Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Repeated Trojan.Ransomlock.G attacks are blocked by my Norton Security


  • This topic is locked This topic is locked
37 replies to this topic

#1 Qrinkle

Qrinkle

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 26 January 2015 - 02:02 AM

Hello, I am new to this forum :)

 

A person responded to my thread in the Symantec forum ( I have Norton security suite ) and directed me to post in this thread :) I have read the preparation guide carefully and will try to explain as honestly and accurately as I can. As my first post in this forums and also as a technical newbie in the field of computers I hope you will excuse my poor "language" :).

 

I don't recall precisely in what order the events happened and I will try my best to retrace my steps up to the whole infection.

 

I woke up from a nap and turned on my computer, then started browsing an adult site, ( hehehe ) booted my mel0n player ( a Korean iTunes of sorts to download music ) and logged into Steam to play CSGO. For some reason a file named goty.dll ( it might have been goty7.dll not sure... ) popped up in my Norton community thingy (which also said the file was safe -_-;; ) and I gave it no second thought. ( I had just woken up from a nap and was not fully there haha )

 

I don't remember in what particular order it happened, but it soon BSOD'd after I logged into Steam. When it restarted it prompted to either boot up startup repair or boot up normally. I didn't know what to do so I just chose the recommended option. ( startup repair) Unfortunately ( and sadly expected... ) the startup repair did not do anything and a new notification on my Norton started appearing every minute or so saying "Norton blocked an attack by: System Infected: Trojan.Ransomlock.G" I looked up ransomlock up on the internet and it said that it would lock up my whole desktop and demand a ransom... Thankfully my Norton was blocking it, but the NPE didn't get rid of the root problem.

 

I immediately ran NPE and gave it time to do its thing. After restarting before and after the scan, NPE found two files named goty.dll and iswin7.dll. The scan was able to remove iswin7.dll with no problem, but it encountered a red X when it tried to remove the goty.dll file. When I clicked on the details, it showed two locations where the goty.dll file was located and one file had a check mark ( meaning it was removed... I think? ) and a big red X on the other one. Sadly as an amateur and somewhat an idiot I did not think to take pictures or anything

 

I was really worried with what might happen to my computer... so I looked up goty.dll on the internet but found nothing about it. I searched up Trojan.Ransomlock.G and Symantec advised me that NPE or a full system scan would remove the risk. I tried NPE numerous times, ( all the types of scans that NPE provides ) ran a full system scan with Norton security suite, downloaded/ran Malwarebytes, Superantispyware, and Sophos. ( I downloaded and ran these programs because people on various anti malware websites recommended them for Trojan.Ransomlock.G ) None of these programs found the root cause of the whole repeated Trojan.Ransomlock.G attacks and I created a Symantec account and posted a thread to get help. The users on the Symantec forum advised me to come to this website and get help.

 

Also I read on the Symantec forums that pirated softwares and such are not allowed. I have not torrented for a good while since I live on school campus and that is prohibited. I took preventive measures by deleting pirated files from the past. I have also deleted BitTorrent. Idk if I was suppose to be honest about that but I figured that you would see all of it anyway when going through my logs or whatever. I will be completely honest because I am asking your forums for help and I will try my best to comply with all rules your forums adheres to.

 

Also I am not sure whether this is relevant to the issue at hand, but my Windows Security Center Service has been recently disabled and I cannot get it to turn back on. I usually update all windows updates right when I see it ( or when auto update does it automatically ) so this was very unusual and I figured it was related to the malware problem.

 

I will now post the FRST log

 

----------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Kevin (administrator) on KEVIN-PC on 26-01-2015 00:21:29
Running from C:\Users\Kevin\Desktop
Loaded Profiles: Kevin (Available profiles: Kevin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(Akamai Technologies, Inc.) C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe
(Flux Software LLC) C:\Users\Kevin\AppData\Local\FluxSoftware\Flux\flux.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Akamai Technologies, Inc.) C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [395152 2011-06-30] (Seagate)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM\...\Run: [Korean IME Migration] => C:\Program Files\Common Files\Microsoft Shared\IME12\IMEKR\IMKRMIG.EXE [43808 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [2638152 2011-06-30] (Seagate)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Korean IME Migration] => C:\Program Files (x86)\Common Files\microsoft shared\IME12\IMEKR\IMKRMIG.EXE [26400 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-3084484054-4120869515-2054980719-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3084484054-4120869515-2054980719-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-3084484054-4120869515-2054980719-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-3084484054-4120869515-2054980719-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
HKU\S-1-5-21-3084484054-4120869515-2054980719-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 845"
HKU\S-1-5-21-3084484054-4120869515-2054980719-1000\...\Run: [f.lux] => C:\Users\Kevin\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3084484054-4120869515-2054980719-1000\...\MountPoints2: {5e9b01d9-9593-11e2-8400-902b345eea5e} - I:\Autorun.exe
HKU\S-1-5-21-3084484054-4120869515-2054980719-1000\...\MountPoints2: {91fbf17a-ee84-11e3-9a98-902b345eea5e} - K:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3084484054-4120869515-2054980719-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\392E78284.lnk
ShortcutTarget: 392E78284.lnk -> C:\ProgramData\48287E293.cpp ()
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3084484054-4120869515-2054980719-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-3084484054-4120869515-2054980719-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3084484054-4120869515-2054980719-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-3084484054-4120869515-2054980719-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Toolbar: HKU\S-1-5-21-3084484054-4120869515-2054980719-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3084484054-4120869515-2054980719-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-3084484054-4120869515-2054980719-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 129.7.73.42 129.7.235.45 172.21.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3084484054-4120869515-2054980719-1000: iloen.com/MelOnWebLinker -> C:\Windows\SysWOW64\npMelOnWebLinkerAx.dll (LOEN Entertainment)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-04-04]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-01-25]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-30]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [782208 2015-01-18] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-09-22] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19821376 2014-11-17] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\392E78284.zot [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-25] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150123.001\IDSvia64.sys [668888 2015-01-10] (Symantec Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150125.005\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150125.005\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20800 2014-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-02-24] (Acronis)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 00:21 - 2015-01-26 00:21 - 00020421 _____ () C:\Users\Kevin\Desktop\FRST.txt
2015-01-26 00:20 - 2015-01-26 00:21 - 00000000 ____D () C:\FRST
2015-01-26 00:20 - 2015-01-26 00:20 - 02129920 _____ (Farbar) C:\Users\Kevin\Desktop\frst64.exe
2015-01-26 00:13 - 2015-01-26 00:14 - 00000000 ____D () C:\Users\Kevin\Downloads\Music Backup
2015-01-25 22:58 - 2015-01-25 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-25 22:58 - 2015-01-25 22:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-25 22:58 - 2015-01-25 22:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-25 20:36 - 2015-01-25 22:57 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-01-25 20:28 - 2015-01-25 22:58 - 00000000 ____D () C:\ProgramData\Sophos
2015-01-25 20:10 - 2015-01-25 20:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-25 18:55 - 2015-01-25 18:55 - 186487152 _____ () C:\Windows\MEMORY.DMP
2015-01-25 18:55 - 2015-01-25 18:55 - 00262504 _____ () C:\Windows\Minidump\012515-7971-01.dmp
2015-01-25 18:55 - 2015-01-25 18:55 - 00000000 ____D () C:\Windows\Minidump
2015-01-25 18:11 - 2015-01-25 18:11 - 00204800 _____ () C:\ProgramData\48287E293.cpp
2015-01-24 00:35 - 2015-01-24 00:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-01-19 17:56 - 2015-01-19 17:56 - 23464072 _____ (Belkin International, Inc.) C:\Users\Kevin\Downloads\LinksysConnect.E1200.1.5.14350.0.exe
2015-01-18 12:24 - 2015-01-18 12:26 - 00000000 ____D () C:\Users\Kevin\AppData\Local\ArmA 2 OA
2015-01-18 12:01 - 2015-01-25 22:56 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2015-01-18 12:01 - 2015-01-18 12:02 - 00000000 ____D () C:\Users\Kevin\AppData\Local\ArmA 2
2015-01-18 12:01 - 2015-01-18 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2015-01-13 23:22 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 23:22 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 23:22 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 23:22 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 23:22 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 23:22 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 23:22 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 23:22 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 23:22 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 23:22 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 23:22 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 23:22 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 23:22 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-12-31 22:37 - 2014-12-31 22:37 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Introversion
2014-12-31 20:51 - 2014-12-31 20:51 - 00000864 _____ () C:\Users\Public\Desktop\Vindictus.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 00:15 - 2013-02-24 14:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-26 00:12 - 2013-03-24 15:13 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\BitTorrent
2015-01-26 00:11 - 2014-05-02 15:49 - 00000000 ____D () C:\Users\Kevin\Documents\My Games
2015-01-26 00:11 - 2013-04-20 00:55 - 00000000 ____D () C:\ProgramData\Orbit
2015-01-25 23:18 - 2009-07-13 22:45 - 00026560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 23:18 - 2009-07-13 22:45 - 00026560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 23:11 - 2013-02-24 14:15 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-25 23:11 - 2010-11-20 21:47 - 02091030 _____ () C:\Windows\PFRO.log
2015-01-25 23:11 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 23:11 - 2009-07-13 22:51 - 00263650 _____ () C:\Windows\setupact.log
2015-01-25 23:10 - 2013-02-24 13:58 - 01892568 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 20:28 - 2013-11-29 20:04 - 00000000 ____D () C:\Users\Kevin\AppData\Local\NPE
2015-01-25 19:49 - 2013-02-24 13:58 - 00000000 ____D () C:\Users\Kevin
2015-01-25 19:40 - 2013-10-20 13:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-25 19:40 - 2013-08-13 16:40 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-25 19:39 - 2014-10-18 03:00 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-25 19:39 - 2014-10-18 03:00 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-25 19:39 - 2014-10-18 03:00 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-25 19:39 - 2014-10-18 03:00 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-25 19:33 - 2014-04-23 03:55 - 00000000 ____D () C:\NPE
2015-01-25 19:15 - 2013-02-24 14:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 19:15 - 2013-02-24 14:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 19:15 - 2013-02-24 14:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 19:03 - 2014-12-12 14:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-25 18:19 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Registration
2015-01-25 18:02 - 2013-02-24 18:33 - 00416826 _____ () C:\Windows\system32\perfh011.dat
2015-01-25 18:02 - 2013-02-24 18:33 - 00122208 _____ () C:\Windows\system32\perfc011.dat
2015-01-25 18:02 - 2013-02-24 18:29 - 00501332 _____ () C:\Windows\system32\perfh006.dat
2015-01-25 18:02 - 2013-02-24 18:29 - 00098640 _____ () C:\Windows\system32\perfc006.dat
2015-01-25 18:02 - 2013-02-24 18:21 - 00392940 _____ () C:\Windows\system32\prfh0404.dat
2015-01-25 18:02 - 2013-02-24 18:21 - 00115072 _____ () C:\Windows\system32\prfc0404.dat
2015-01-25 18:02 - 2013-02-24 18:17 - 00705798 _____ () C:\Windows\system32\prfh0416.dat
2015-01-25 18:02 - 2013-02-24 18:17 - 00147638 _____ () C:\Windows\system32\prfc0416.dat
2015-01-25 18:02 - 2013-02-24 18:14 - 00720936 _____ () C:\Windows\system32\prfh0816.dat
2015-01-25 18:02 - 2013-02-24 18:14 - 00152888 _____ () C:\Windows\system32\prfc0816.dat
2015-01-25 18:02 - 2013-02-24 18:11 - 00732276 _____ () C:\Windows\system32\perfh015.dat
2015-01-25 18:02 - 2013-02-24 18:11 - 00155854 _____ () C:\Windows\system32\perfc015.dat
2015-01-25 18:02 - 2013-02-24 18:08 - 00648600 _____ () C:\Windows\system32\perfh01F.dat
2015-01-25 18:02 - 2013-02-24 18:08 - 00139982 _____ () C:\Windows\system32\perfc01F.dat
2015-01-25 18:02 - 2013-02-24 18:03 - 00375868 _____ () C:\Windows\system32\prfh0804.dat
2015-01-25 18:02 - 2013-02-24 18:03 - 00119574 _____ () C:\Windows\system32\prfc0804.dat
2015-01-25 18:02 - 2013-02-24 17:54 - 00716518 _____ () C:\Windows\system32\perfh019.dat
2015-01-25 18:02 - 2013-02-24 17:54 - 00150824 _____ () C:\Windows\system32\perfc019.dat
2015-01-25 18:02 - 2013-02-24 17:51 - 00486432 _____ () C:\Windows\system32\perfh014.dat
2015-01-25 18:02 - 2013-02-24 17:51 - 00095386 _____ () C:\Windows\system32\perfc014.dat
2015-01-25 18:02 - 2013-02-24 17:48 - 00598906 _____ () C:\Windows\system32\perfh008.dat
2015-01-25 18:02 - 2013-02-24 17:48 - 00111110 _____ () C:\Windows\system32\perfc008.dat
2015-01-25 18:02 - 2013-02-24 17:46 - 00655638 _____ () C:\Windows\system32\perfh01D.dat
2015-01-25 18:02 - 2013-02-24 17:46 - 00142456 _____ () C:\Windows\system32\perfc01D.dat
2015-01-25 18:02 - 2013-02-24 17:43 - 00420342 _____ () C:\Windows\system32\perfh012.dat
2015-01-25 18:02 - 2013-02-24 17:43 - 00120366 _____ () C:\Windows\system32\perfc012.dat
2015-01-25 18:02 - 2013-02-24 17:41 - 00660758 _____ () C:\Windows\system32\perfh005.dat
2015-01-25 18:02 - 2013-02-24 17:41 - 00141408 _____ () C:\Windows\system32\perfc005.dat
2015-01-25 18:02 - 2013-02-24 17:34 - 00735416 _____ () C:\Windows\system32\perfh013.dat
2015-01-25 18:02 - 2013-02-24 17:34 - 00153084 _____ () C:\Windows\system32\perfc013.dat
2015-01-25 18:02 - 2013-02-24 17:30 - 00473420 _____ () C:\Windows\system32\perfh00B.dat
2015-01-25 18:02 - 2013-02-24 17:30 - 00101502 _____ () C:\Windows\system32\perfc00B.dat
2015-01-25 18:02 - 2013-02-24 17:19 - 00675672 _____ () C:\Windows\system32\perfh00E.dat
2015-01-25 18:02 - 2013-02-24 17:19 - 00171256 _____ () C:\Windows\system32\perfc00E.dat
2015-01-25 18:02 - 2013-02-24 17:15 - 00737374 _____ () C:\Windows\system32\perfh00A.dat
2015-01-25 18:02 - 2013-02-24 17:15 - 00158456 _____ () C:\Windows\system32\perfc00A.dat
2015-01-25 18:02 - 2013-02-24 17:13 - 00384262 _____ () C:\Windows\system32\perfh00D.dat
2015-01-25 18:02 - 2013-02-24 17:13 - 00084740 _____ () C:\Windows\system32\perfc00D.dat
2015-01-25 18:02 - 2013-02-24 17:09 - 00731964 _____ () C:\Windows\system32\perfh010.dat
2015-01-25 18:02 - 2013-02-24 17:09 - 00146828 _____ () C:\Windows\system32\perfc010.dat
2015-01-25 18:02 - 2013-02-24 17:07 - 00737634 _____ () C:\Windows\system32\perfh00C.dat
2015-01-25 18:02 - 2013-02-24 17:07 - 00470932 _____ () C:\Windows\system32\perfh001.dat
2015-01-25 18:02 - 2013-02-24 17:07 - 00149562 _____ () C:\Windows\system32\perfc00C.dat
2015-01-25 18:02 - 2013-02-24 17:07 - 00094754 _____ () C:\Windows\system32\perfc001.dat
2015-01-25 18:02 - 2013-02-24 17:04 - 00689126 _____ () C:\Windows\system32\perfh007.dat
2015-01-25 18:02 - 2013-02-24 17:04 - 00149098 _____ () C:\Windows\system32\perfc007.dat
2015-01-25 18:02 - 2009-07-13 23:13 - 17450248 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 00:01 - 2013-02-24 14:07 - 17058756 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-20 19:07 - 2013-02-26 22:46 - 00000000 ____D () C:\Users\Kevin\AppData\Local\CrashDumps
2015-01-19 02:22 - 2013-04-14 20:23 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Skype
2015-01-18 12:24 - 2013-02-24 14:52 - 00718090 _____ () C:\Windows\DirectX.log
2015-01-17 15:16 - 2013-05-30 14:10 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Akamai
2015-01-14 00:53 - 2013-07-24 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 00:09 - 2014-08-29 10:26 - 00000000 ____D () C:\Users\Kevin\Desktop\English
2015-01-12 21:20 - 2014-12-17 22:25 - 00000370 _____ () C:\Users\Kevin\Desktop\ Mabinogi .lnk
2015-01-08 00:33 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-04 13:18 - 2013-11-16 03:22 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-12-31 20:51 - 2013-05-13 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2014-12-31 20:51 - 2013-05-13 14:19 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-12-31 20:21 - 2014-06-05 14:31 - 00001068 _____ () C:\console.log
2014-12-31 13:12 - 2013-02-24 15:27 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-08-09 16:39 - 2013-02-18 17:46 - 4216840 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\vcredist_2008_sp1_x86.exe
2014-10-28 10:51 - 2014-11-03 09:17 - 0000034 _____ () C:\Users\Kevin\AppData\Roaming\AdobeWLCMCache.dat
2015-01-25 18:11 - 2015-01-25 18:11 - 0204800 _____ () C:\ProgramData\48287E293.cpp

Some content of TEMP:
====================
C:\Users\Kevin\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Kevin\AppData\Local\Temp\uninstall.exe
C:\Users\Kevin\AppData\Local\Temp\{6BD29414-1979-4644-9339-7EC2205F8600}.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-14 16:03

==================== End Of Log ============================

 

I tried my best to adhere to the preparation guide

 

Thank you for taking so much of your time to help. Even if you decide on not helping me due to my past pirated softwares I thank you for taking your time to read this. Have a good day!

Attached Files



BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 4,081 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:54 AM

Posted 27 January 2015 - 11:44 AM

Hi Qrinkle :)

 

My name is polskamachina and I will be assisting you with your malware problems. Please give me some time to review your situation and I will get back to you with further instructions.

 

polskamachina



#3 Qrinkle

Qrinkle
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 27 January 2015 - 08:18 PM

Hello polskamachina :D

 

Thank you for helping me :) I will try my best to follow all instructions carefully!

 

Also I wanted to update my post but didn't want to bump it. I have already deleted the .cpp file and its shortcut to stop the constant Trojan.Ransomlock.G attacks with the advice of user Holi from the Symantec forums ( https://community.norton.com/en/forums/constant-attack-my-own-computer-trojanransomlockg )

 

Problem is I wasn't able to find/delete the .dll file and am afraid that the malware is still on my computer :3

 

Have a good day!



#4 polskamachina

polskamachina

  • Malware Response Team
  • 4,081 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:54 AM

Posted 28 January 2015 - 12:37 AM

Hi Qrinkle :)

 

My name is polskamachina and I will be assisting you with your malware problems. What follows below are some ground rules for this forum.

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-8 Hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Let's get started:

 

Can you please give me a brief description of what happens when you boot your computer now?  

  • Do you see your desktop and its icons?
  • Do your programs run normally?
  • Do you get any error or ransom messages?

 

If you have made any deletions or changes since your ran your original FRST scan, please perform another scan and then copy and paste the FRST.txt log in your next reply to me.

 

polskamachina



#5 Qrinkle

Qrinkle
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 28 January 2015 - 05:26 AM

Hey there polskamachina! I hope you are doing well :)

 

https://community.norton.com/en/forums/constant-attack-my-own-computer-trojanransomlockg As reported by the user Holi in the Symantec forums, I have deleted the .cpp file and its shortcut and the Trojan.Ransomlock.G attacks have stopped.

However I still wasn't able to find the .dll file that caused this whole mess in the first place and believe my computer is still infected! :(

 

A friendly user in the Symantec forums advised me and all other sufferers of this malware to make sure our computers is completely clean by coming here :)

 

I am happy to say that I am able to see all desktop icons. There was no other side effect than the repeated Trojan.Ransomlock.G attacks!

 

All of the programs that I have tried do work normally and without any faults. Also I do not get any error or ransom messages. My computer works fine EXCEPT my windows security center service is still disabled and CANNOT be turned on.

 

I don't think it was like this before because I like to keep everything on my computer up to date and would regularly check my task bar? ( whatever the bottom right icons are ) for window updates and such.

 

Since I have deleted the .cpp file and the shortcut, I will now run the FRST scan again and post both of them here!

 

I apologize for not posting the addition one in my original post since I thought it was suppose to be attached :) Since you asked for the FRST.log I will only paste the FRST and not the addition this time! :D

 

 

--------------------------------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Kevin (administrator) on KEVIN-PC on 28-01-2015 04:19:07
Running from C:\Users\Kevin\Desktop
Loaded Profiles: Kevin (Available profiles: Kevin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(Akamai Technologies, Inc.) C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe
(Flux Software LLC) C:\Users\Kevin\AppData\Local\FluxSoftware\Flux\flux.exe
(Akamai Technologies, Inc.) C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [395152 2011-06-30] (Seagate)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM\...\Run: [Korean IME Migration] => C:\Program Files\Common Files\Microsoft Shared\IME12\IMEKR\IMKRMIG.EXE [43808 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [2638152 2011-06-30] (Seagate)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Korean IME Migration] => C:\Program Files (x86)\Common Files\microsoft shared\IME12\IMEKR\IMKRMIG.EXE [26400 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-3084484054-4120869515-2054980719-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3084484054-4120869515-2054980719-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-3084484054-4120869515-2054980719-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-3084484054-4120869515-2054980719-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
HKU\S-1-5-21-3084484054-4120869515-2054980719-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 845"
HKU\S-1-5-21-3084484054-4120869515-2054980719-1000\...\Run: [f.lux] => C:\Users\Kevin\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3084484054-4120869515-2054980719-1000\...\MountPoints2: {5e9b01d9-9593-11e2-8400-902b345eea5e} - I:\Autorun.exe
HKU\S-1-5-21-3084484054-4120869515-2054980719-1000\...\MountPoints2: {91fbf17a-ee84-11e3-9a98-902b345eea5e} - K:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3084484054-4120869515-2054980719-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3084484054-4120869515-2054980719-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-3084484054-4120869515-2054980719-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3084484054-4120869515-2054980719-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-3084484054-4120869515-2054980719-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Toolbar: HKU\S-1-5-21-3084484054-4120869515-2054980719-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3084484054-4120869515-2054980719-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-3084484054-4120869515-2054980719-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 129.7.73.42 129.7.235.45 172.21.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3084484054-4120869515-2054980719-1000: iloen.com/MelOnWebLinker -> C:\Windows\SysWOW64\npMelOnWebLinkerAx.dll (LOEN Entertainment)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-04-04]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-01-28]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-30]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [782208 2015-01-18] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-09-22] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19821376 2014-11-17] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\392E78284.zot [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-25] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150127.001\IDSvia64.sys [668888 2015-01-10] (Symantec Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150127.020\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150127.020\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20800 2014-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-02-24] (Acronis)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 19:10 - 2015-01-27 19:10 - 00000699 _____ () C:\Users\Public\Desktop\R x64 3.1.2.lnk
2015-01-26 08:09 - 2015-01-26 08:09 - 00000206 _____ () C:\Users\Kevin\Desktop\New Text Document.txt
2015-01-26 00:21 - 2015-01-28 04:19 - 00019894 _____ () C:\Users\Kevin\Desktop\FRST.txt
2015-01-26 00:20 - 2015-01-28 04:19 - 00000000 ____D () C:\FRST
2015-01-26 00:20 - 2015-01-26 00:20 - 02129920 _____ (Farbar) C:\Users\Kevin\Desktop\frst64.exe
2015-01-26 00:13 - 2015-01-26 00:14 - 00000000 ____D () C:\Users\Kevin\Desktop\Music Backup
2015-01-25 22:58 - 2015-01-25 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-25 22:58 - 2015-01-25 22:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-25 22:58 - 2015-01-25 22:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-25 20:36 - 2015-01-25 22:57 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-01-25 20:28 - 2015-01-25 22:58 - 00000000 ____D () C:\ProgramData\Sophos
2015-01-25 20:10 - 2015-01-25 20:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-25 18:55 - 2015-01-25 18:55 - 186487152 _____ () C:\Windows\MEMORY.DMP
2015-01-25 18:55 - 2015-01-25 18:55 - 00262504 _____ () C:\Windows\Minidump\012515-7971-01.dmp
2015-01-25 18:55 - 2015-01-25 18:55 - 00000000 ____D () C:\Windows\Minidump
2015-01-24 00:35 - 2015-01-24 00:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-01-19 17:56 - 2015-01-19 17:56 - 23464072 _____ (Belkin International, Inc.) C:\Users\Kevin\Downloads\LinksysConnect.E1200.1.5.14350.0.exe
2015-01-18 12:01 - 2015-01-25 22:56 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2015-01-18 12:01 - 2015-01-18 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2015-01-13 23:22 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 23:22 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 23:22 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 23:22 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 23:22 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 23:22 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 23:22 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 23:22 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 23:22 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 23:22 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 23:22 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 23:22 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 23:22 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-12-31 22:37 - 2014-12-31 22:37 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Introversion
2014-12-31 20:51 - 2014-12-31 20:51 - 00000864 _____ () C:\Users\Public\Desktop\Vindictus.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 04:19 - 2014-08-29 10:26 - 00000000 ____D () C:\Users\Kevin\Desktop\Calc
2015-01-28 04:15 - 2013-02-24 14:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 03:00 - 2013-02-24 13:58 - 01959018 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 00:08 - 2009-07-13 22:45 - 00026560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 00:08 - 2009-07-13 22:45 - 00026560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 00:01 - 2013-02-24 14:15 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-28 00:01 - 2010-11-20 21:47 - 02095014 _____ () C:\Windows\PFRO.log
2015-01-28 00:01 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 00:01 - 2009-07-13 22:51 - 00264490 _____ () C:\Windows\setupact.log
2015-01-26 23:22 - 2013-02-26 22:46 - 00000000 ____D () C:\Users\Kevin\AppData\Local\CrashDumps
2015-01-26 00:12 - 2013-03-24 15:13 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\BitTorrent
2015-01-26 00:11 - 2014-05-02 15:49 - 00000000 ____D () C:\Users\Kevin\Documents\My Games
2015-01-26 00:11 - 2013-04-20 00:55 - 00000000 ____D () C:\ProgramData\Orbit
2015-01-25 20:28 - 2013-11-29 20:04 - 00000000 ____D () C:\Users\Kevin\AppData\Local\NPE
2015-01-25 19:49 - 2013-02-24 13:58 - 00000000 ____D () C:\Users\Kevin
2015-01-25 19:40 - 2013-10-20 13:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-25 19:40 - 2013-08-13 16:40 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-25 19:39 - 2014-10-18 03:00 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-25 19:39 - 2014-10-18 03:00 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-25 19:39 - 2014-10-18 03:00 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-25 19:39 - 2014-10-18 03:00 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-25 19:33 - 2014-04-23 03:55 - 00000000 ____D () C:\NPE
2015-01-25 19:15 - 2013-02-24 14:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 19:15 - 2013-02-24 14:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 19:15 - 2013-02-24 14:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 19:03 - 2014-12-12 14:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-25 18:19 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Registration
2015-01-25 18:02 - 2013-02-24 18:33 - 00416826 _____ () C:\Windows\system32\perfh011.dat
2015-01-25 18:02 - 2013-02-24 18:33 - 00122208 _____ () C:\Windows\system32\perfc011.dat
2015-01-25 18:02 - 2013-02-24 18:29 - 00501332 _____ () C:\Windows\system32\perfh006.dat
2015-01-25 18:02 - 2013-02-24 18:29 - 00098640 _____ () C:\Windows\system32\perfc006.dat
2015-01-25 18:02 - 2013-02-24 18:21 - 00392940 _____ () C:\Windows\system32\prfh0404.dat
2015-01-25 18:02 - 2013-02-24 18:21 - 00115072 _____ () C:\Windows\system32\prfc0404.dat
2015-01-25 18:02 - 2013-02-24 18:17 - 00705798 _____ () C:\Windows\system32\prfh0416.dat
2015-01-25 18:02 - 2013-02-24 18:17 - 00147638 _____ () C:\Windows\system32\prfc0416.dat
2015-01-25 18:02 - 2013-02-24 18:14 - 00720936 _____ () C:\Windows\system32\prfh0816.dat
2015-01-25 18:02 - 2013-02-24 18:14 - 00152888 _____ () C:\Windows\system32\prfc0816.dat
2015-01-25 18:02 - 2013-02-24 18:11 - 00732276 _____ () C:\Windows\system32\perfh015.dat
2015-01-25 18:02 - 2013-02-24 18:11 - 00155854 _____ () C:\Windows\system32\perfc015.dat
2015-01-25 18:02 - 2013-02-24 18:08 - 00648600 _____ () C:\Windows\system32\perfh01F.dat
2015-01-25 18:02 - 2013-02-24 18:08 - 00139982 _____ () C:\Windows\system32\perfc01F.dat
2015-01-25 18:02 - 2013-02-24 18:03 - 00375868 _____ () C:\Windows\system32\prfh0804.dat
2015-01-25 18:02 - 2013-02-24 18:03 - 00119574 _____ () C:\Windows\system32\prfc0804.dat
2015-01-25 18:02 - 2013-02-24 17:54 - 00716518 _____ () C:\Windows\system32\perfh019.dat
2015-01-25 18:02 - 2013-02-24 17:54 - 00150824 _____ () C:\Windows\system32\perfc019.dat
2015-01-25 18:02 - 2013-02-24 17:51 - 00486432 _____ () C:\Windows\system32\perfh014.dat
2015-01-25 18:02 - 2013-02-24 17:51 - 00095386 _____ () C:\Windows\system32\perfc014.dat
2015-01-25 18:02 - 2013-02-24 17:48 - 00598906 _____ () C:\Windows\system32\perfh008.dat
2015-01-25 18:02 - 2013-02-24 17:48 - 00111110 _____ () C:\Windows\system32\perfc008.dat
2015-01-25 18:02 - 2013-02-24 17:46 - 00655638 _____ () C:\Windows\system32\perfh01D.dat
2015-01-25 18:02 - 2013-02-24 17:46 - 00142456 _____ () C:\Windows\system32\perfc01D.dat
2015-01-25 18:02 - 2013-02-24 17:43 - 00420342 _____ () C:\Windows\system32\perfh012.dat
2015-01-25 18:02 - 2013-02-24 17:43 - 00120366 _____ () C:\Windows\system32\perfc012.dat
2015-01-25 18:02 - 2013-02-24 17:41 - 00660758 _____ () C:\Windows\system32\perfh005.dat
2015-01-25 18:02 - 2013-02-24 17:41 - 00141408 _____ () C:\Windows\system32\perfc005.dat
2015-01-25 18:02 - 2013-02-24 17:34 - 00735416 _____ () C:\Windows\system32\perfh013.dat
2015-01-25 18:02 - 2013-02-24 17:34 - 00153084 _____ () C:\Windows\system32\perfc013.dat
2015-01-25 18:02 - 2013-02-24 17:30 - 00473420 _____ () C:\Windows\system32\perfh00B.dat
2015-01-25 18:02 - 2013-02-24 17:30 - 00101502 _____ () C:\Windows\system32\perfc00B.dat
2015-01-25 18:02 - 2013-02-24 17:19 - 00675672 _____ () C:\Windows\system32\perfh00E.dat
2015-01-25 18:02 - 2013-02-24 17:19 - 00171256 _____ () C:\Windows\system32\perfc00E.dat
2015-01-25 18:02 - 2013-02-24 17:15 - 00737374 _____ () C:\Windows\system32\perfh00A.dat
2015-01-25 18:02 - 2013-02-24 17:15 - 00158456 _____ () C:\Windows\system32\perfc00A.dat
2015-01-25 18:02 - 2013-02-24 17:13 - 00384262 _____ () C:\Windows\system32\perfh00D.dat
2015-01-25 18:02 - 2013-02-24 17:13 - 00084740 _____ () C:\Windows\system32\perfc00D.dat
2015-01-25 18:02 - 2013-02-24 17:09 - 00731964 _____ () C:\Windows\system32\perfh010.dat
2015-01-25 18:02 - 2013-02-24 17:09 - 00146828 _____ () C:\Windows\system32\perfc010.dat
2015-01-25 18:02 - 2013-02-24 17:07 - 00737634 _____ () C:\Windows\system32\perfh00C.dat
2015-01-25 18:02 - 2013-02-24 17:07 - 00470932 _____ () C:\Windows\system32\perfh001.dat
2015-01-25 18:02 - 2013-02-24 17:07 - 00149562 _____ () C:\Windows\system32\perfc00C.dat
2015-01-25 18:02 - 2013-02-24 17:07 - 00094754 _____ () C:\Windows\system32\perfc001.dat
2015-01-25 18:02 - 2013-02-24 17:04 - 00689126 _____ () C:\Windows\system32\perfh007.dat
2015-01-25 18:02 - 2013-02-24 17:04 - 00149098 _____ () C:\Windows\system32\perfc007.dat
2015-01-25 18:02 - 2009-07-13 23:13 - 17450248 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 00:01 - 2013-02-24 14:07 - 17058756 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-19 02:22 - 2013-04-14 20:23 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Skype
2015-01-18 12:24 - 2013-02-24 14:52 - 00718090 _____ () C:\Windows\DirectX.log
2015-01-17 15:16 - 2013-05-30 14:10 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Akamai
2015-01-14 00:53 - 2013-07-24 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 00:09 - 2014-08-29 10:26 - 00000000 ____D () C:\Users\Kevin\Desktop\English
2015-01-12 21:20 - 2014-12-17 22:25 - 00000370 _____ () C:\Users\Kevin\Desktop\ Mabinogi .lnk
2015-01-08 00:33 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-04 13:18 - 2013-11-16 03:22 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-12-31 20:51 - 2013-05-13 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2014-12-31 20:51 - 2013-05-13 14:19 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-12-31 20:21 - 2014-06-05 14:31 - 00001068 _____ () C:\console.log
2014-12-31 13:12 - 2013-02-24 15:27 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-08-09 16:39 - 2013-02-18 17:46 - 4216840 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\vcredist_2008_sp1_x86.exe
2014-10-28 10:51 - 2014-11-03 09:17 - 0000034 _____ () C:\Users\Kevin\AppData\Roaming\AdobeWLCMCache.dat

Some content of TEMP:
====================
C:\Users\Kevin\AppData\Local\Temp\uninstall.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-26 01:57

==================== End Of Log ============================



#6 polskamachina

polskamachina

  • Malware Response Team
  • 4,081 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:54 AM

Posted 30 January 2015 - 12:17 PM

Hi Qrinkle :)
 
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
 
Let me know if you have any questions.
 
polskamachina



#7 Qrinkle

Qrinkle
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 30 January 2015 - 11:11 PM

Hey there polskamachina :)

 

Thank you for your fast response! I have just ran combofix and will post the log

 

Also I saw that you said disable only antivirus and antimalware so I didn't disable my Norton smart firewall :3

 

I was kind of worried that something might happen! :o

 

 

ComboFix 15-01-29.01 - Kevin 0/2015 Fri  21:55:28.1.4 - x64
Running from: c:\users\Kevin\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\apppatch\AppLoc.exe
c:\windows\apppatch\AppLocA.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\apppatch\unins000.dat
c:\windows\apppatch\unins000.exe
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-28 to 2015-01-31  )))))))))))))))))))))))))))))))
.
.
2015-01-26 06:20 . 2015-01-28 10:24 -------- d-----w- C:\FRST
2015-01-26 04:58 . 2015-01-26 04:58 -------- d-----w- c:\program files\Microsoft Silverlight
2015-01-26 04:58 . 2015-01-26 04:58 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2015-01-26 02:36 . 2015-01-26 04:57 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit
2015-01-26 02:28 . 2015-01-26 04:58 -------- d-----w- c:\programdata\Sophos
2015-01-26 02:10 . 2015-01-26 02:10 -------- d-----w- c:\programdata\Malwarebytes
2015-01-26 01:39 . 2015-01-26 01:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-01-24 06:35 . 2015-01-24 06:35 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2015-01-18 18:24 . 2015-01-18 18:24 -------- d-----w- c:\program files (x86)\Common Files\BattlEye
2015-01-01 04:37 . 2015-01-01 04:37 -------- d-----w- c:\users\Kevin\AppData\Local\Introversion
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-26 01:39 . 2014-10-18 09:00 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-26 01:15 . 2013-02-24 20:33 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-26 01:15 . 2013-02-24 20:33 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-31 19:12 . 2013-02-24 21:27 113365784 ----a-w- c:\windows\system32\MRT.exe
2014-12-13 05:09 . 2014-12-17 19:04 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-17 19:04 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-10 04:57 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 04:57 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 04:57 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 04:57 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 04:57 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:50 . 2014-12-10 04:57 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:44 . 2014-12-10 04:57 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 04:57 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-10 04:57 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-10 04:57 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 04:57 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 04:57 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 04:57 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 04:57 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 04:57 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 04:57 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 04:57 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 04:57 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 04:57 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 04:57 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 04:57 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 04:57 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 04:57 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 04:57 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 04:57 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 04:57 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 04:57 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 04:57 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 04:57 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 04:57 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 04:57 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 04:57 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 04:57 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 04:57 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 04:57 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 04:57 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 04:57 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 04:57 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 04:57 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 04:57 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 04:57 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 04:57 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 04:57 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 04:57 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 04:57 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 04:57 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 04:57 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 04:57 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-18 20:56 . 2014-11-18 20:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
2014-11-17 22:18 . 2014-11-19 03:47 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2014-11-17 22:18 . 2014-11-19 03:47 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-11-17 22:18 . 2014-02-07 02:14 1538880 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-11-17 20:02 . 2014-11-19 03:49 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-11-17 20:02 . 2013-10-29 05:43 2197680 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-11-17 20:02 . 2014-11-19 03:49 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-11-17 20:02 . 2013-10-29 05:43 2800296 ----a-w- c:\windows\system32\nvspcap64.dll
2014-11-13 00:20 . 2014-11-19 03:47 964928 ----a-w- c:\windows\system32\NvIFR64.dll
2014-11-13 00:20 . 2014-11-19 03:47 935240 ----a-w- c:\windows\system32\NvFBC64.dll
2014-11-13 00:20 . 2014-11-19 03:47 923792 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-11-13 00:20 . 2014-11-19 03:47 900928 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-11-13 00:20 . 2014-11-19 03:47 871648 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-11-13 00:20 . 2014-11-19 03:47 500880 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2014-11-13 00:20 . 2014-11-19 03:47 4292416 ----a-w- c:\windows\system32\nvcuvid.dll
2014-11-13 00:20 . 2014-11-19 03:47 418112 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2014-11-13 00:20 . 2014-11-19 03:47 4011208 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-11-13 00:20 . 2014-11-19 03:47 393024 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-11-13 00:20 . 2014-11-19 03:47 352016 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-11-13 00:20 . 2014-11-19 03:47 348304 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2014-11-13 00:20 . 2014-11-19 03:47 31893136 ----a-w- c:\windows\system32\nvoglv64.dll
2014-11-13 00:20 . 2014-11-19 03:47 303600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-11-13 00:20 . 2014-11-19 03:47 24557712 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-11-13 00:20 . 2014-11-19 03:47 20922512 ----a-w- c:\windows\system32\nvcompiler.dll
2014-11-13 00:20 . 2014-11-19 03:47 19966344 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-11-13 00:20 . 2014-11-19 03:47 1876296 ----a-w- c:\windows\system32\nvdispco6434475.dll
2014-11-13 00:20 . 2014-11-19 03:47 174856 ----a-w- c:\windows\system32\nvinitx.dll
2014-11-13 00:20 . 2014-11-19 03:47 17259664 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-11-13 00:20 . 2014-11-19 03:47 156840 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-11-13 00:20 . 2014-11-19 03:47 1540424 ----a-w- c:\windows\system32\nvdispgenco6434475.dll
2014-11-13 00:20 . 2014-11-19 03:47 14032984 ----a-w- c:\windows\system32\nvopencl.dll
2014-11-13 00:20 . 2014-11-19 03:47 13944952 ----a-w- c:\windows\system32\nvcuda.dll
2014-11-13 00:20 . 2014-11-19 03:47 13213512 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-11-13 00:20 . 2014-11-19 03:47 11397744 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-11-13 00:20 . 2014-11-19 03:47 11336432 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-11-13 00:20 . 2014-06-21 02:35 18514616 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-11-13 00:20 . 2013-02-24 20:47 20986592 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-11-13 00:20 . 2013-02-24 20:15 74056 ----a-w- c:\windows\system32\OpenCL.dll
2014-11-13 00:20 . 2013-02-24 20:15 59592 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-11-13 00:20 . 2012-10-11 03:23 3262784 ----a-w- c:\windows\system32\nvapi64.dll
2014-11-13 00:20 . 2012-10-11 03:23 989056 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-11-13 00:20 . 2012-10-11 03:22 2874456 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-11-13 00:20 . 2012-10-11 03:22 16884632 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-11-12 21:56 . 2013-02-24 20:15 6897352 ----a-w- c:\windows\system32\nvcpl.dll
2014-11-12 21:56 . 2013-02-24 20:15 3534152 ----a-w- c:\windows\system32\nvsvc64.dll
2014-11-12 21:56 . 2013-02-24 20:15 934032 ----a-w- c:\windows\system32\nvvsvc.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Kevin\AppData\Local\Akamai\netsession_win.exe" [2014-10-30 4673432]
"f.lux"="c:\users\Kevin\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-06-30 2638152]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"Korean IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412]
   Ime File REG_SZ          IMKR12.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\05457863.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\05637773.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt53.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150130.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150130.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-24 01:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-06-30 395152]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-11-17 2800296]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-11-17 2465088]
"Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 43808]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Microsoft Excel? ????(&X) - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 129.7.73.42 129.7.235.45 172.21.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-iCloudServices - c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
Wow6432Node-HKCU-Run-ApplePhotoStreams - c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Wow6432Node-HKCU-Run-AppleIEDAV - c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
Wow6432Node-HKCU-Run-EPLTarget\P0000000000000000 - c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE
Wow6432Node-HKLM-Run-Malwarebytes Anti-Exploit - c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-GOGPACKHITMAN3_is1 - j:\hitman - contracts\unins000.exe
AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32;c:\program files (x86)\Norton Security Suite\Engine64\21.6.0.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3084484054-4120869515-2054980719-1000\Software\SecuROM\License information*]
"datasecu"=hex:10,e4,87,32,3e,8f,78,79,6f,12,e0,80,07,b0,da,bc,6e,32,00,68,fb,
   f2,04,98,33,f2,93,a2,32,c0,ec,8d,7c,27,2a,e7,03,88,df,96,de,ae,28,ce,f3,1a,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-01-30  22:02:57 - machine was rebooted
ComboFix-quarantined-files.txt  2015-01-31 04:02
.
Pre-Run: 31,710,523,392 bytes free
Post-Run: 31,581,843,456 bytes free
.
- - End Of File - - A576CAABD2E834724BC53D011E7A8CD9
8F558EB6672622401DA993E1E865C861
 



#8 polskamachina

polskamachina

  • Malware Response Team
  • 4,081 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:54 AM

Posted 31 January 2015 - 12:22 AM

Hi Qrinkle,

 

Good job with the ComboFix log. :thumbsup:

 

I meant to ask you if you're still having problems enabling your security center service after having run ComboFix.

 

polskamachina



#9 Qrinkle

Qrinkle
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 31 January 2015 - 09:39 AM

Hi polskamachina :)

 

The problem with enabling the security center service is gone now!

 

I wanted to ask you if the combofix.txt was all good and dandy :3

 

Thanks for all your help also, I really appreciate it!!! I will now be even more careful with my computer in honor of your work!! :D

 

Have a good day~



#10 polskamachina

polskamachina

  • Malware Response Team
  • 4,081 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:54 AM

Posted 01 February 2015 - 12:49 PM

Hi Qrinkle :)

 

You're welcome for the help. The fact that your security center service has been repaired is good news. However we should make sure that everything else is good as well. Please be patient while I prepare the next set of instructions.

 

polskamachina



#11 polskamachina

polskamachina

  • Malware Response Team
  • 4,081 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:54 AM

Posted 02 February 2015 - 11:20 AM

Hi Qrinkle :)
 
We still need to check a few things out.
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Right click on AdwCleaner.exe and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Let me know if you have any questions.
 
polskamachina



#12 Qrinkle

Qrinkle
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 04 February 2015 - 12:16 AM

Hey there polskamachina! :)

 

Sorry for the late reply but this is the AdwCleaner.txt log file as you requested.

 

Edit: Should I press CLEAN on the AdwCleaner after the scan is done? Or should I just wait for you to check over the log and wait for further instructions?

 

# AdwCleaner v4.109 - Report created 03/02/2015 at 23:14:09
# Updated 24/01/2015 by Xplode
# Database : 2015-02-03.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Kevin - KEVIN-PC
# Running from : C:\Users\Kevin\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Users\Kevin\AppData\Local\CrashRpt
Folder Found : C:\Users\Kevin\AppData\Roaming\YourFileDownloader

***** [ Scheduled Tasks ] *****

Task Found : YourFile DownloaderUpdate

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*.local
Key Found : HKCU\Software\b1.org
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\YourFileDownloader
Key Found : [x64] HKCU\Software\b1.org
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : [x64] HKCU\Software\YourFileDownloader
Key Found : HKLM\SOFTWARE\b1.org
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\YourFileDownloader
Key Found : [x64] HKLM\SOFTWARE\b1.org
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v

-\\ Chromium v

*************************

AdwCleaner[R0].txt - [2224 octets] - [03/02/2015 23:14:09]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2284 octets] ##########

 

Also hope you have a nice day :)


Edited by Qrinkle, 04 February 2015 - 12:17 AM.


#13 polskamachina

polskamachina

  • Malware Response Team
  • 4,081 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:54 AM

Posted 04 February 2015 - 12:48 AM

Hi Qrinkle :)

 

I know it is tempting but please wait until I have reviewed your log before you proceed.

 

Thank you for your patience.

 

polskamachina



#14 Qrinkle

Qrinkle
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 04 February 2015 - 01:19 AM

Oh no problem :)

 

I was just asking to make sure everything went as instructed!

 

Don't feel rushed and please take your time :)



#15 polskamachina

polskamachina

  • Malware Response Team
  • 4,081 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:54 AM

Posted 04 February 2015 - 11:55 PM

Hi Qrinkle,
 
I have a few tasks for you. :)
 
Please right-click on Adwcleaner and select Run As Administrator.

  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply to me.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Next:
 
Please run the FRST64 program again. When the main window opens, please check the box for, Addition.txt. Now click on the Scan button. After the scan is complete please copy and paste the FRST.txt and Addition.txt logs in your next reply to me.
 
In summary, please the copy and paste the following logs into your next reply to me:

  • AdwCleaner[S#].txt
  • FRST.txt
  • Addition.txt

Let me know if you have any questions. How is your computer performing now?
 
polskamachina






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users