Jump to content

guanine

Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by guanine

  1. I thought these would be a drive download attempts or something like them but other Norton users that have drive by download attempts their alerts end with the browser name or say "\Internet" at the end. How come not mine? Here are the logs btw. Results of screen317's Security Check version 0.99.86 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Security Suite WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 14.0.0.145 Adobe Reader XI Mozilla Firefox (31.0) Google Chrome 36.0.1985.125 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4% ````````````````````End of Log``````````````````````
  2. First they are shown in red with warning "High" like this. (There are MANY more sometimes in quick succession according to the times listed if I scroll down, these are just the recent ones) http://imgur.com/Zdfqbnn Then when I go into one it looks like this. (path says harddiskvolume2 and ends in svchost.exe.) http://imgur.com/fc8Mik8 Thank you for your help.
  3. There were no intrusion attempts for about 1 day then I checked Norton and saw there were two attempts this morning at 3:50:52 AM and 3:50:54 AM. Issue has not been fixed.
  4. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 8/9/2014 Scan Time: 7:31:20 AM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.08.09.03 Rootkit Database: v2014.08.04.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Cee Scan Type: Threat Scan Result: Completed Objects Scanned: 302049 Time Elapsed: 9 min, 48 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  5. JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sat Aug 09 07:24:57 2014 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-applet Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-jnlp-file Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0 Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting.
  6. I just realized your instruction said attach and not post the log, sorry for mistake!
  7. ComboFix 14-08-06.02 - Cee 08/08/2014 7:49.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12248.10411 [GMT -7:00] Running from: c:\users\Cee\Desktop\ComboFix.exe AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\msvcr71.dll . . ((((((((((((((((((((((((( Files Created from 2014-07-08 to 2014-08-08 ))))))))))))))))))))))))))))))) . . 2014-08-08 14:54 . 2014-08-08 14:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-08-06 23:48 . 2014-08-08 09:12 -------- d-----w- C:\FRST 2014-08-06 21:04 . 2014-08-06 21:05 -------- d-----w- C:\NPE 2014-08-06 16:56 . 2014-08-06 20:26 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit 2014-08-06 00:51 . 2014-08-06 00:51 -------- d-----w- c:\programdata\ASUS 2014-08-04 23:10 . 2014-08-04 23:11 -------- d-----w- c:\programdata\Package Cache 2014-08-03 14:46 . 2014-08-03 14:46 -------- d-----w- c:\program files (x86)\4KDownload 2014-08-02 22:54 . 2014-08-02 22:54 -------- d-----w- c:\windows\Sun 2014-08-01 01:06 . 2014-08-01 01:06 -------- d-----w- c:\programdata\Aeria Games 2014-08-01 00:20 . 2014-08-01 00:57 -------- d-----w- C:\AeriaGames 2014-07-31 20:45 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll 2014-07-31 20:45 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe 2014-07-31 20:45 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll 2014-07-31 20:45 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll 2014-07-31 20:45 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll 2014-07-31 20:45 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll 2014-07-31 20:45 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll 2014-07-31 20:45 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll 2014-07-31 20:45 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll 2014-07-31 20:45 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll 2014-07-31 20:44 . 2014-05-14 16:23 198600 ----a-w- c:\windows\system32\wuwebv.dll 2014-07-31 20:44 . 2014-05-14 16:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll 2014-07-31 20:44 . 2014-05-14 16:20 36864 ----a-w- c:\windows\system32\wuapp.exe 2014-07-31 20:44 . 2014-05-14 16:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe 2014-07-31 15:04 . 2014-07-31 15:04 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2014-07-31 15:04 . 2014-07-02 17:44 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2014-07-31 14:34 . 2014-07-31 14:34 -------- d-----w- c:\programdata\RzMaelstromVAD_1.1.58.1854 2014-07-30 20:16 . 2014-08-05 04:30 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2014-07-30 20:16 . 2014-08-05 01:01 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2014-07-30 20:16 . 2014-07-31 18:49 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2014-07-30 20:16 . 2011-12-19 22:16 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe 2014-07-30 20:16 . 2014-07-30 20:16 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP 2014-07-30 20:16 . 2014-07-30 20:16 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2014-07-30 18:03 . 2014-07-31 18:33 -------- d-----w- C:\ArcTemp 2014-07-30 03:52 . 2014-07-30 03:52 -------- d-----w- c:\windows\SysWow64\xlive 2014-07-30 03:51 . 2014-07-30 03:52 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE 2014-07-30 00:12 . 2014-07-30 00:12 -------- d-----w- C:\Python27 2014-07-29 22:58 . 2014-07-29 23:39 -------- d-----w- c:\program files (x86)\Notepad++ 2014-07-29 22:12 . 2014-08-05 04:30 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2014-07-29 21:38 . 2014-07-29 21:38 -------- d-----w- c:\program files (x86)\EA Games 2014-07-29 19:23 . 2014-07-29 19:23 -------- d-----w- c:\programdata\SystemRequirementsLab 2014-07-29 19:23 . 2014-07-29 19:23 -------- d-----w- c:\program files (x86)\SystemRequirementsLab 2014-07-29 15:38 . 2014-07-29 15:38 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-07-29 15:38 . 2014-07-29 15:38 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-07-29 15:38 . 2014-07-29 15:38 -------- d-----w- c:\windows\system32\Macromed 2014-07-29 12:12 . 2014-07-29 12:12 -------- d-----w- C:\N360_BACKUP 2014-07-29 11:27 . 2014-06-19 00:14 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2014-07-29 04:05 . 2008-03-05 23:03 238088 ----a-w- c:\windows\SysWow64\xactengine3_0.dll 2014-07-29 04:05 . 2008-03-05 23:03 177672 ----a-w- c:\windows\system32\xactengine3_0.dll 2014-07-29 04:05 . 2008-03-05 23:00 28168 ----a-w- c:\windows\system32\X3DAudio1_3.dll 2014-07-29 04:05 . 2008-03-05 23:00 25608 ----a-w- c:\windows\SysWow64\X3DAudio1_3.dll 2014-07-29 04:05 . 2008-03-05 22:56 4910088 ----a-w- c:\windows\system32\D3DX9_37.dll 2014-07-29 04:05 . 2008-03-05 22:56 3786760 ----a-w- c:\windows\SysWow64\D3DX9_37.dll 2014-07-29 04:05 . 2008-03-05 22:56 1860120 ----a-w- c:\windows\system32\D3DCompiler_37.dll 2014-07-29 04:05 . 2008-03-05 22:56 1420824 ----a-w- c:\windows\SysWow64\D3DCompiler_37.dll 2014-07-29 04:05 . 2008-02-06 06:07 462864 ----a-w- c:\windows\SysWow64\d3dx10_37.dll 2014-07-29 04:05 . 2008-02-06 06:07 529424 ----a-w- c:\windows\system32\d3dx10_37.dll 2014-07-29 01:44 . 2014-07-29 01:44 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2014-07-29 01:41 . 2014-08-06 18:53 -------- d-----w- c:\program files\Adobe 2014-07-29 00:35 . 2014-07-29 00:35 -------- d-----w- C:\.jagex_cache_32 2014-07-28 21:58 . 2014-07-28 21:58 -------- d-----w- C:\Fraps 2014-07-28 19:22 . 2014-08-01 21:50 -------- d-----w- c:\program files (x86)\puush 2014-07-28 19:07 . 2014-07-28 19:07 -------- d-----w- c:\programdata\Oracle 2014-07-28 19:07 . 2014-07-28 19:07 -------- d-----w- c:\program files (x86)\Common Files\Java 2014-07-28 19:06 . 2014-07-28 19:06 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-07-28 19:06 . 2014-07-28 19:06 -------- d-----w- c:\program files (x86)\Java 2014-07-28 19:03 . 2014-07-28 19:03 -------- d-----w- c:\programdata\Riot Games 2014-07-28 19:02 . 2008-07-31 17:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll 2014-07-28 19:02 . 2008-07-31 17:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll 2014-07-28 19:02 . 2008-07-12 15:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll 2014-07-28 19:02 . 2008-07-12 15:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll 2014-07-28 19:02 . 2008-07-12 15:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll 2014-07-28 19:01 . 2014-08-01 01:49 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin 2014-07-28 19:01 . 2014-07-28 19:01 -------- d-----w- C:\Riot Games 2014-07-28 18:59 . 2014-07-28 18:59 -------- d-----w- c:\program files (x86)\Pando Networks 2014-07-28 17:36 . 2014-07-28 17:36 -------- d-----w- c:\windows\SysWow64\Wat 2014-07-28 17:36 . 2014-07-28 17:36 -------- d-----w- c:\windows\system32\Wat 2014-07-28 17:29 . 2013-10-15 01:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE 2014-07-28 17:24 . 2014-07-28 17:24 327168 ----a-w- c:\windows\system32\mswsock.dll 2014-07-28 17:24 . 2014-07-28 17:24 231424 ----a-w- c:\windows\SysWow64\mswsock.dll 2014-07-28 17:24 . 2014-07-28 17:24 1887232 ----a-w- c:\windows\system32\d3d11.dll 2014-07-28 17:24 . 2014-07-28 17:24 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll 2014-07-28 17:15 . 2014-07-28 17:16 -------- d-----w- c:\windows\system32\MRT 2014-07-28 17:11 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2014-07-28 17:11 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2014-07-28 17:11 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2014-07-28 17:11 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll 2014-07-28 17:10 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys 2014-07-28 17:10 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS 2014-07-28 16:54 . 2014-07-28 16:54 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2014-07-28 16:54 . 2014-07-28 16:54 -------- d-----w- c:\program files\Common Files\Symantec Shared 2014-07-28 16:53 . 2014-07-29 02:43 -------- d-----w- c:\windows\system32\drivers\N360x64 2014-07-28 16:53 . 2014-07-28 16:53 -------- d-----w- c:\program files (x86)\Norton Security Suite 2014-07-28 16:51 . 2014-07-28 16:51 -------- d-----w- c:\program files (x86)\NortonInstaller 2014-07-28 16:37 . 2014-07-14 11:12 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E24F2B65-2078-4E46-B0E1-5B210B4090BC}\mpengine.dll 2014-07-28 16:37 . 2014-03-31 16:35 270496 ------w- c:\windows\system32\MpSigStub.exe 2014-07-28 16:12 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2014-07-28 16:12 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2014-07-28 16:12 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2014-07-28 16:12 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2014-07-28 16:12 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2014-07-28 16:12 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2014-07-28 16:12 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2014-07-28 16:05 . 2014-07-28 16:05 -------- d-----w- c:\program files\Microsoft Silverlight 2014-07-28 16:05 . 2014-07-28 16:05 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2014-07-28 16:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2014-07-28 16:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2014-07-28 16:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2014-07-28 10:26 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll 2014-07-28 10:25 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll 2014-07-28 10:24 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2014-07-28 10:23 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2014-07-28 10:22 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2014-07-28 10:21 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys 2014-07-28 10:20 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll 2014-07-28 10:19 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2014-07-28 08:24 . 2014-07-28 08:25 -------- d-----w- c:\programdata\IObit 2014-07-28 08:24 . 2014-08-05 00:55 -------- d-----w- c:\programdata\ProductData 2014-07-28 08:24 . 2014-07-28 13:11 -------- d-----w- c:\program files (x86)\IObit 2014-07-28 06:00 . 2014-07-28 07:47 -------- d-----w- c:\program files (x86)\Deluge 2014-07-28 05:53 . 2014-07-28 05:53 -------- d-----w- c:\program files\CPUID 2014-07-28 04:47 . 2014-08-07 15:28 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-07-28 04:46 . 2014-08-07 04:44 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-07-28 04:46 . 2014-05-12 14:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-07-28 04:46 . 2014-05-12 14:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-07-27 22:56 . 2010-06-24 18:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2014-07-02 20:48 . 2013-12-10 15:13 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll 2014-07-02 20:48 . 2013-12-10 15:13 17555104 ----a-w- c:\windows\system32\nvd3dumx.dll 2014-07-02 20:48 . 2013-12-10 15:13 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2014-07-02 20:48 . 2013-12-10 15:12 3196816 ----a-w- c:\windows\system32\nvapi64.dll 2014-07-02 20:48 . 2013-12-10 15:12 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll 2014-06-30 23:03 . 2014-06-30 23:03 2454016 ----a-w- c:\windows\SysWow64\python27.dll 2014-06-09 09:49 . 2014-06-09 09:49 69632 ----a-w- c:\windows\system32\DriverInstallCA.dll 2014-06-09 09:49 . 2014-06-09 09:49 32768 ----a-w- c:\windows\system32\drivers\RzMaelstromVAD.sys 2014-06-09 09:49 . 2014-06-09 09:49 245760 ----a-w- c:\windows\system32\DriverInstallCACMD.exe 2014-05-16 03:38 . 2014-05-16 03:38 89088 ----a-w- c:\windows\SysWow64\rzdevinfo.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2014-07-28 01:03 223432 ----a-w- c:\users\Cee\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2014-07-28 01:03 223432 ----a-w- c:\users\Cee\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2014-07-28 01:03 223432 ----a-w- c:\users\Cee\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-02 21648480] "Akamai NetSession Interface"="c:\users\Cee\AppData\Local\Akamai\netsession_win.exe" [2014-04-18 4672920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-11 2018032] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 291608] "ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-07 102568] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2014-07-27 3058304] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-02-16 322176] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896] "RazerGameBooster"="c:\program files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe" [2014-02-26 61152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\96369110.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x] R3 sclbl;sclbl;c:\aeriagames\ScarletBlade\avital\scarbt64.sys;c:\aeriagames\ScarletBlade\avital\scarbt64.sys [x] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1503000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1503000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\SYMEFA64.SYS [x] S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x] S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [x] S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\ccSetx64.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140806.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140806.001\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1503000.00C\SYMNETS.SYS [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x] S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x] S2 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x] S2 FanChkService;Fan Filter Checker Service;c:\program files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe;c:\program files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x] S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - cpuz137 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-07-28 04:09 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-29 15:38] . 2014-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-28 04:06] . 2014-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-28 04:06] . 2014-08-07 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41] . 2014-08-08 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2014-07-28 01:03 262344 ----a-w- c:\users\Cee\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2014-07-28 01:03 262344 ----a-w- c:\users\Cee\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2014-07-28 01:03 262344 ----a-w- c:\users\Cee\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-12-29 1014432] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-12-29 800416] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-05-26 361984] "IntelTBRunOnce"="wscript.exe" [2013-10-12 168960] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105 Trusted Zone: aeriagames.com TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 FF - ProfilePath - c:\users\Cee\AppData\Roaming\Mozilla\Firefox\Profiles\5e5mzx4c.default\ FF - prefs.js: browser.startup.homepage - www.reddit.com . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-Malwarebytes Anti-Exploit - c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Best Buy pc app - c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\Best Buy pc app Setup.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\Best Buy pc app Setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\diMaster.dll\" /prefetch:1" "ImagePath"="\SystemRoot\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS" "TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12;c:\program files (x86)\Norton Security Suite\Engine64\21.3.0.12" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-08-08 07:55:52 ComboFix-quarantined-files.txt 2014-08-08 14:55 . Pre-Run: 312,060,755,968 bytes free Post-Run: 311,970,844,672 bytes free . - - End Of File - - DD75DB27AFC5EC8090EAE410EBF916B3
  8. ISSUE IS WORSE :C MULTIPLE ATTEMPTS A DAY!!!! I hope I can get this fixed before I leave back to my country for uni! (( Here are the attached logs! (post too long) FRST.txt
  9. EDIT 3: I'm guessing these are drive by downloads (from what i've read in my textbook) and that theres nothing I can really do about these intrusion ATTEMPTS? Can anyone give me some feedback on this.
  10. EDIT: Malwarebytes and TSSDKILLER came up clean, as well as msert.
  11. Lately I've been getting intrusion attempt alerts from Norton (3 in the past 2 weeks). Previously I never had any but these are strange, the acting path looks suspicious, I believe I may have an infection. Details are as follows: Category: Intrusion PreventionDate & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description8/6/2014 1:08:34 AM,High,An intrusion attempt by 50.7.111.2 was blocked.,Blocked,No Action Required,Web Attack: Malicious File Download 12,No Action Required,No Action Required,"50.7.111.2, 80","www.downgbb.com/US/Installer.php?dv1=10845073&dv2=&dv3=&dv4=&sec_id=qWJ8vBQjIEzEzrekY9hpCTekD38jfEJQvk8rNasah0H8vk8dNBwe7rCQvnsRPBYKPBV4h0z0qWsRhnhazoRavWMRNbëë&marketing_fid=MTQwNzMxMjQ2Ny04MjFjM2E0OTVhZDY5MmJiODBkNmMwNWNmYjBiZDIwOA==","CEE-PC (10.0.0.2, 50137)",50.7.111.2,"TCP, www-http"Network traffic from <b>www.downgbb.com/US/Installer.php?dv1=10845073&dv2=&dv3=&dv4=&sec_id=qWJ8vBQjIEzEzrekY9hpCTekD38jfEJQvk8rNasah0H8vk8dNBwe7rCQvnsRPBYKPBV4h0z0qWsRhnhazoRavWMRNbëë&marketing_fid=MTQwNzMxMjQ2Ny04MjFjM2E0OTVhZDY5MmJiODBkNmMwNWNmYjBiZDIwOA==</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSWOW64\SVCHOST.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.