Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i have a bug -with log


  • This topic is locked This topic is locked
1 reply to this topic

#1 leejones

leejones

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 08 October 2015 - 09:03 PM

im not sure why this was posted two times >>> you can delete this post

 

 

 

 

a few years ago i asked for help , the problem was not fixed .. i don't blame this site just the tool -combofix- it did not fully run

, also my computer was a few years old (almost 10 years old)

 

im pretty sure my computer is hacked ..  tried everything (bought 7 computers one after the other hoping a new computer would solve it  , even changed ip, networks and that did not fix it

 

the things that been happening include -slow typing at times -scrolling is jerky/jumpy -video plays up slow/just strange at times

 

-my computer refreshes itself ... (this just happened while trying to write this the first time) (happens every few months)

 

-windows (not the os) open\closes slowly some times

 

-and a few other smalls issues

 

 

 

before this it was really bad but now im on a new computer, it just does the ^above^ now

 

 

but now i learned just to deal with it (passwords still work ,bank account is ok)

 

 

btw (ip is cable, 4mb computer (few years ago was using an 8mb computer, same issues)

----------------------------------------------------------------------------------------------------------------------------------------------

now my problem is at the end of last month i took my computer to the shop for a repair (had another bug)

it was fixed (kind of) i had to factory reset my computer ...... the hp audio enhancer was disable 

 

after reset the mouse was moving erratically (tried mouse pad,other mouses still the same)

 

i think my hp recovery partition is infected

 

 

before i came here i ran over 20 anti programs (some in  compatibility mode , here is what i ran in no order ( i don't remember the file names it found)

 

-tdsskiller (found nothing)

 

-SUPERAntiSpyware (found 2 pups)

 

-stinger by mcafee (found nothing)

 

-rootkitremover by mcafee (found nothing)

 

-RootkitBuster by trend micro ( ran in a second not sure if it worked but found nothing)

 

-panda anti-rootkit (found nothing)

 

-panda cloud scanner (found 2 malware items, i removed them)

 

-NPE (norton power eraser) (found nothing)

 

-norton it's pre-installed  (found nothing)

 

-mwav by escan (found nothing)

 

-mbar (found nothing)

 

-mbam (found 86 items (this was when the bug installed itself   .. since then nothing)

 

-JRT (found nothing)

 

-HitmanPro (found nothing)

 

-herdProtect (found 2 items 1 i removed the other was a system file , it found some other system files also)

 

-F-SecureOnlineScanner (found nothing)

 

-eset oline scanner (found nothing)

 

-Emsisoft free trial (found two items)

 

-Emsisoft emergencykit (found nothing)

 

-Trend Micro Anti-Ransomware Tool (found some things but they look legit so did not remove)

 

-drweb cureit (found nothing)

 

-mse (the pre-installed one (keeps finding one file infected but keeps saying my pc is clean)

 

-adwcleaner (found nothing)

 

-RogueKiller ( found 2 items deleted them, lost internet connection, was forced to refresh whole pc)

 

 

most all were ran in safe mode and or installed in safe mode, all were ran in normal mode

------------------------------------------------------------------------------

 

 

now it's back like it was before i ran these tools

 

 

i will run everything asked to try to fix it .. just not avast ....

 

 

 

i think what caused the issue (hacker maybe) that will not go away was a infected avast download

 

avast+boot time scan ..... then computers were never the same again

 

 

 

-----------------------------------------------------------------

 

sorry was a long post,rushed (wanted to type this before my computer refreshed again)

 

 

 

--------------------------------------------------------------------

 

forgot to say -i use windows 8 (last time i was forced to upgrade to 8.1 ... so it may change)

 

,also wanted to say the tech that help me years ago was very helpful it was just -combfix- that would not work

 

 

 

 

but i would try combofix again

 

 

 

----------------------------------------------------

 

here is the roguekiller log (at least i think it is)

 

-

 

RogueKiller V10.10.9.0 (x64) [Oct  5 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200) 64 bits version
Started in : Normal mode
User : lee [Administrator]
Started from : C:\Users\lee\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 10/08/2015 08:21:48

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 75.114.81.1 75.114.81.2 ([X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 75.114.81.1 75.114.81.2 ([X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8C8AACC8-9B4F-4F6A-8563-15B0854E72D6} | DhcpNameServer : 75.114.81.1 75.114.81.2 ([X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E5AA7932-41D8-495E-8E19-045A525F9794} | DhcpNameServer : 40.20.1.201 40.20.1.202 ([X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8C8AACC8-9B4F-4F6A-8563-15B0854E72D6} | DhcpNameServer : 75.114.81.1 75.114.81.2 ([X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E5AA7932-41D8-495E-8E19-045A525F9794} | DhcpNameServer : 40.20.1.201 40.20.1.202 ([X][X])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] lmw2ryms.default : user_pref("browser.startup.homepage", "http://www.bing.com/"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD75 00BPVX-60JC3T0 SATA Disk Device +++++
--- User ---
[MBR] 37a992be4561b0dbaa9a190ed7c916e1
[BSP] 55055a1b60072d2c99d0b9d51c8f8e2c : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 688574 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1411815424 | Size: 451 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1412739072 | Size: 450 MB
6 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1413660672 | Size: 350 MB
7 - [SYSTEM] Basic data partition | Offset (sectors): 1414377472 | Size: 24790 MB
User = LL1 ... OK
User = LL2 ... OK
 

-----------------------------------------------------------------------------

and combfix log (i forgot to disable norton,would not open for me to try to disable it and norton try fixing stuff ... if i need to rerun combofix i will)

 

-

 

ComboFix 15-10-06.01 - lee 10/08/2015   8:35.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3548.998 [GMT -7:00]
Running from: c:\users\lee\Downloads\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-09-08 to 2015-10-08  )))))))))))))))))))))))))))))))
.
.
2015-10-08 15:43 . 2015-10-08 15:43    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-10-08 15:43 . 2015-10-08 15:43    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2015-10-08 13:45 . 2015-10-08 15:09    37624    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2015-10-08 13:45 . 2015-10-08 15:06    --------    d-----w-    c:\programdata\RogueKiller
2015-10-08 04:19 . 2015-10-08 05:22    --------    d-----w-    c:\windows\system32\drivers\NISx64\1405000.01C
2015-10-08 03:19 . 2015-09-17 21:07    177616    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-08 03:19 . 2015-09-17 21:07    811472    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-08 03:07 . 2015-10-08 03:07    --------    d-----w-    c:\windows\Migration
2015-10-08 03:07 . 2015-10-08 03:07    --------    d-s---w-    c:\windows\system32\CompatTel
2015-10-08 03:07 . 2015-10-08 03:07    --------    d-----w-    c:\windows\system32\appraiser
2015-10-08 00:46 . 2014-10-09 04:00    1484288    ----a-w-    c:\windows\system32\VSSVC.exe
2015-10-08 00:46 . 2014-10-09 04:00    69632    ----a-w-    c:\windows\system32\vsstrace.dll
2015-10-08 00:46 . 2014-10-09 04:00    1519104    ----a-w-    c:\windows\system32\vssapi.dll
2015-10-08 00:46 . 2014-10-09 03:59    52224    ----a-w-    c:\windows\SysWow64\vsstrace.dll
2015-10-08 00:46 . 2014-10-09 03:59    1195520    ----a-w-    c:\windows\SysWow64\vssapi.dll
2015-10-07 23:01 . 2015-01-09 06:43    951808    ----a-w-    c:\windows\system32\Windows.Globalization.dll
2015-10-07 23:01 . 2015-01-09 05:03    601088    ----a-w-    c:\windows\SysWow64\Windows.Globalization.dll
2015-10-07 21:07 . 2015-10-07 21:12    --------    d-----w-    c:\windows\system32\MRT
2015-10-07 20:44 . 2014-06-10 22:44    35480    ----a-w-    c:\windows\system32\TsWpfWrp.exe
2015-10-07 20:44 . 2014-06-10 22:43    35480    ----a-w-    c:\windows\SysWow64\TsWpfWrp.exe
2015-10-07 17:57 . 2015-01-24 06:42    325632    ----a-w-    c:\windows\system32\ubpm.dll
2015-10-07 17:57 . 2015-01-24 05:00    243712    ----a-w-    c:\windows\SysWow64\ubpm.dll
2015-10-07 17:55 . 2015-07-13 21:05    48128    ----a-w-    c:\windows\system32\csrsrv.dll
2015-10-07 17:55 . 2015-07-13 21:05    54272    ----a-w-    c:\windows\system32\basesrv.dll
2015-10-07 17:55 . 2013-10-19 05:45    62976    ----a-w-    c:\windows\system32\imagehlp.dll
2015-10-07 17:55 . 2013-10-19 04:04    59392    ----a-w-    c:\windows\SysWow64\imagehlp.dll
2015-10-07 17:49 . 2014-11-05 06:39    1024512    ----a-w-    c:\windows\system32\localspl.dll
2015-10-07 17:49 . 2014-10-29 14:21    499008    ----a-w-    c:\windows\system32\drivers\vhdmp.sys
2015-10-07 17:49 . 2014-11-05 06:40    733184    ----a-w-    c:\windows\system32\win32spl.dll
2015-10-07 17:49 . 2014-08-28 06:01    17920    ----a-w-    c:\windows\system32\wuaext.dll
2015-10-07 17:44 . 2014-06-05 01:12    678600    ----a-w-    c:\windows\system32\msvcp120_clr0400.dll
2015-10-07 17:44 . 2014-06-03 23:12    536776    ----a-w-    c:\windows\SysWow64\msvcp120_clr0400.dll
2015-10-07 17:43 . 2014-12-11 06:51    62976    ----a-w-    c:\windows\system32\TSWbPrxy.exe
2015-10-07 17:40 . 2015-04-13 05:32    417280    ----a-w-    c:\windows\system32\services.exe
2015-10-07 17:39 . 2015-07-09 21:46    5982208    ----a-w-    c:\windows\system32\mstscax.dll
2015-10-07 17:39 . 2015-07-09 21:44    322560    ----a-w-    c:\windows\system32\aaclient.dll
2015-10-07 17:39 . 2015-07-09 20:17    5095424    ----a-w-    c:\windows\SysWow64\mstscax.dll
2015-10-07 17:39 . 2015-07-09 20:16    269824    ----a-w-    c:\windows\SysWow64\aaclient.dll
2015-10-07 17:39 . 2015-06-17 14:13    1150264    ----a-w-    c:\windows\SysWow64\ole32.dll
2015-10-07 17:39 . 2015-06-17 13:44    1567560    ----a-w-    c:\windows\system32\ole32.dll
2015-10-07 17:38 . 2015-09-02 13:49    2341376    ----a-w-    c:\windows\system32\msxml6.dll
2015-10-07 17:38 . 2015-09-02 13:49    1850880    ----a-w-    c:\windows\system32\msxml3.dll
2015-10-07 17:38 . 2015-09-02 13:38    1744384    ----a-w-    c:\windows\SysWow64\msxml6.dll
2015-10-07 17:38 . 2015-09-02 13:38    1422336    ----a-w-    c:\windows\SysWow64\msxml3.dll
2015-10-07 17:36 . 2014-02-05 23:41    1257984    ----a-w-    c:\windows\system32\kernel32.dll
2015-10-07 17:36 . 2015-08-05 13:52    1287680    ----a-w-    c:\windows\system32\schedsvc.dll
2015-10-07 17:36 . 2014-09-13 06:24    2233152    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2015-10-07 17:33 . 2015-04-21 13:53    1174528    ----a-w-    c:\windows\system32\sppobjs.dll
2015-10-07 17:32 . 2015-08-04 13:54    10116608    ----a-w-    c:\windows\system32\twinui.dll
2015-10-07 17:32 . 2015-08-04 14:42    8858112    ----a-w-    c:\windows\SysWow64\twinui.dll
2015-10-07 17:32 . 2015-08-04 14:42    2038784    ----a-w-    c:\windows\SysWow64\authui.dll
2015-10-07 17:32 . 2015-08-04 13:54    1399808    ----a-w-    c:\windows\system32\Windows.UI.Immersive.dll
2015-10-07 17:32 . 2015-08-04 13:53    2307584    ----a-w-    c:\windows\system32\authui.dll
2015-10-07 17:32 . 2015-08-04 14:42    1229824    ----a-w-    c:\windows\SysWow64\Windows.UI.Immersive.dll
2015-10-07 17:32 . 2015-08-04 14:42    356352    ----a-w-    c:\windows\SysWow64\SettingSync.dll
2015-10-07 17:32 . 2015-08-04 13:53    449024    ----a-w-    c:\windows\system32\SettingSync.dll
2015-10-07 17:32 . 2015-08-04 14:42    100864    ----a-w-    c:\windows\SysWow64\SettingSyncInfo.dll
2015-10-07 17:32 . 2015-08-04 13:53    128512    ----a-w-    c:\windows\system32\SettingSyncInfo.dll
2015-10-07 17:30 . 2015-01-29 08:05    1627648    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2015-10-07 17:30 . 2015-01-29 06:19    1339392    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2015-10-07 17:30 . 2013-06-22 05:45    785624    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2015-10-07 17:30 . 2013-06-22 05:45    54488    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2015-10-07 17:29 . 2013-07-01 22:14    25600    ----a-w-    c:\windows\system32\drivers\usbprint.sys
2015-10-07 17:29 . 2013-06-29 03:08    32768    ----a-w-    c:\windows\system32\drivers\hidparse.sys
2015-10-07 17:29 . 2013-06-29 03:07    83968    ----a-w-    c:\windows\system32\drivers\hidclass.sys
2015-10-07 17:29 . 2013-05-04 04:48    27648    ----a-w-    c:\windows\system32\drivers\hidusb.sys
2015-10-07 17:29 . 2013-07-05 22:02    99328    ----a-w-    c:\windows\system32\drivers\usbcir.sys
2015-10-07 17:29 . 2013-07-05 22:01    210560    ----a-w-    c:\windows\system32\drivers\usbvideo.sys
2015-10-07 17:28 . 2014-10-09 03:59    623616    ----a-w-    c:\windows\system32\dnsapi.dll
2015-10-07 17:28 . 2014-09-22 05:38    673792    ----a-w-    c:\windows\system32\mfmpeg2srcsnk.dll
2015-10-07 17:28 . 2014-10-09 03:59    212992    ----a-w-    c:\windows\system32\dnsrslvr.dll
2015-10-07 17:28 . 2014-09-22 03:56    513536    ----a-w-    c:\windows\SysWow64\mfmpeg2srcsnk.dll
2015-10-07 17:22 . 2015-02-24 07:58    861696    ----a-w-    c:\windows\system32\drivers\http.sys
2015-10-07 17:21 . 2015-07-28 14:13    743424    ----a-w-    c:\windows\system32\generaltel.dll
2015-10-07 17:21 . 2015-07-28 14:13    69120    ----a-w-    c:\windows\system32\acmigration.dll
2015-10-07 17:21 . 2015-07-28 14:13    774144    ----a-w-    c:\windows\system32\invagent.dll
2015-10-07 17:21 . 2015-07-28 14:13    437248    ----a-w-    c:\windows\system32\devinv.dll
2015-10-07 17:21 . 2015-07-28 13:12    1148416    ----a-w-    c:\windows\system32\aeinv.dll
2015-10-07 17:21 . 2015-06-29 13:27    227328    ----a-w-    c:\windows\system32\aepdu.dll
2015-10-07 17:21 . 2015-05-22 20:44    193536    ----a-w-    c:\windows\system32\aepic.dll
2015-10-07 17:16 . 2014-12-08 06:48    391168    ----a-w-    c:\windows\system32\scesrv.dll
2015-10-07 17:16 . 2014-12-08 05:04    318464    ----a-w-    c:\windows\SysWow64\scesrv.dll
2015-10-07 17:16 . 2015-03-14 08:07    1120256    ----a-w-    c:\windows\system32\msctf.dll
2015-10-07 17:16 . 2015-03-14 06:33    891904    ----a-w-    c:\windows\SysWow64\msctf.dll
2015-10-07 17:16 . 2015-03-04 07:29    361280    ----a-w-    c:\windows\system32\drivers\clfs.sys
2015-10-07 17:16 . 2015-03-04 06:39    74752    ----a-w-    c:\windows\system32\clfsw32.dll
2015-10-07 17:16 . 2015-03-04 04:52    57856    ----a-w-    c:\windows\SysWow64\clfsw32.dll
2015-10-07 17:09 . 2015-05-08 23:39    981504    ----a-w-    c:\windows\system32\KernelBase.dll
2015-10-07 17:09 . 2015-05-08 20:05    668160    ----a-w-    c:\windows\SysWow64\KernelBase.dll
2015-10-07 17:08 . 2015-06-15 15:20    2886144    ----a-w-    c:\windows\system32\msi.dll
2015-10-07 17:08 . 2014-06-12 23:29    2146304    ----a-w-    c:\windows\system32\actxprxy.dll
2015-10-07 17:08 . 2015-06-15 15:22    2416640    ----a-w-    c:\windows\SysWow64\msi.dll
2015-10-07 17:08 . 2014-06-12 23:34    754176    ----a-w-    c:\windows\SysWow64\actxprxy.dll
2015-10-07 17:08 . 2015-06-15 15:22    62976    ----a-w-    c:\windows\SysWow64\msiexec.exe
2015-10-07 17:08 . 2015-06-15 15:21    124416    ----a-w-    c:\windows\system32\msiexec.exe
2015-10-07 17:08 . 2014-10-11 07:44    393216    ----a-w-    c:\windows\system32\msihnd.dll
2015-10-07 17:08 . 2014-06-05 17:56    112984    ----a-w-    c:\windows\system32\consent.exe
2015-10-07 17:08 . 2014-10-11 05:57    295424    ----a-w-    c:\windows\SysWow64\msihnd.dll
2015-10-07 17:06 . 2014-12-06 07:52    72192    ----a-w-    c:\windows\system32\nlaapi.dll
2015-10-07 17:06 . 2014-12-06 07:52    357376    ----a-w-    c:\windows\system32\nlasvc.dll
2015-10-07 17:06 . 2014-12-06 07:52    384000    ----a-w-    c:\windows\system32\ncsi.dll
2015-10-07 17:06 . 2014-12-06 06:09    55296    ----a-w-    c:\windows\SysWow64\nlaapi.dll
2015-10-07 17:03 . 2015-09-01 23:25    4065280    ----a-w-    c:\windows\system32\win32k.sys
2015-10-07 17:03 . 2015-09-02 13:48    46080    ----a-w-    c:\windows\system32\atmlib.dll
2015-10-07 17:03 . 2015-09-02 13:38    35328    ----a-w-    c:\windows\SysWow64\atmlib.dll
2015-10-07 17:03 . 2015-08-28 21:59    304128    ----a-w-    c:\windows\SysWow64\atmfd.dll
2015-10-07 17:03 . 2015-08-27 18:41    366592    ----a-w-    c:\windows\system32\atmfd.dll
2015-10-07 17:03 . 2012-10-24 03:25    26624    ----a-w-    c:\windows\system32\ReAgentc.exe
2015-10-07 17:03 . 2012-10-24 02:48    24064    ----a-w-    c:\windows\SysWow64\ReAgentc.exe
2015-10-07 17:02 . 2013-03-02 08:23    375808    ----a-w-    c:\windows\SysWow64\ReAgent.dll
2015-10-07 17:02 . 2013-03-02 02:44    1011200    ----a-w-    c:\windows\system32\reseteng.dll
2015-10-07 16:59 . 2014-03-11 00:41    559104    ----a-w-    c:\windows\SysWow64\objsel.dll
2015-10-07 16:59 . 2014-03-11 00:38    684032    ----a-w-    c:\windows\system32\objsel.dll
2015-10-07 16:59 . 2014-03-11 00:38    179712    ----a-w-    c:\windows\system32\dpapisrv.dll
2015-10-07 16:59 . 2014-03-11 00:41    38400    ----a-w-    c:\windows\SysWow64\dimsroam.dll
2015-10-07 16:59 . 2014-03-11 00:38    45056    ----a-w-    c:\windows\system32\dimsroam.dll
2015-10-07 16:58 . 2014-12-06 07:53    458240    ----a-w-    c:\windows\system32\wer.dll
2015-10-07 16:58 . 2014-12-06 07:51    370688    ----a-w-    c:\windows\system32\Faultrep.dll
2015-10-07 16:58 . 2014-12-06 07:50    783872    ----a-w-    c:\windows\system32\audiosrv.dll
2015-10-07 16:58 . 2014-12-06 06:10    355840    ----a-w-    c:\windows\SysWow64\wer.dll
2015-10-07 16:58 . 2014-10-02 22:29    169472    ----a-w-    c:\windows\system32\AudioEndpointBuilder.dll
2015-10-07 16:58 . 2013-07-09 06:18    439488    ----a-w-    c:\windows\system32\WerFault.exe
2015-10-07 16:58 . 2013-07-09 04:25    385768    ----a-w-    c:\windows\SysWow64\WerFault.exe
2015-10-07 16:58 . 2014-12-06 07:53    26112    ----a-w-    c:\windows\system32\WerFaultSecure.exe
2015-10-07 16:58 . 2014-12-06 07:51    267264    ----a-w-    c:\windows\system32\EncDump.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-08 12:39 . 2013-07-12 15:28    65536    ----a-w-    c:\windows\system32\spu_storage.bin
2015-10-07 10:57 . 2013-07-12 16:00    177312    ----a-w-    c:\windows\system32\drivers\SYMEVENT64x86.SYS
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-17 642656]
"AccelerometerSysTrayApplet"="c:\program files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe" [2013-03-01 77088]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-07-13 93296]
"HPMessageService"="c:\program files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe" [2013-02-25 1045304]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
3;1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\Ironx64.SYS [x]
R0 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\SymELAM.sys [x]
R3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20151005.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20151005.001\BHDrvx64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 RTSPER;Realtek PCIe CardReader Driver;c:\windows\system32\DRIVERS\RtsPer.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPer.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\SYMEFA64.SYS [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\ccSetx64.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AdaptiveSleepService;AdaptiveSleepService;c:\program files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe;c:\program files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S3 AmdAS4;AmdAS4 service;c:\windows\System32\drivers\AmdAS4.sys;c:\windows\SYSNATIVE\drivers\AmdAS4.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20151007.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20151007.001\IDSvia64.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost    REG_MULTI_SZ       apphostsvc
iissvcs    REG_MULTI_SZ       w3svc was
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-06 15:20]
.
2015-10-08 c:\windows\Tasks\HPCeeScheduleForlee.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-03-08 7156296]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.114.81.1 75.114.81.2
FF - ProfilePath - c:\users\lee\AppData\Roaming\Mozilla\Firefox\Profiles\lmw2ryms.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2015-10-08  08:48:14
ComboFix-quarantined-files.txt  2015-10-08 15:48
.
Pre-Run: 658,229,899,264 bytes free
Post-Run: 658,136,756,224 bytes free
.
- - End Of File - - 2474395FF7744BA91D9EDE5026E6850D
5FB38429D5D77768867C76DCBDB35194
 


Edited by leejones, 08 October 2015 - 11:15 PM.


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:16 AM

Posted 09 October 2015 - 03:00 AM

closed, double post!

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users