desktop\ComboFix.exe
Command switches used :: c:\users\Dere\Desktop\CFScript.txt
AV: Norton 360 Premier Edition *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 Premier Edition *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 Premier Edition *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\023335C2.sys"
"c:\windows\system32\drivers\03E8308D.sys"
"c:\windows\system32\drivers\05F33084.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\023335C2.sys
c:\windows\system32\drivers\03E8308D.sys
c:\windows\system32\drivers\05F33084.sys
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-18 to 2014-12-18  )))))))))))))))))))))))))))))))
.
.
2014-12-18 02:52 . 2014-12-18 02:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-12-18 02:52 . 2014-12-18 02:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-18 02:52 . 2014-12-18 02:52 -------- d-----w- c:\users\AppData\AppData\Local\temp
2014-12-17 14:02 . 2014-12-18 02:52 -------- d-----w- c:\users\Dere\AppData\Local\temp
2014-12-17 00:21 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D53060D6-12BC-40E0-ADEB-9F8E2A9B8ABA}\mpengine.dll
2014-12-15 00:34 . 2014-12-16 06:10 -------- d-----w- C:\FRST
2014-12-11 05:16 . 2014-12-11 05:16 -------- d-----w- c:\users\Dere\AppData\Local\Western Digital
2014-12-10 16:31 . 2014-11-07 01:33 974848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-12-10 16:31 . 2014-11-07 01:28 1209856 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-12-10 16:28 . 2014-12-03 02:06 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2014-12-10 16:28 . 2014-12-03 01:51 347136 ----a-w- c:\windows\system32\schannel.dll
2014-12-10 04:57 . 2014-12-10 04:57 3044736 ----a-w- c:\program files\SpyHunter-Installer.exe
2014-12-10 04:25 . 2014-12-10 04:27 -------- d-----w- c:\programdata\Unchecky
2014-12-10 01:38 . 2014-11-24 21:53 2339840 ----a-w- c:\windows\system32\jscript9.dll
2014-12-10 01:38 . 2014-11-24 21:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-12-10 01:38 . 2014-11-24 20:40 1810944 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-12-10 01:38 . 2014-11-24 20:35 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2014-12-10 01:38 . 2014-11-24 20:33 421376 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-12-02 22:51 . 2014-12-02 22:51 129752 ----a-w- c:\windows\system32\drivers\4620535D.sys
2014-11-20 16:24 . 2014-10-24 01:03 499200 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-20 16:24 . 2014-10-24 00:39 656384 ----a-w- c:\windows\system32\kerberos.dll
2014-11-18 22:56 . 2014-11-18 22:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-18 02:10 . 2014-11-01 20:57 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-17 02:32 . 2014-11-01 20:55 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-10 16:32 . 2006-11-02 12:35 112710672 ----a-w- c:\windows\system32\mrt.exe
2014-12-10 05:00 . 2012-12-03 16:54 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 05:00 . 2012-12-03 16:54 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-24 22:04 . 2009-10-19 22:03 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-21 14:14 . 2014-11-01 20:55 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 14:14 . 2014-11-01 20:55 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-31 23:11 . 2014-10-31 23:12 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-10-31 23:06 . 2014-10-31 23:07 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-24 01:04 . 2014-11-13 18:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-24 00:39 . 2014-11-13 18:01 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-18 01:08 . 2014-11-13 18:11 564224 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-18 00:46 . 2014-11-13 18:11 847360 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-12 23:52 . 2014-11-13 18:30 2782208 ----a-w- c:\windows\system32\win32k.sys
2014-10-10 01:10 . 2014-11-13 18:11 548352 ----a-w- c:\windows\system32\termsrv.dll
2014-10-10 01:09 . 2014-11-13 18:11 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-10 01:09 . 2014-11-13 18:11 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-10 01:01 . 2014-11-13 18:11 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-10 01:00 . 2014-11-13 18:11 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-09 23:53 . 2014-11-13 18:11 619520 ----a-w- c:\windows\system32\adtschema.dll
2014-10-09 23:22 . 2014-11-13 18:11 619520 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-10-03 01:18 . 2014-11-13 18:11 274432 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:17 . 2014-11-13 18:11 396800 ----a-w- c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:17 . 2014-11-13 18:11 115712 ----a-w- c:\windows\SysWow64\AudioSes.dll
2014-10-03 01:03 . 2014-11-13 18:11 313344 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 01:02 . 2014-11-13 18:11 201728 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 01:01 . 2014-11-13 18:11 474624 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 01:01 . 2014-11-13 18:11 446976 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-02 23:49 . 2014-11-13 18:11 88576 ----a-w- c:\windows\SysWow64\audiodg.exe
2014-02-13 21:03 . 2014-04-06 00:24 3153408 ----a-w- c:\program files (x86)\SKSS.exe
2013-08-06 20:35 . 2014-04-06 00:24 15225800 ----a-r- c:\program files (x86)\haspdinst.exe
2001-11-27 19:14 . 2014-04-06 00:24 753664 ----a-r- c:\program files (x86)\spr32d30.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-29 39408]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-11-18 1940160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-04-23 43848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-16 152392]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\isuspm.exe" [2011-10-13 2068856]
"PDF8 Registry Controller"="c:\program files (x86)\Nuance\PDF Professional 8\RegistryController.exe" [2012-10-24 178576]
"PDFProHook"="c:\program files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe" [2012-10-24 2013072]
"Nuance PDF Converter Professional 8-reminder"="c:\program files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe" [2012-10-11 333712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-16 01:27 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-03 05:00]
.
2014-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-22 01:21]
.
2014-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-22 01:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4102A820-146A-7AEB-8BE7-D97C21282082}]
c:\programdata\SaverExxtEnsioon\hgv.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86942379-72ED-C950-8FFA-66526B3899B1}]
c:\programdata\500Coupons\tR4uAKrud.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cm106Sound"="c:\program files\Cooler Master Storm Sirus\CPL\Storm Sirus.exe" [2011-07-15 278016]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"VIAxHCUtl"="c:\via_xhci\usb3Monitor.exe" [2011-07-12 331776]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.kptv.com/home
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: En&queue current page with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: Open with Nuance PDF Converter 8 - c:\program files (x86)\Nuance\PDF Professional 8\cnvres_eng.dll /100
Trusted Zone: intuit.com\accounts
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{64F2DC90-9D55-4BB3-AE33-1B195B641458} - (no file)
AddRemove-PIXresizer_is1 - c:\program files (x86)\PIXresizer\unins000.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{EC8EAC95-AB39-4699-974D-A45DFE7C2764}\WeatherBugSetup.exe
AddRemove-{274E3C5C-178E-EAE2-A52F-2863C0EECD46} - c:\programdata\SaverExxtEnsioon\hgv.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{8AAF211B-043E02A9-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{4942F9C0-0B403F17-06000000}_0]
"ImagePath"="\??\c:\pcdr5\pcdsrvc_x64.pkms"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMTDIV.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32;c:\program files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{4102A820-146A-7AEB-8BE7-D97C21282082}"=hex:51,66,7a,6c,4c,1d,38,12,4e,ab,11,
   45,58,5a,85,3f,f4,f1,9a,3c,24,76,64,96
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{86942379-72ED-C950-8FFA-66526B3899B1}"=hex:51,66,7a,6c,4c,1d,38,12,17,20,87,
   82,df,3c,3e,8c,f0,ec,25,12,6e,66,dd,a5
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:77,f9,99,0f,09,f6,cf,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b5,f8,12,cc,67,bd,06,4a,82,cf,8b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b5,f8,12,cc,67,bd,06,4a,82,cf,8b,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2014-12-17  18:56:35
ComboFix-quarantined-files.txt  2014-12-18 02:56
ComboFix2.txt  2014-12-17 14:02
.
Pre-Run: 399,735,701,504 bytes free
Post-Run: 399,695,806,464 bytes free
.
- - End Of File - - 5130CA70BEA726CF7A535793F21FE8E8
 



#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 PM

Posted 18 December 2014 - 11:36 PM

How is your computer running now?  Please do this next:

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:
  • How is the computer running now?
  • ESET log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 Droc

Droc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 19 December 2014 - 09:55 AM

My computer is running very good lately, running normally now. 

 

One question I have.  In the begin of this process I was asked/read to back up my files, which I did by saving them to a external hard drive.  I think I need to scan that also right, because it may be infected right?  What is the best way and best program to to do that with?

 

Here is the log from the scan. 

 

 

C:\Users\Dere\AppData\Local\Google\Chrome\User Data\Default\Default\aadedbgfgggbdjdhdgdjgfdbdegedigg\background.js Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
C:\Users\Dere\AppData\Local\Google\Chrome\User Data\Default\Default\aadedbgfgggbdjdhdgdjgfdbdegedigg\ContentScript.js Win32/TrojanDownloader.Tracur.AD trojan cleaned by deleting - quarantined
C:\Users\Dere\AppData\Local\Google\Chrome\User Data\Default\Users\cjaabekloihdgeiihflkddflbbhphkkh\background.js Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
C:\Users\Dere\AppData\Local\Google\Chrome\User Data\Default\Users\khmmijfejoiknnheklecicfkgkhgmefd\cs.js Win32/TrojanDownloader.Tracur.AH trojan cleaned by deleting - quarantined
C:\Users\Dere\Downloads\RegistryDefense.exe a variant of Win32/Adware.RegDefense application cleaned by deleting - quarantined
C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EB trojan cleaned by deleting - quarantined
 



#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 PM

Posted 19 December 2014 - 11:08 PM

The reason we ask you to back up your data, (documents, photos, etc.) is that, occasionally, things can occur with the infections or our removal processes that can cause loss of data or render your computer un-bootable.  I would not expect any of them to be infected, but you can scan that external drive with your installed AV product.

All I have left for you is some important housekeeping:

icon11.gif  Your Adobe reader needs to be updated.  Please visit Adobe's site and grab the newest version.  Be sure to watch for and uncheck any boxes offering to install other software.

icon11.gif  Uninstall ComboFix

  • Press the Windows key + R on your keyboard or click Start -> Run.  Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall

Combofix_uninstall_image.jpg

icon11.gif  Download OTC to your desktop and run it
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.
  • Manually delete any remaining logs or tools from our fixes

icon11.gif  Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated.  Scan with them at least weekly.
  • Please read this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users