Jump to content

svchost trojan tracur is overtaking my computer!


Recommended Posts

Well maybe its all good now. In task manager there is 15 svchost.exe's in a row. Some are under SYSTEM, some are under LOCAL SERVICE, some are NETWORK SERVICE. The ASUS ctrl process is running, which I don't remember running regularly. I really don't know what are good and what are bad processes though. It does look different now though. Did that scan look like there was anything there to you? I know there was lots of credential manager stuff happening before, and stuff with my windows live account, which I never merged, and remote desktop stuff running, connection sharing. I've been doing constant scans and battling with this thing since last wednesday so I kind of have lost my sense of whats real and whats not lol. My first attempt at malware removal on a larger scale by myself. There is two other computers on my network. My wife is on those, and they are running XP, and they have had quite the week too, but now seen a bit better, but I still don't really know if they are clean. I plan on upgrading them to windows 7 soon anyway.

Link to post
Share on other sites

  • Replies 96
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Well the current logs are not showing any signs of an infection.  We can run another antivirus scan though.

 

dr_web_cureit_zpse80d87bf.jpg

  1. Please download Dr.Web CureIt! antivirus and save it to your computer. The file size is in excess of 100MB
  2. NOTE: Free usage of Dr.Web CureIt! for business purposes is illegal.
  3. Internet Explorer may show a warning when downloading - the file is safe to download from the provided link.
  4. Shutdown your antivirus to avoid any conflicts while scanning.
  5. Once the scans have completed please re-enable your antivirus.
  6. If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection Modules
  7. If needed you can also temporarily disable it from starting with Windows
  8. Temporarily turn off any other security add-ons or applications you may also have.
  9. Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature.
  10. If it does not have a Digital Signature then do not run it.
  11. Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer.
  12. You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer.
  13. Click on the Yes button to start the installer.
  14. Click OK to scan your computer in the Enhanced Protection Mode
  15. Click on the check box to agree to participate in their software improvement program.
  16. Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench.
  17. Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button.
  18. Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them.
  19. Then click on the Start scanning button.
  20. If a threat is found you can click on the Action column in the program.
  21. Your options will be Cure or Ignore
  22. If you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure.
  23. Then click on the Neutralize button.
  24. Once completed click on the green Open Report link. It will open the report in NOTEPAD
  25. Save the report to your desktop. The report will be called Cureit.log
  26. Close Dr.Web Cureit!
  27. Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  28. After reboot, attach the log Cureit.log you saved previously in your next reply.
  29. Re-Enable your antivirus and other security programs when all done.


 

Link to post
Share on other sites

Well I can't say how much I appreciate your help thus far. I have to work now, but I will be back later to do the next scan you have on tap and more stuff on my other systems. Even though I'm going to be wiping and upgrading soon. I need to practice. I would like to donate, or something, if you don't take donations maybe I will buy malwarebytes even though I have it. The guy who built my computer gave me one of his licences. I want my own licences. So you are saying that there was nothing fishy going on? It just seemed like there was a lot of network activity. And user account stuff, permissions... I don't use this computer for anything like that. I don't want other computers accessing it. 

 

Thanks again, talk soon.

Link to post
Share on other sites

  • Root Admin

Most of what was there was just typical adware junk that most computer users seem to get over time.  It can build up and can potentially sooner or later get you infected with something nasty so best to clean it up and try to protect it from happening in the first place if possible.

 

As for the donation, no I don't take any donations thank you though.  If the other person "gave" you a license without providing you the sales receipt for it then I'd say it's probably not legit and I'm with you, I'd rather have my own legal copy.  The license is currently a lifetime license for consumer home use and can be transferred to a new computer if wanted.

Link to post
Share on other sites

So I'm just about to download my copies of Malwarebytes pro. I just need to pay. So I get redirected to cleaverbridge? Thats right?

 

So Just a few things that are a concern to me in regards to my system. I noticed that the Eset enod was still on my system, even though I uninstalled it, and also that the scans were still using the egui or whatever instead of smartscan. I had purchased smart scan. I noticed last weekend when I bought it that it wasnt scanning anything, I think that the malware was letting me use a modified version. I noticed the same thing about malwarebytes.... Two different versions, one I couldn't see. You can see this in the last scan. Oh and the fact there was two versions to the file. I'll post the other even though I'm sure I'm just being paranoid. I've noticed sometimes when I go to pages it looks like there is a flash of my local IP so am I being redirected back? PARADOID!!!! Oh and ESET asked me to make a second user account for anti theft on my computer. I did, then I changed my mind, and deleted it, and guess what, it's BACK!!!! Feeling paranoid and starting to not trust. And the whole page of local machine netwrork connections in my eset is fishy to me. I've done some networking and don't remember anything like that. But I dunno, Im going a little nutz.

 

Just wanted to also make sure you didn't think I was totally nuts. This did infact start last week with a strange item in my task tray, and then all of a sudden, there was actually some trojans on my system, and the other systems on the network. Just want to get this all cleaned. 

 

Here is that other log, which isn't that different, but there is a few things on it maybe worth the gander.

 

 
ComboFix 13-10-31.01 - Admin 10/31/2013  13:15:28.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32743.29650 [GMT -5:00]
Running from: C:\Users\Admin\Desktop\ComboFix.exe
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
 * Resident AV is active
 
 
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
 
 
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\1031.msi
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\1033.msi
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\1036.msi
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\1041.msi
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\2052.msi
 
 
(((((((((((((((((((((((((   Files Created from 2013-09-28 to 2013-10-31  )))))))))))))))))))))))))))))))
 
 
2013-10-31 18:19:19 . 2013-10-31 18:19:19 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-10-31 18:17:43 . 2013-10-31 18:17:43 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3134FF74-EF4B-40CC-86B4-32F476B09FCC}\offreg.dll
2013-10-31 06:34:17 . 2013-10-31 06:34:17 -------- d-----w- C:\FRST
2013-10-31 04:36:48 . 2013-10-31 04:53:51 -------- d-----w- C:\AdwCleaner
2013-10-31 04:23:16 . 2013-10-31 04:23:16 -------- d-----w- C:\Windows\ERUNT
2013-10-31 02:56:34 . 2013-10-31 02:56:51 -------- d-----w- C:\Program Files (x86)\ERUNT
2013-10-29 20:19:32 . 2013-10-16 06:20:16 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3134FF74-EF4B-40CC-86B4-32F476B09FCC}\mpengine.dll
2013-10-28 04:06:01 . 2013-10-28 04:06:01 -------- d-----w- C:\TDSSKiller_Quarantine
2013-10-28 03:45:31 . 2013-10-31 04:17:48 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-28 03:43:55 . 2013-10-31 04:00:36 91352 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2013-10-28 02:49:41 . 2013-10-28 02:49:41 -------- d-----w- C:\Users\Admin\AppData\Local\ESET
2013-10-28 02:48:58 . 2013-10-28 02:48:58 -------- d-----w- C:\Program Files\ESET
2013-10-27 14:01:31 . 2012-08-24 18:13:17 154480 ----a-w- C:\Windows\system32\drivers\ksecpkg.sys
2013-10-27 14:01:31 . 2012-08-24 18:09:34 458712 ----a-w- C:\Windows\system32\drivers\cng.sys
2013-10-27 14:01:31 . 2012-08-24 18:05:03 340992 ----a-w- C:\Windows\system32\schannel.dll
2013-10-27 14:01:31 . 2012-08-24 18:03:09 1448448 ----a-w- C:\Windows\system32\lsasrv.dll
2013-10-27 14:01:31 . 2012-08-24 16:57:40 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-10-27 14:01:31 . 2012-08-24 16:57:40 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-10-27 14:01:31 . 2012-08-24 16:53:35 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-10-27 12:49:31 . 2013-10-27 12:49:31 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-10-27 12:49:04 . 2013-10-27 12:49:04 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-10-27 12:48:50 . 2013-10-27 12:48:50 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-10-25 10:39:30 . 2013-10-25 10:39:32 -------- d-----w- C:\Program Files\CCleaner
2013-10-24 23:05:22 . 2013-10-27 13:48:52 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-10-24 06:53:10 . 2013-10-24 06:53:10 -------- d-----w- C:\Program Files (x86)\PIXELA
2013-10-23 08:53:51 . 2013-10-25 12:52:17 -------- d-----w- C:\Users\Admin\AppData\Roaming\vlc
2013-10-22 21:10:13 . 2013-10-22 21:10:13 -------- d-----w- C:\Users\Admin\AppData\Local\webkit
2013-10-21 09:54:20 . 2013-10-29 21:12:41 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-10-21 09:44:03 . 2013-10-29 21:12:25 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-10-21 09:43:47 . 2013-10-29 21:12:07 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-10-21 09:43:38 . 2013-10-21 09:43:38 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-10-21 07:21:58 . 2013-10-25 12:52:08 -------- d-----w- C:\Users\Admin\AppData\Local\gtk-2.0
2013-10-21 07:21:48 . 2013-10-21 07:21:48 -------- d-----w- C:\Users\Admin\.thumbnails
2013-10-21 07:20:14 . 2013-10-22 21:33:26 -------- d-----w- C:\Users\Admin\.gimp-2.8
2013-10-21 07:20:14 . 2013-10-21 07:20:14 -------- d-----w- C:\Users\Admin\AppData\Local\gegl-0.2
2013-10-21 07:15:50 . 2013-10-21 07:16:18 -------- d-----w- C:\Program Files\GIMP 2
2013-10-19 11:04:03 . 2013-10-31 11:38:25 -------- d-----r- C:\Users\Admin\Google Drive
2013-10-18 02:23:49 . 2013-10-08 12:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-09 07:45:32 . 2013-07-04 12:50:39 633856 ----a-w- C:\Windows\system32\comctl32.dll
2013-10-01 20:15:20 . 2013-10-01 20:15:20 -------- d-----w- C:\Users\Admin\AppData\Roaming\Oracle
2013-10-01 19:47:27 . 2013-10-01 19:47:27 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2013-10-01 19:47:01 . 2013-10-18 02:23:49 -------- d-----w- C:\Program Files (x86)\Java
2013-10-01 19:46:17 . 2013-10-01 19:46:17 -------- d-----w- C:\ProgramData\McAfee
2013-10-01 19:42:01 . 2013-10-18 02:24:12 -------- d-----w- C:\ProgramData\Oracle
.
 
 
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 
2013-10-09 08:03:36 . 2012-08-07 09:29:18 80541720 ----a-w- C:\Windows\system32\MRT.exe
2013-10-08 21:45:38 . 2012-09-01 00:05:29 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-08 21:45:38 . 2012-08-15 20:16:27 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-17 20:17:38 . 2013-09-17 20:17:38 62136 ----a-w- C:\Windows\system32\drivers\epfwwfp.sys
2013-09-17 20:17:38 . 2013-09-17 20:17:38 44120 ----a-w- C:\Windows\system32\drivers\EpfwLWF.sys
2013-09-17 20:17:38 . 2013-09-17 20:17:38 239320 ----a-w- C:\Windows\system32\drivers\eamonm.sys
2013-09-17 20:17:38 . 2013-09-17 20:17:38 239296 ----a-w- C:\Windows\system32\drivers\edevmon.sys
2013-09-17 20:17:38 . 2013-09-17 20:17:38 220232 ----a-w- C:\Windows\system32\drivers\epfw.sys
2013-09-17 20:17:38 . 2013-09-17 20:17:38 168256 ----a-w- C:\Windows\system32\drivers\ehdrv.sys
2013-09-03 19:35:10 . 2010-11-21 03:27:21 278800 ------w- C:\Windows\system32\MpSigStub.exe
2013-08-29 01:48:15 . 2013-10-09 07:45:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-05 02:25:45 . 2013-09-11 10:36:55 155584 ----a-w- C:\Windows\system32\drivers\ataport.sys
 
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"D-Link D-Link DWA-125"="C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe" [2011-06-10 15:36:30 1074496]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
 
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys;C:\Windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys;C:\Windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 efavdrv;efavdrv;C:\Windows\system32\drivers\efavdrv.sys;C:\Windows\SYSNATIVE\drivers\efavdrv.sys [x]
R3 esihdrv;esihdrv;C:\Users\Admin\AppData\Local\Temp\esihdrv.sys;C:\Users\Admin\AppData\Local\Temp\esihdrv.sys [x]
R3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;C:\Windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys;C:\Windows\SYSNATIVE\DRIVERS\MAudioMIDISPORT_DFU.sys [x]
R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;C:\Windows\system32\drivers\MFWAMIDI64.sys;C:\Windows\SYSNATIVE\drivers\MFWAMIDI64.sys [x]
R3 MFWAWAVE64;MOTU Audio Wave for 64 bit;C:\Windows\system32\drivers\MFWAWAVE64.sys;C:\Windows\SYSNATIVE\drivers\MFWAWAVE64.sys [x]
R3 MotuFWA64;MotuFWA64;C:\Windows\system32\drivers\Motufwa64.sys;C:\Windows\SYSNATIVE\drivers\Motufwa64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\system32\DRIVERS\AiChargerPlus.sys;C:\Windows\SYSNATIVE\DRIVERS\AiChargerPlus.sys [x]
S0 asahci64;asahci64;C:\Windows\system32\DRIVERS\asahci64.sys;C:\Windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys;C:\Windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 iaStorA;iaStorA;C:\Windows\system32\DRIVERS\iaStorA.sys;C:\Windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;C:\Windows\system32\DRIVERS\iaStorF.sys;C:\Windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys;C:\Windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys;C:\Windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S1 anodlwf;ANOD Network Security Filter driver;C:\Windows\system32\DRIVERS\anodlwfx.sys;C:\Windows\SYSNATIVE\DRIVERS\anodlwfx.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys;C:\Windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys;C:\Windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys;C:\Windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 VDiskBus;ASUS Disk Unlocker;C:\Windows\system32\DRIVERS\VDiskBus64.sys;C:\Windows\SYSNATIVE\DRIVERS\VDiskBus64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x]
S2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.16\atkexComSvc.exe;C:\Program Files (x86)\ASUS\AXSP\1.00.16\atkexComSvc.exe [x]
S2 ASDiskUnlocker;ASDiskUnlocker;C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe;C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe [x]
S2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.15\aaHMSvc.exe;C:\Program Files (x86)\ASUS\AAHM\1.00.15\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.10\AsusFanControlService.exe;C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.10\AsusFanControlService.exe [x]
S2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe;C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [x]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [x]
S2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe;C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [x]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe;C:\Program Files (x86)\Nero\Update\NASvc.exe [x]
S2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys;C:\Windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S3 ASFLTDrv.sys;ASFLTDrv.sys;C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys;C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys;C:\Windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys;C:\Windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys;C:\Windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys;C:\Windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys;C:\Windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys;C:\Windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;C:\Windows\system32\DRIVERS\MAudioMIDISPORT.sys;C:\Windows\SYSNATIVE\DRIVERS\MAudioMIDISPORT.sys [x]
S3 motubus;MOTU Audio MIDI Extension;C:\Windows\system32\drivers\MotuBus64.sys;C:\Windows\SYSNATIVE\drivers\MotuBus64.sys [x]
S3 synusb64;eLicenser;C:\Windows\system32\DRIVERS\synusb64.sys;C:\Windows\SYSNATIVE\DRIVERS\synusb64.sys [x]
 
 
--- Other Services/Drivers In Memory ---
 
*NewlyCreated* - ASFLTDRV.SYS
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 17:29:54 451872 ----a-w- C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 21:24:09 1185744 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
 
Contents of the 'Scheduled Tasks' folder
 
2013-10-31 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 00:05:29 . 2013-10-08 21:45:39]
 
2013-10-31 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-01 00:06:34 . 2013-08-01 00:06:31]
 
2013-10-31 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-01 00:06:34 . 2013-08-01 00:06:31]
 
 
--------- X64 Entries -----------
 
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 22:37:02 778704 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 22:37:02 778704 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 22:37:02 778704 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 22:37:02 778704 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 22:37:02 778704 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2013-09-12 17:06:08 5618456]
 
------- Supplementary Scan -------
 
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
 
- - - - ORPHANS REMOVED - - - -
 
SafeBoot-88302071.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-ROG_Video Intro - C:\Windows\system32\ROG_Video Intro .scr
Link to post
Share on other sites

HEY!!! The scan came up clean.  Sorry it took me so long. It's been kind of crazy. I was up late restarting my router and re-configuring it. I still need to figure out what exactly what the Ipv6 is good for.  The IP addresses that were associated with my programs look a little different now. I was on some kind of a local loop back, I need to look into what that means. LOL. BUt I still wonder about the programs and processes running, the windows account coming back, the thread ordering service is running, and it's not something I ever started (to my knowledge), Remote Desktop stuff like, user port, secure socket tunneling service, windows cradentials, file encrypting (EFS).... 

Link to post
Share on other sites

  • Root Admin

Q: So I'm just about to download my copies of Malwarebytes pro. I just need to pay. So I get redirected to cleaverbridge? Thats right?
A: Yes, if you're purchasing the product (not recommended to make any purchases while the computer may still possibly be infected) that is our sales merchant that handles credit card purchases for us.

Q: I noticed that the Eset enod was still on my system, even though I uninstalled it,
A: Follow the advice here to manually remove it: How do I manually uninstall my Windows ESET product?
To reinstall the ESET Smartscan follow the approprate download links on the ESET site

What you may want to do is download the installer for both ESET and MBAM so that you have the latest installer available on your local computer to reinstall.

 

Then manually uninstall ESET as linked above.  Then also uninstall MBAM using the link below.  That way you know that both products are fully uninstalled from the computer.

MBAM Clean Removal Process



Then when you're certain that ESET and MBAM are removed restart the computer one more time.
Then install ESET antivirus and get it updated and working and restart the computer one more time and make sure ESET is still working as expected.
Then do a FULL SYSTEM scan with ESET antivirus and let me know if it finds anything or not.



Then reinstall MBAM and update it as well and do a Quick Scan and post back that log.

Then let me know how the computer is running and what issues you're still concerened about.

Do not do any System Restores as that puts back items that were previously removed.  Once we're sure the computer is clean we'll actually delete all your old System Restore Points and create a New one that we know is now clean.

Link to post
Share on other sites

Grrr. Was having trouble posting...

 

Wow that took me a while, sorry about that. I got Eset uninstalled and downloaded. Also MB. I had a bit of a hitch, lately, yesterday and today, on some restarts I've noticed my icon goes away when I click and I have to reboot, and I have one of those ASUS mobos that you have to try to hit F8 instantly after the beep. I did figure out a trick today FINALLY!!! But then I had a hitch, windows wouldnt restart. Windows screen didn't boot. I tried the hardware thing that came up, and a few other things, but I had to restore. After all that "( I ended up installing the free version by accident. Can I just go ahead and upgrade, or will I need to uninstall? I'm gonna head over buy it now. I still am very paranoid about my system, but I don't want to waste your time. I had atleast two trojans on each of my three systems last week, and I just think it's part of something bigger. I had Trojan-GEN-nulo, I think?? There was a trojan Tracur, and I unfortunately forget the others. I think i made notes somewhere, Oh just the other day one of the scans pulled up Eicar, weird isnt it??? There's PUPs that keep coming back on a different machine... I think it was right before I started with you.

 

.......Anyway......

 

Here's the latest from Eset. Next for MB!

 

 

Oh, why does it say "server" near the end, I really don't have anything connecting to this computer, and if I do, I need to know how to get rid of it!

 

Scan Log
Version of virus signature database: 8996 (20131101)
Date: 11/1/2013  Time: 9:22:14 PM
Scanned disks, folders and files: C:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\bb\bbv.chm » CHM - is OK (internal scanning not performed)
C:\bb\SetupCoyoteWT10.exe » INNO » {app}\CoyoteWT.chm » CHM - is OK (internal scanning not performed)
C:\bb\SetupCoyoteWT11.exe » INNO » {app}\CoyoteWT.chm » CHM - is OK (internal scanning not performed)
C:\bb\Ear Training\Music Replay\MusicReplay.chm » CHM - is OK (internal scanning not performed)
C:\bb\Ear Training\Pitch Invasion\PitchInvasion.chm » CHM - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab » CAB - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0018-0409-0000-0000000FF1CE}-C\PptLR.cab » CAB - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab » CAB - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab » CAB - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-001B-0409-0000-0000000FF1CE}-C\WordLR.cab » CAB - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab » CAB - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab » CAB - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab » CAB - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\Office64WW.msi » MSI - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\OWOW64WW.cab » CAB - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab » CAB - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab » CAB - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0114-0409-0000-0000000FF1CE}-C\GrooveMUISet.msi » MSI - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0114-0409-0000-0000000FF1CE}-C\Groove.en-us\GrooveLR.cab » CAB - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab » CAB - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\pss10r.chm » CHM - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\setup.chm » CHM - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.msi » MSI - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.msi » MSI - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0116-0409-1000-0000000FF1CE}-C\OWOW64LR.cab » CAB - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccLR.cab » CAB - is OK (internal scanning not performed)
C:\Program Files\ATI\CIM\Config\atiicdxx.msi » MSI - is OK (internal scanning not performed)
C:\Program Files\ATI\CIM\Config\chipset.MSI » MSI - is OK (internal scanning not performed)
C:\Program Files\ATI\CIM\Config\MMTableRev0.MSI » MSI - is OK (internal scanning not performed)
C:\Program Files\ATI\CIM\Config\MMTableRev1.MSI » MSI - is OK (internal scanning not performed)
C:\Program Files\ATI\CIM\Config\MMTableRev2.MSI » MSI - is OK (internal scanning not performed)
C:\Program Files\ATI\CIM\Config\tvtablerev1.MSI » MSI - is OK (internal scanning not performed)
C:\Program Files\ATI\CIM\Config\TVW_USB_ID.MSI » MSI - is OK (internal scanning not performed)
C:\Program Files\ESET\ESET Smart Security\eset.chm » CHM - is OK (internal scanning not performed)
Scan terminated by user.
Number of scanned objects: 8471
Number of threats found: 0
Time of completion: 9:23:39 PM  Total scanning time: 85 sec (00:01:25)(interupted) sorry...
 
DOH!! sorry, I just realized that this has to be the wrong scan. I can still upload it maybe in a txt file? or seperate it over a bunch of posts lol, Ill get on doing this right. I just did default scan. I'm feeling very out of it today sorry. Let me know, and I'll continue putting together the rest of it. 
 
 

 

Link to post
Share on other sites

Ok I ran a eset scan with everything checked, and it was very similar. LOTS of windows mail, guess I didn't uncheck. Sooo long, whatever you want. This reminds me, in windows user accounts, account manager, something has been adding "WindowsLive:(token):name=timpauls@mymts.net;serviceuri=st, For easier log on???? Just for the last week.

So now off to try out my brand new MalwareBytes!!! YAY!!!Got it for 3 computers. :)

......it wont post, do you want it? Very long.....

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.11.02.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16721

Admin :: TIM-ADMIN-PC [administrator]

Protection: Enabled

11/2/2013 12:10:56 AM

mbam-log-2013-11-02 (00-10-56).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 393239

Time elapsed: 32 minute(s), 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

  • Root Admin

Well by doing a System Restore you've pretty much put us back to square one.

 

Let me have you run this again please.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

ComboFix 13-11-01.03 - Admin 11/02/2013 2:40.2.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.32743.28229 [GMT -5:00]

Running from: c:\users\Admin\Desktop\ComboFix.exe

AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}

FW: ESET Personal firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2013-10-02 to 2013-11-02 )))))))))))))))))))))))))))))))

.

.

2013-11-02 07:43 . 2013-11-02 07:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-11-02 02:22 . 2013-11-02 02:22 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes

2013-11-02 02:21 . 2013-11-02 02:21 -------- d-----w- c:\programdata\Malwarebytes

2013-11-02 02:21 . 2013-11-02 02:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-11-02 02:21 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-11-02 02:01 . 2013-11-02 02:01 -------- d-----w- c:\program files\ESET

2013-11-02 01:28 . 2013-10-16 06:20 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F604A968-D7BF-4400-A043-F88C9B16120E}\mpengine.dll

2013-11-01 15:46 . 2013-11-01 15:46 -------- d-----w- c:\users\Admin\Doctor Web

2013-10-31 06:34 . 2013-10-31 06:34 -------- d-----w- C:\FRST

2013-10-31 04:36 . 2013-10-31 04:53 -------- d-----w- C:\AdwCleaner

2013-10-31 04:23 . 2013-10-31 04:23 -------- d-----w- c:\windows\ERUNT

2013-10-31 02:56 . 2013-10-31 02:56 -------- d-----w- c:\program files (x86)\ERUNT

2013-10-28 04:06 . 2013-10-28 04:06 -------- d-----w- C:\TDSSKiller_Quarantine

2013-10-28 03:45 . 2013-10-31 04:17 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-10-28 02:49 . 2013-10-28 02:49 -------- d-----w- c:\users\Admin\AppData\Local\ESET

2013-10-27 14:01 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2013-10-27 14:01 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys

2013-10-27 14:01 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll

2013-10-27 14:01 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll

2013-10-27 14:01 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll

2013-10-27 14:01 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2013-10-27 14:01 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2013-10-27 12:49 . 2013-10-27 12:49 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2013-10-27 12:49 . 2013-10-27 12:49 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2013-10-27 12:48 . 2013-10-27 12:48 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2013-10-25 10:39 . 2013-10-25 10:39 -------- d-----w- c:\program files\CCleaner

2013-10-24 23:05 . 2013-10-27 13:48 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-10-24 06:53 . 2013-10-24 06:53 -------- d-----w- c:\program files (x86)\PIXELA

2013-10-23 08:53 . 2013-10-25 12:52 -------- d-----w- c:\users\Admin\AppData\Roaming\vlc

2013-10-22 21:10 . 2013-10-22 21:10 -------- d-----w- c:\users\Admin\AppData\Local\webkit

2013-10-21 09:54 . 2013-10-29 21:12 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2013-10-21 09:44 . 2013-10-29 21:12 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2013-10-21 09:43 . 2013-10-29 21:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2013-10-21 09:43 . 2013-10-21 09:43 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2013-10-21 07:21 . 2013-10-25 12:52 -------- d-----w- c:\users\Admin\AppData\Local\gtk-2.0

2013-10-21 07:21 . 2013-10-21 07:21 -------- d-----w- c:\users\Admin\.thumbnails

2013-10-21 07:20 . 2013-10-22 21:33 -------- d-----w- c:\users\Admin\.gimp-2.8

2013-10-21 07:20 . 2013-10-21 07:20 -------- d-----w- c:\users\Admin\AppData\Local\gegl-0.2

2013-10-21 07:15 . 2013-10-21 07:16 -------- d-----w- c:\program files\GIMP 2

2013-10-19 11:04 . 2013-10-31 11:38 -------- d-----r- c:\users\Admin\Google Drive

2013-10-18 02:23 . 2013-10-08 12:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-10-09 07:45 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-09 08:03 . 2012-08-07 09:29 80541720 ----a-w- c:\windows\system32\MRT.exe

2013-10-08 21:45 . 2012-09-01 00:05 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-10-08 21:45 . 2012-08-15 20:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-17 20:17 . 2013-09-17 20:17 62136 ----a-w- c:\windows\system32\drivers\epfwwfp.sys

2013-09-17 20:17 . 2013-09-17 20:17 44120 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys

2013-09-17 20:17 . 2013-09-17 20:17 239320 ----a-w- c:\windows\system32\drivers\eamonm.sys

2013-09-17 20:17 . 2013-09-17 20:17 239296 ----a-w- c:\windows\system32\drivers\edevmon.sys

2013-09-17 20:17 . 2013-09-17 20:17 220232 ----a-w- c:\windows\system32\drivers\epfw.sys

2013-09-17 20:17 . 2013-09-17 20:17 168256 ----a-w- c:\windows\system32\drivers\ehdrv.sys

2013-09-03 19:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-08-29 01:48 . 2013-10-09 07:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-08-05 02:25 . 2013-09-11 10:36 155584 ----a-w- c:\windows\system32\drivers\ataport.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"D-Link D-Link DWA-125"="c:\program files (x86)\D-Link\DWA-125 revA\AirNCFG.exe" [2011-06-10 1074496]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys;c:\windows\SYSNATIVE\drivers\efavdrv.sys [x]

R3 esihdrv;esihdrv;c:\users\Admin\AppData\Local\Temp\esihdrv.sys;c:\users\Admin\AppData\Local\Temp\esihdrv.sys [x]

R3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;c:\windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioMIDISPORT_DFU.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;c:\windows\system32\drivers\MFWAMIDI64.sys;c:\windows\SYSNATIVE\drivers\MFWAMIDI64.sys [x]

R3 MFWAWAVE64;MOTU Audio Wave for 64 bit;c:\windows\system32\drivers\MFWAWAVE64.sys;c:\windows\SYSNATIVE\drivers\MFWAWAVE64.sys [x]

R3 MotuFWA64;MotuFWA64;c:\windows\system32\drivers\Motufwa64.sys;c:\windows\SYSNATIVE\drivers\Motufwa64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys;c:\windows\SYSNATIVE\DRIVERS\AiChargerPlus.sys [x]

S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]

S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]

S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]

S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys;c:\windows\SYSNATIVE\DRIVERS\anodlwfx.sys [x]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]

S1 VDiskBus;ASUS Disk Unlocker;c:\windows\system32\DRIVERS\VDiskBus64.sys;c:\windows\SYSNATIVE\DRIVERS\VDiskBus64.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.16\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.16\atkexComSvc.exe [x]

S2 ASDiskUnlocker;ASDiskUnlocker;c:\program files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe;c:\program files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe [x]

S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.15\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.15\aaHMSvc.exe [x]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]

S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.10\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.00.10\AsusFanControlService.exe [x]

S2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe;c:\program files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]

S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [x]

S2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;c:\program files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe;c:\program files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]

S3 ASFLTDrv.sys;ASFLTDrv.sys;c:\program files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys;c:\program files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]

S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]

S3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\DRIVERS\MAudioMIDISPORT.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioMIDISPORT.sys [x]

S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus64.sys;c:\windows\SYSNATIVE\drivers\MotuBus64.sys [x]

S3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys;c:\windows\SYSNATIVE\DRIVERS\synusb64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2011-03-04 17:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-10-18 21:24 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 21:45]

.

2013-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-01 00:06]

.

2013-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-01 00:06]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-09-25 22:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-09-25 22:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-09-25 22:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-09-25 22:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-09-25 22:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-ROG_Video Intro - c:\windows\system32\ROG_Video Intro .scr

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-11-02 02:44:13

ComboFix-quarantined-files.txt 2013-11-02 07:44

ComboFix2.txt 2013-10-31 18:20

.

Pre-Run: 814,852,816,896 bytes free

Post-Run: 814,554,611,712 bytes free

.

- - End Of File - - BCB482E7C64E4D314F8DB3A1C10C5FDC

A36C5E4F47E84449FF07ED3517B43A31

Link to post
Share on other sites

  • Root Admin

Lets clean out any adware now that may have come back with the System Restore: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.
 
 
 
 
Next
 
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
Link to post
Share on other sites

Probably my fault. When I read through the combofix yesterday I thought I was only supposed to install the windows recovery if it prompted me, saying I didn't have it. It was there yesterday. This is the first time I've had these issues. Could it be because of the motherboard I have? Asus ROG. Which I don't really like. Did I mess up again? Well this teaches me two things. Get sleep before I do things I'm not 100% with, and ask questions if I'm not sure. Sorry!!!

Link to post
Share on other sites

I just shut down via the power button. Hope this is ok???!!! It started now. SOrry for the multiple posts.

# AdwCleaner v3.010 - Report created 02/11/2013 at 13:36:29

# Updated 20/10/2013 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : Admin - TIM-ADMIN-PC

# Running from : C:\Users\Admin\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [765 octets] - [30/10/2013 23:36:54]

AdwCleaner[R1].txt - [824 octets] - [30/10/2013 23:51:55]

AdwCleaner[R2].txt - [942 octets] - [02/11/2013 13:35:33]

AdwCleaner[s0].txt - [884 octets] - [30/10/2013 23:53:42]

AdwCleaner[s1].txt - [864 octets] - [02/11/2013 13:36:29]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [923 octets] ##########

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.11.02.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16721

Admin :: TIM-ADMIN-PC [administrator]

Protection: Enabled

11/2/2013 3:16:10 PM

mbam-log-2013-11-02 (15-16-10).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 212898

Time elapsed: 2 minute(s), 2 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.7 (10.15.2013:3)

OS: Windows 7 Professional x64

Ran by Admin on Sat 11/02/2013 at 15:40:51.05

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4011555035-1696700407-2032470271-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

~~~ Files

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.