Jump to content

Scorpion Saver - Need Help


Recommended Posts

I've seen that you have helped other people with the Scorpion Saver problem and I was wondering if you would be kind enough to help me out as well.  I have my mother-in-laws computer here as she asked me for help in removing this software.

 

I have read the "I'm Infected- What do I do now?" thread and have followed the first set of instructions to the best of my ability. 

 

Thank you very much in advance for your help with this problem.

 

 

*******************************************************************************************

Here is the copied contents of the DDS.txt file:

*******************************************************************************************

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Stephanie at 22:30:48 on 2013-11-14
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3546.1567 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\dashost.exe
C:\Windows\Installer\MSID552.tmp
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\printfilterpipelinesvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\dwm.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\Rundll32.exe
C:\Windows\SysWOW64\Rundll32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Stephanie\AppData\Local\NativeMessaging\CT3317127\1_0_0_4\TBMessagingHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uProxyServer = hxxp=127.0.0.1:52340;https=127.0.0.1:52340
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe
BHO: ScorpionSaver: {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} -
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BM295WY05NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1
uRun: [browserSafeguard] "C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [GoogleChromeAutoLaunch_15A09AB4B2860ED1D468C1D57628C0D5] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [TBHostSupport] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Stephanie\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
uRun: [PluginsWhiteListing] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Stephanie\AppData\Local\WhiteListing\PluginsWhiteListing.dll",DLLRunTBWhiteListPlugin
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\STEPHA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\Users\STEPHA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.10.19
TCP: Interfaces\{6A65A474-BBE6-428A-A1A2-2C0067EA97EB} : DHCPNameServer = 192.168.10.19
TCP: Interfaces\{6A65A474-BBE6-428A-A1A2-2C0067EA97EB}\D425632524 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= 
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-24 79528]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-24 26280]
R0 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\N360x64\1404000.028\symds64.sys [2013-6-15 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\N360x64\1404000.028\symefa64.sys [2013-6-15 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [2013-11-14 1524824]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\Drivers\N360x64\1404000.028\ccsetx64.sys [2013-6-15 169048]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-9-12 92536]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20131114.001\IDSviA64.sys [2013-11-14 521816]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\N360x64\1404000.028\ironx64.sys [2013-6-15 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\N360x64\1404000.028\symnets.sys [2013-6-15 433752]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-9 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-8 361984]
R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2012-9-12 199008]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-8-10 29600]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-9-12 2451456]
R2 Level Quality Watcher;Level Quality Watcher;C:\Windows\Installer\MSID552.tmp run sourceguid=8FB7175F-C1FB-4437-9555-1822DF6D4CA1 --> C:\Windows\Installer\MSID552.tmp run sourceguid=8FB7175F-C1FB-4437-9555-1822DF6D4CA1 [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-14 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-14 701512]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe [2013-6-15 144368]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-7-17 98472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-9-6 140376]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-11-14 25928]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2012-9-12 269968]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-12 690832]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-9-12 57000]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]
S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\N360x64\1404000.028\symelam.sys [2013-6-15 23448]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-31 645952]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-9-12 41272]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-12 43832]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== Created Last 30 ================
.
2013-11-15 01:19:02 -------- d-----w- C:\Users\Stephanie\AppData\Local\NativeMessaging
2013-11-15 01:18:46 -------- d-----w- C:\Users\Stephanie\AppData\Local\WhiteListing
2013-11-15 01:18:36 -------- d-----w- C:\Users\Stephanie\AppData\Local\TBHostSupport
2013-11-15 01:18:23 -------- d-----w- C:\Users\Stephanie\AppData\Roaming\Malwarebytes
2013-11-15 01:18:00 -------- d-----w- C:\ProgramData\Malwarebytes
2013-11-15 01:17:58 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-11-15 01:17:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-15 00:50:07 300720 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10225.bin
2013-10-31 00:33:45 -------- d-----w- C:\Program Files (x86)\Browsersafeguard
2013-10-31 00:32:50 -------- d-----w- C:\Program Files (x86)\ScorpionSaver
2013-10-31 00:32:43 -------- d-----w- C:\temp
2013-10-31 00:32:40 -------- d-----w- C:\Program Files (x86)\Level Quality Watcher
2013-10-31 00:32:22 -------- d-----w- C:\Users\Stephanie\AppData\Local\Programs
2013-10-31 00:31:42 -------- d-----w- C:\ProgramData\Conduit
2013-10-31 00:31:41 -------- d-----w- C:\Users\Stephanie\AppData\Local\Conduit
2013-10-31 00:31:09 -------- d-----w- C:\Users\Stephanie\AppData\Local\CRE
2013-10-31 00:31:07 -------- d-----w- C:\Program Files (x86)\Conduit
.
==================== Find3M  ====================
.
2013-10-02 01:38:13 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-02 01:38:13 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-23 05:11:57 4040192 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 22:31:51.53 ===============
 

 

 

*******************************************************************************************

Here is the copied contents of the Attach.txt file:

*******************************************************************************************

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 1/10/2013 6:55:58 PM
System Uptime: 11/1/2013 9:45:30 AM (325 hours ago)
.
Motherboard: Hewlett-Packard |  | 1849
Processor: AMD A6-4400M APU with Radeon HD Graphics    | Socket FT1 | 2700/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 673 GiB total, 621.911 GiB free.
D: is FIXED (NTFS) - 25 GiB total, 2.964 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP45: 10/30/2013 8:48:22 PM - Removed ScorpionSaver
RP46: 11/4/2013 5:35:00 PM - Windows Update
RP47: 11/14/2013 8:06:29 PM - Windows Update
.
==== Installed Programs ======================
.
4 Elements II
Adobe AIR
Adobe Shockwave Player 11.6
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD Quick Stream
AMD VISION Engine Control Center
Bejeweled 3
Bonjour
BrowserSafeguard
Build-a-lot 4 - Power Source
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
CyberLink LabelPrint
CyberLink Media Suite 10
CyberLink PhotoDirector
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Energy Star
Farm Frenzy
FATE: The Cursed King
Final Drive Fury
FlatOut 2
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.0.0
Hoyle Card Games
HP 3D DriveGuard
HP Connected Music (Meridian - installer)
HP Connected Music (Meridian - player)
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MyRoom
HP Photo Creations
HP Photosmart 5510 series Basic Device Software
HP Photosmart 5510 series Help
HP Photosmart 5510 series Product Improvement Study
HP Postscript Converter
HP Quick Launch
HP Recovery Manager
HP Registration Service
HP Software Framework
HP Support Assistant
HP Update
HP Utility Center
HP Wireless Button Driver
IDT Audio
Jewel Match 3
John Deere Drive Green
Level Quality Watcher
Luxor Evolved
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mortimer Beckett and the Crimson Thief Premium Edition
MSVCRT
Mystery P.I. - Curious Case of Counterfeit Cove
Norton 360
Peggle Nights
Penguins!
Polar Bowler
Polar Golfer
Qualcomm Atheros Driver Installation Program
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Roads of Rome 3
ScorpionSaver
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Sheet Music Plus Digital Print
swMSM
Synaptics Pointing Device Driver
Tales of Lagoona
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Update Installer for WildTangent Games App
Vacation Quest™ - Australia
WildTangent Games
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== End Of File ===========================
 

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:
 

Please read the following and post back the logs.

 

General P2P/Piracy Warning:
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)




STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


 

Link to post
Share on other sites

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/15/2013 09:38:05 AM in x64 mode.
Windows Version: Windows 8

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Active Proxy Server Detected

 * Proxy Disabled.
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\Stephanie\Desktop\rkill\rkill-11-15-2013-09-38-11.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 11/15/2013 09:39:14 AM
Execution time: 0 hours(s), 1 minute(s), and 8 seconds(s)

 

RogueKiller V8.7.8 _x64_ [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Stephanie [Admin rights]
Mode : Scan -- Date : 11/15/2013 09:51:00
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[sUSP PATH][DLL] rundll32.exe -- C:\Users\Stephanie\AppData\Local\TBHostSupport\TBHostSupport.dll [7] -> rundll32.exe KILLED [TermProc]
[sUSP PATH] TBMessagingHost.exe -- C:\Users\Stephanie\AppData\Local\NativeMessaging\CT3317127\1_0_0_4\TBMessagingHost.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : TBHostSupport ("C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Stephanie\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin [-][7][x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-2095566746-4171551616-1196269454-1002\[...]\Run : TBHostSupport ("C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Stephanie\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin [-][7][x]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST750LM0 22 HN-M750MBB SATA Disk Device +++++
--- User ---
[MBR] 6a8a38097d81e5e8990821d5ff0e2ef9
[bSP] fb924ff2fd824482cb78262ff6ca589e : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 715404 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11152013_095100.txt >>

 

 

Link to post
Share on other sites

  • Root Admin

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

ComboFix 13-11-15.01 - Stephanie 11/15/2013  17:37:12.2.2 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3546.1989 [GMT -5:00]
Running from: c:\users\Stephanie\Desktop\ComboFix.exe
Command switches used :: c:\users\Stephanie\Desktop\CFScript.txt.url
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-15 to 2013-11-15  )))))))))))))))))))))))))))))))
.
.
2013-11-15 22:45 . 2013-11-15 22:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-15 22:45 . 2013-11-15 22:45 -------- d-----w- c:\users\crowi_000\AppData\Local\temp
2013-11-15 22:45 . 2013-11-15 22:45 -------- d-----w- c:\users\Amelie\AppData\Local\temp
2013-11-15 21:32 . 2013-11-05 22:58 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-15 21:32 . 2013-11-05 22:58 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-15 14:42 . 2013-11-15 14:42 -------- d-----w- c:\program files (x86)\ERUNT
2013-11-15 01:19 . 2013-11-15 01:19 -------- d-----w- c:\users\Stephanie\AppData\Local\NativeMessaging
2013-11-15 01:18 . 2013-11-15 01:18 -------- d-----w- c:\users\Stephanie\AppData\Local\WhiteListing
2013-11-15 01:18 . 2013-11-15 01:18 -------- d-----w- c:\users\Stephanie\AppData\Local\TBHostSupport
2013-11-15 01:18 . 2013-11-15 01:18 -------- d-----w- c:\users\Stephanie\AppData\Roaming\Malwarebytes
2013-11-15 01:18 . 2013-11-15 01:18 -------- d-----w- c:\programdata\Malwarebytes
2013-11-15 01:17 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-15 01:17 . 2013-11-15 01:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-15 00:55 . 2013-10-12 08:43 19269632 ----a-w- c:\windows\system32\mshtml.dll
2013-11-15 00:50 . 2013-11-15 00:50 300720 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10225.bin
2013-10-31 00:33 . 2013-10-31 00:33 -------- d-----w- c:\program files (x86)\Browsersafeguard
2013-10-31 00:32 . 2013-11-15 21:26 -------- d-----w- c:\program files (x86)\ScorpionSaver
2013-10-31 00:32 . 2013-10-31 00:32 -------- d-----w- C:\temp
2013-10-31 00:32 . 2013-10-31 00:32 -------- d-----w- c:\program files (x86)\Level Quality Watcher
2013-10-31 00:32 . 2013-10-31 00:32 -------- d-----w- c:\users\Stephanie\AppData\Local\Programs
2013-10-31 00:31 . 2013-10-31 00:31 -------- d-----w- c:\programdata\Conduit
2013-10-31 00:31 . 2013-10-31 00:56 -------- d-----w- c:\users\Stephanie\AppData\Local\Conduit
2013-10-31 00:31 . 2013-10-31 00:31 -------- d-----w- c:\users\Stephanie\AppData\Local\CRE
2013-10-31 00:31 . 2013-10-31 00:31 -------- d-----w- c:\program files (x86)\Conduit
2013-10-30 18:14 . 2013-10-30 18:14 -------- d-----w- c:\users\crowi_000\AppData\Roaming\WebApp
2013-10-30 13:52 . 2013-10-30 13:52 -------- d-----w- c:\users\crowi_000\AppData\Local\Cyberlink
2013-10-30 13:15 . 2013-10-30 13:15 -------- d-----w- c:\users\crowi_000\AppData\Roaming\CyberLink
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-15 01:12 . 2013-01-13 21:57 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-08-23 05:11 . 2013-10-09 09:56 4040192 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}]
c:\program files (x86)\ScorpionSaver\IECore.dll [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
c:\users\Stephanie\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll [bU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"BrowserSafeguard"="c:\program files (x86)\Browsersafeguard\Browsersafeguard.exe" [2013-10-29 573952]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-01-16 39408]
"GoogleChromeAutoLaunch_15A09AB4B2860ED1D468C1D57628C0D5"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-11-14 863184]
"TBHostSupport"="c:\users\Stephanie\AppData\Local\TBHostSupport\TBHostSupport.dll" [2013-11-15 458016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-08 642216]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-26 491320]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-09 580512]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\users\Amelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - .lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 5510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1BM295WY05NR;CONNECTION=NW;MONITOR=1; [2012-7-25 51712]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R0 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\N360x64\1404000.028\SymELAM.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SymELAM.sys [x]
R1 lsnfd;lsnfd;c:\windows\system32\drivers\lsnfd.sys;c:\windows\SYSNATIVE\drivers\lsnfd.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20131101.003\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20131114.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20131114.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ    apphostsvc
iissvcs REG_MULTI_SZ    w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 11:34 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16 14:47]
.
2013-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16 14:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-07-21 1425408]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:49305;https=127.0.0.1:49305
uInternet Settings,ProxyOverride = <-loopback>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.10.19
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-11-15  17:49:54
ComboFix-quarantined-files.txt  2013-11-15 22:49
ComboFix2.txt  2013-11-15 21:48
.
Pre-Run: 666,691,149,824 bytes free
Post-Run: 666,586,267,648 bytes free
.
- - End Of File - - 3C874CDD50EB3C4CA144359DEDBBE119
5FB38429D5D77768867C76DCBDB35194
 

Link to post
Share on other sites

  • Root Admin

Notice the switch that was run.  That shows you did not save the attachment but either ran it wrong or saved it wrong.

 

Command switches used :: c:\users\Stephanie\Desktop\CFScript.txt.url

 

You need to do a File - Save-As and save it as CFScript.txt    without the .url extension.

 

Please try it again.

Link to post
Share on other sites

My apologies.ComboFix 13-11-16.01 - Stephanie 11/16/2013  12:49:14.4.2 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3546.1716 [GMT -5:00]
Running from: c:\users\Stephanie\Desktop\ComboFix.exe
Command switches used :: c:\users\Stephanie\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\temp\ScorpionSaver.msi"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Browsersafeguard
c:\program files (x86)\Browsersafeguard\BrowserSafeguard.exe
c:\program files (x86)\Browsersafeguard\ewebstorewrapper.dll
c:\program files (x86)\Browsersafeguard\install.log
c:\program files (x86)\Browsersafeguard\makecert.exe
c:\program files (x86)\Browsersafeguard\Resources\certutil.exe
c:\program files (x86)\Browsersafeguard\Resources\libnspr4.dll
c:\program files (x86)\Browsersafeguard\Resources\libplc4.dll
c:\program files (x86)\Browsersafeguard\Resources\libplds4.dll
c:\program files (x86)\Browsersafeguard\Resources\nss3.dll
c:\program files (x86)\Browsersafeguard\Resources\smime3.dll
c:\program files (x86)\Browsersafeguard\Resources\softokn3.dll
c:\program files (x86)\Browsersafeguard\TrustedRoot.cer
c:\program files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe
c:\program files (x86)\ScorpionSaver
c:\program files (x86)\ScorpionSaver\CustomActionInstall
c:\program files (x86)\ScorpionSaver\CustomActionUninstall
c:\program files (x86)\ScorpionSaver\ff_addon_runner.js
c:\program files (x86)\ScorpionSaver\ff_addonkit_page-mod.js
c:\program files (x86)\ScorpionSaver\ff_addonkit_private-browsing.js
c:\program files (x86)\ScorpionSaver\ff_addonkit_request.js
c:\program files (x86)\ScorpionSaver\ff_addonkit_windows.js
c:\program files (x86)\ScorpionSaver\ff_base_api-utils.js
c:\program files (x86)\ScorpionSaver\ff_base_base64.js
c:\program files (x86)\ScorpionSaver\ff_base_byte-streams.js
c:\program files (x86)\ScorpionSaver\ff_base_collection.js
c:\program files (x86)\ScorpionSaver\ff_base_content.js
c:\program files (x86)\ScorpionSaver\ff_base_cortex.js
c:\program files (x86)\ScorpionSaver\ff_base_cuddlefish.js
c:\program files (x86)\ScorpionSaver\ff_base_deprecate.js
c:\program files (x86)\ScorpionSaver\ff_base_environment.js
c:\program files (x86)\ScorpionSaver\ff_base_errors.js
c:\program files (x86)\ScorpionSaver\ff_base_events.js
c:\program files (x86)\ScorpionSaver\ff_base_file.js
c:\program files (x86)\ScorpionSaver\ff_base_functional.js
c:\program files (x86)\ScorpionSaver\ff_base_globals.js
c:\program files (x86)\ScorpionSaver\ff_base_heritage.js
c:\program files (x86)\ScorpionSaver\ff_base_hidden-frame.js
c:\program files (x86)\ScorpionSaver\ff_base_light-traits.js
c:\program files (x86)\ScorpionSaver\ff_base_list.js
c:\program files (x86)\ScorpionSaver\ff_base_loader.js
c:\program files (x86)\ScorpionSaver\ff_base_match-pattern.js
c:\program files (x86)\ScorpionSaver\ff_base_memory.js
c:\program files (x86)\ScorpionSaver\ff_base_namespace.js
c:\program files (x86)\ScorpionSaver\ff_base_observer-service.js
c:\program files (x86)\ScorpionSaver\ff_base_plain-text-console.js
c:\program files (x86)\ScorpionSaver\ff_base_preferences-service.js
c:\program files (x86)\ScorpionSaver\ff_base_promise.js
c:\program files (x86)\ScorpionSaver\ff_base_querystring.js
c:\program files (x86)\ScorpionSaver\ff_base_runtime.js
c:\program files (x86)\ScorpionSaver\ff_base_sandbox.js
c:\program files (x86)\ScorpionSaver\ff_base_self.js
c:\program files (x86)\ScorpionSaver\ff_base_system.js
c:\program files (x86)\ScorpionSaver\ff_base_text-streams.js
c:\program files (x86)\ScorpionSaver\ff_base_timer.js
c:\program files (x86)\ScorpionSaver\ff_base_traceback.js
c:\program files (x86)\ScorpionSaver\ff_base_traits.js
c:\program files (x86)\ScorpionSaver\ff_base_unload.js
c:\program files (x86)\ScorpionSaver\ff_base_url.js
c:\program files (x86)\ScorpionSaver\ff_base_uuid.js
c:\program files (x86)\ScorpionSaver\ff_base_window-utils.js
c:\program files (x86)\ScorpionSaver\ff_base_xhr.js
c:\program files (x86)\ScorpionSaver\ff_base_xpcom.js
c:\program files (x86)\ScorpionSaver\ff_base_xul-app.js
c:\program files (x86)\ScorpionSaver\ff_bootstrap.js
c:\program files (x86)\ScorpionSaver\ff_content_content-proxy.js
c:\program files (x86)\ScorpionSaver\ff_content_content-worker.js
c:\program files (x86)\ScorpionSaver\ff_content_loader.js
c:\program files (x86)\ScorpionSaver\ff_content_symbiont.js
c:\program files (x86)\ScorpionSaver\ff_content_worker.js
c:\program files (x86)\ScorpionSaver\ff_dom_events.js
c:\program files (x86)\ScorpionSaver\ff_event_core.js
c:\program files (x86)\ScorpionSaver\ff_event_target.js
c:\program files (x86)\ScorpionSaver\ff_events_assembler.js
c:\program files (x86)\ScorpionSaver\ff_harness-options.json
c:\program files (x86)\ScorpionSaver\ff_icon.png
c:\program files (x86)\ScorpionSaver\ff_icon64.png
c:\program files (x86)\ScorpionSaver\ff_install.rdf
c:\program files (x86)\ScorpionSaver\ff_l10n_core.js
c:\program files (x86)\ScorpionSaver\ff_l10n_html.js
c:\program files (x86)\ScorpionSaver\ff_l10n_loader.js
c:\program files (x86)\ScorpionSaver\ff_l10n_locale.js
c:\program files (x86)\ScorpionSaver\ff_l10n_prefs.js
c:\program files (x86)\ScorpionSaver\ff_locales.json
c:\program files (x86)\ScorpionSaver\ff_main.js
c:\program files (x86)\ScorpionSaver\ff_main.js.old
c:\program files (x86)\ScorpionSaver\ff_prefs.js
c:\program files (x86)\ScorpionSaver\ff_privatebrowsing_utils.js
c:\program files (x86)\ScorpionSaver\ff_system_events.js
c:\program files (x86)\ScorpionSaver\ff_tabs_events.js
c:\program files (x86)\ScorpionSaver\ff_tabs_observer.js
c:\program files (x86)\ScorpionSaver\ff_tabs_tab.js
c:\program files (x86)\ScorpionSaver\ff_tabs_utils.js
c:\program files (x86)\ScorpionSaver\ff_traits_core.js
c:\program files (x86)\ScorpionSaver\ff_utils_data.js
c:\program files (x86)\ScorpionSaver\ff_utils_object.js
c:\program files (x86)\ScorpionSaver\ff_utils_registry.js
c:\program files (x86)\ScorpionSaver\ff_utils_thumbnail.js
c:\program files (x86)\ScorpionSaver\ff_window_utils.js
c:\program files (x86)\ScorpionSaver\ff_windows_dom.js
c:\program files (x86)\ScorpionSaver\ff_windows_loader.js
c:\program files (x86)\ScorpionSaver\ff_windows_observer.js
c:\program files (x86)\ScorpionSaver\ff_windows_tabs.js
c:\program files (x86)\ScorpionSaver\Microsoft.Deployment.WindowsInstaller.dll
c:\program files (x86)\ScorpionSaver\Microsoft.Deployment.WindowsInstaller.xml
c:\program files (x86)\ScorpionSaver\SendJson.dll
c:\users\Stephanie\AppData\Local\TBHostSupport
c:\users\Stephanie\AppData\Local\TBHostSupport\TBHostSupport.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-16 to 2013-11-16  )))))))))))))))))))))))))))))))
.
.
2013-11-16 17:57 . 2013-11-16 17:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-16 17:57 . 2013-11-16 17:57 -------- d-----w- c:\users\crowi_000\AppData\Local\temp
2013-11-16 17:57 . 2013-11-16 17:57 -------- d-----w- c:\users\Amelie\AppData\Local\temp
2013-11-15 21:32 . 2013-11-05 22:58 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-15 21:32 . 2013-11-05 22:58 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-15 14:42 . 2013-11-15 14:42 -------- d-----w- c:\program files (x86)\ERUNT
2013-11-15 01:19 . 2013-11-15 01:19 -------- d-----w- c:\users\Stephanie\AppData\Local\NativeMessaging
2013-11-15 01:18 . 2013-11-15 01:18 -------- d-----w- c:\users\Stephanie\AppData\Local\WhiteListing
2013-11-15 01:18 . 2013-11-15 01:18 -------- d-----w- c:\users\Stephanie\AppData\Roaming\Malwarebytes
2013-11-15 01:18 . 2013-11-15 01:18 -------- d-----w- c:\programdata\Malwarebytes
2013-11-15 01:17 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-15 01:17 . 2013-11-15 01:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-15 00:55 . 2013-10-12 08:43 19269632 ----a-w- c:\windows\system32\mshtml.dll
2013-11-15 00:50 . 2013-11-15 00:50 300720 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10225.bin
2013-10-31 00:32 . 2013-10-31 00:32 -------- d-----w- C:\temp
2013-10-31 00:32 . 2013-10-31 00:32 -------- d-----w- c:\program files (x86)\Level Quality Watcher
2013-10-31 00:32 . 2013-10-31 00:32 -------- d-----w- c:\users\Stephanie\AppData\Local\Programs
2013-10-31 00:31 . 2013-10-31 00:31 -------- d-----w- c:\programdata\Conduit
2013-10-31 00:31 . 2013-10-31 00:56 -------- d-----w- c:\users\Stephanie\AppData\Local\Conduit
2013-10-31 00:31 . 2013-10-31 00:31 -------- d-----w- c:\users\Stephanie\AppData\Local\CRE
2013-10-31 00:31 . 2013-10-31 00:31 -------- d-----w- c:\program files (x86)\Conduit
2013-10-30 18:14 . 2013-10-30 18:14 -------- d-----w- c:\users\crowi_000\AppData\Roaming\WebApp
2013-10-30 13:52 . 2013-10-30 13:52 -------- d-----w- c:\users\crowi_000\AppData\Local\Cyberlink
2013-10-30 13:15 . 2013-10-30 13:15 -------- d-----w- c:\users\crowi_000\AppData\Roaming\CyberLink
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-15 01:12 . 2013-01-13 21:57 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-08-23 05:11 . 2013-10-09 09:56 4040192 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}]
c:\program files (x86)\ScorpionSaver\IECore.dll [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
c:\users\Stephanie\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll [bU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-08 642216]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-26 491320]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-09 580512]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\users\Amelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - .lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 5510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1BM295WY05NR;CONNECTION=NW;MONITOR=1; [2012-7-25 51712]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R0 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\N360x64\1404000.028\SymELAM.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SymELAM.sys [x]
R1 lsnfd;lsnfd;c:\windows\system32\drivers\lsnfd.sys;c:\windows\SYSNATIVE\drivers\lsnfd.sys [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20131101.003\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20131115.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20131115.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ    apphostsvc
iissvcs REG_MULTI_SZ    w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 11:34 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16 14:47]
.
2013-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16 14:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-07-21 1425408]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.10.19
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Browsersafeguard - c:\program files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Completion time: 2013-11-16  13:06:48 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-16 18:06
ComboFix2.txt  2013-11-15 22:49
ComboFix3.txt  2013-11-15 21:48
.
Pre-Run: 666,424,188,928 bytes free
Post-Run: 666,330,312,704 bytes free
.
- - End Of File - - 524E9DCD7608D3F31712CF41F6C01EC0
5FB38429D5D77768867C76DCBDB35194


 

Link to post
Share on other sites

  • Root Admin

Please run your antivirus and update it and do a full system scan and let me know if it finds anything or not.

 

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!


 

Link to post
Share on other sites

  • Root Admin

Please download the correct version of SystemLook for your computer and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

SystemLook 32-bit x86 | or | SystemLook 64-bit x64

  • If using Windows XP just double click on SystemLook.exe to run it.
  • For all other versions of Windows, right click over SystemLook.exe or SystemLook_x64.exe and choose Run as administrator to run it
  • Copy the contents of the following code box into the main text field - including the colon characters.

    :filefind*Scorpion*:folderfind*Scorpion*:regfindScorpion
  • Click the Look button to start the scan
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop named SystemLook.txt
Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff
Log created at 09:28 on 18/11/2013 by Stephanie
Administrator - Elevation successful

========== filefind ==========

Searching for "*Scorpion*"
C:\temp\ScorpionSaver.msi --a---- 3166208 bytes [00:32 31/10/2013] [03:05 15/11/2013] 834EAC4E8DCB1E25D97C86CD1C673F5B
C:\Users\Stephanie\Favorites\Fix\Scorpion Saver - Need Help - Malware Removal Help - Malwarebytes Forum.url --a---- 215 bytes [04:07 15/11/2013] [21:44 15/11/2013] ABCC0D419D84B71BC8B28D99CABF80DD

========== folderfind ==========

Searching for "*Scorpion*"
C:\Qoobox\Quarantine\C\Program Files (x86)\ScorpionSaver d------ [21:26 15/11/2013]

========== regfind ==========

Searching for "Scorpion"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\8FB7175F-C1FB-4437-9555-1822DF6D4CA1]
@="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\8FB7175F-C1FB-4437-9555-1822DF6D4CA1\InProcServer32]
@="C:\Program Files(x86)\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}]
@="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}\InProcServer32]
@="C:\Program Files (x86)\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Program Files (x86)\ScorpionSaver\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}]
@="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}\InProcServer32]
@="C:\Program Files (x86)\ScorpionSaver\IECore.dll"

-= EOF =-

Link to post
Share on other sites

ComboFix 13-11-16.01 - Stephanie 11/18/2013  20:36:32.5.2 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3546.1831 [GMT -5:00]
Running from: c:\users\Stephanie\Desktop\ComboFix.exe
Command switches used :: c:\users\Stephanie\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
FILE ::
"c:\temp\ScorpionSaver.msi"
"c:\temp\scorpionsaver_10232013.msi"
"c:\windows\Installer\scorpionsaver_10232013.msi"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\temp\ScorpionSaver.msi
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-19 to 2013-11-19  )))))))))))))))))))))))))))))))
.
.
2013-11-19 05:25 . 2013-11-19 05:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-19 05:25 . 2013-11-19 05:25 -------- d-----w- c:\users\crowi_000\AppData\Local\temp
2013-11-19 05:25 . 2013-11-19 05:25 -------- d-----w- c:\users\Amelie\AppData\Local\temp
2013-11-15 21:32 . 2013-11-05 22:58 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-15 14:42 . 2013-11-15 14:42 -------- d-----w- c:\program files (x86)\ERUNT
2013-11-15 01:19 . 2013-11-15 01:19 -------- d-----w- c:\users\Stephanie\AppData\Local\NativeMessaging
2013-11-15 01:18 . 2013-11-15 01:18 -------- d-----w- c:\users\Stephanie\AppData\Local\WhiteListing
2013-11-15 01:18 . 2013-11-15 01:18 -------- d-----w- c:\users\Stephanie\AppData\Roaming\Malwarebytes
2013-11-15 01:18 . 2013-11-15 01:18 -------- d-----w- c:\programdata\Malwarebytes
2013-11-15 01:17 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-15 01:17 . 2013-11-15 01:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-15 00:55 . 2013-10-12 08:43 19269632 ----a-w- c:\windows\system32\mshtml.dll
2013-11-15 00:50 . 2013-11-17 01:54 300720 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10225.bin
2013-10-31 00:32 . 2013-11-19 05:25 -------- d-----w- C:\temp
2013-10-31 00:32 . 2013-10-31 00:32 -------- d-----w- c:\program files (x86)\Level Quality Watcher
2013-10-31 00:32 . 2013-10-31 00:32 -------- d-----w- c:\users\Stephanie\AppData\Local\Programs
2013-10-31 00:31 . 2013-10-31 00:31 -------- d-----w- c:\programdata\Conduit
2013-10-31 00:31 . 2013-10-31 00:56 -------- d-----w- c:\users\Stephanie\AppData\Local\Conduit
2013-10-31 00:31 . 2013-10-31 00:31 -------- d-----w- c:\users\Stephanie\AppData\Local\CRE
2013-10-31 00:31 . 2013-10-31 00:31 -------- d-----w- c:\program files (x86)\Conduit
2013-10-30 18:14 . 2013-10-30 18:14 -------- d-----w- c:\users\crowi_000\AppData\Roaming\WebApp
2013-10-30 13:52 . 2013-10-30 13:52 -------- d-----w- c:\users\crowi_000\AppData\Local\Cyberlink
2013-10-30 13:15 . 2013-10-30 13:15 -------- d-----w- c:\users\crowi_000\AppData\Roaming\CyberLink
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-15 01:12 . 2013-01-13 21:57 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-08-23 05:11 . 2013-10-09 09:56 4040192 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
c:\users\Stephanie\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll [bU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-08 642216]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-26 491320]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-09 580512]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\users\Amelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - .lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 5510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1BM295WY05NR;CONNECTION=NW;MONITOR=1; [2012-7-25 51712]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R0 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\N360x64\1404000.028\SymELAM.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SymELAM.sys [x]
R1 lsnfd;lsnfd;c:\windows\system32\drivers\lsnfd.sys;c:\windows\SYSNATIVE\drivers\lsnfd.sys [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20131101.003\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20131115.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20131115.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ    apphostsvc
iissvcs REG_MULTI_SZ    w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 11:34 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16 14:47]
.
2013-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16 14:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-07-21 1425408]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.10.19
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{10AD2C61-0898-4348-8600-14A342F22AC3} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Browsersafeguard - c:\program files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-11-19  00:29:02
ComboFix-quarantined-files.txt  2013-11-19 05:29
ComboFix2.txt  2013-11-16 18:06
ComboFix3.txt  2013-11-15 22:49
ComboFix4.txt  2013-11-15 21:48
.
Pre-Run: 666,744,209,408 bytes free
Post-Run: 666,637,500,416 bytes free
.
- - End Of File - - 3126B3AFE561C8A733F6C0F741388937
5FB38429D5D77768867C76DCBDB35194
 

Link to post
Share on other sites

ComboFix 13-11-16.01 - Stephanie 11/19/2013   8:33.6.2 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3546.1839 [GMT -5:00]
Running from: c:\users\Stephanie\Desktop\ComboFix.exe
Command switches used :: c:\users\Stephanie\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-19 to 2013-11-19  )))))))))))))))))))))))))))))))
.
.
2013-11-19 17:41 . 2013-11-19 17:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-19 17:41 . 2013-11-19 17:41 -------- d-----w- c:\users\crowi_000\AppData\Local\temp
2013-11-19 17:41 . 2013-11-19 17:41 -------- d-----w- c:\users\Amelie\AppData\Local\temp
2013-11-15 21:32 . 2013-11-05 22:58 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-15 14:42 . 2013-11-15 14:42 -------- d-----w- c:\program files (x86)\ERUNT
2013-11-15 01:19 . 2013-11-15 01:19 -------- d-----w- c:\users\Stephanie\AppData\Local\NativeMessaging
2013-11-15 01:18 . 2013-11-15 01:18 -------- d-----w- c:\users\Stephanie\AppData\Local\WhiteListing
2013-11-15 01:18 . 2013-11-15 01:18 -------- d-----w- c:\users\Stephanie\AppData\Roaming\Malwarebytes
2013-11-15 01:18 . 2013-11-15 01:18 -------- d-----w- c:\programdata\Malwarebytes
2013-11-15 01:17 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-15 01:17 . 2013-11-15 01:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-15 00:55 . 2013-10-12 08:43 19269632 ----a-w- c:\windows\system32\mshtml.dll
2013-11-15 00:50 . 2013-11-17 01:54 300720 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10225.bin
2013-10-31 00:32 . 2013-11-19 05:25 -------- d-----w- C:\temp
2013-10-31 00:32 . 2013-10-31 00:32 -------- d-----w- c:\program files (x86)\Level Quality Watcher
2013-10-31 00:32 . 2013-10-31 00:32 -------- d-----w- c:\users\Stephanie\AppData\Local\Programs
2013-10-31 00:31 . 2013-10-31 00:31 -------- d-----w- c:\programdata\Conduit
2013-10-31 00:31 . 2013-10-31 00:56 -------- d-----w- c:\users\Stephanie\AppData\Local\Conduit
2013-10-31 00:31 . 2013-10-31 00:31 -------- d-----w- c:\users\Stephanie\AppData\Local\CRE
2013-10-31 00:31 . 2013-10-31 00:31 -------- d-----w- c:\program files (x86)\Conduit
2013-10-30 18:14 . 2013-10-30 18:14 -------- d-----w- c:\users\crowi_000\AppData\Roaming\WebApp
2013-10-30 13:52 . 2013-10-30 13:52 -------- d-----w- c:\users\crowi_000\AppData\Local\Cyberlink
2013-10-30 13:15 . 2013-10-30 13:15 -------- d-----w- c:\users\crowi_000\AppData\Roaming\CyberLink
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-15 01:12 . 2013-01-13 21:57 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-08-23 05:11 . 2013-10-09 09:56 4040192 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
c:\users\Stephanie\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll [bU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-08 642216]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-26 491320]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-09 580512]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\users\Amelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - .lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 5510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1BM295WY05NR;CONNECTION=NW;MONITOR=1; [2012-7-25 51712]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R0 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\N360x64\1404000.028\SymELAM.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SymELAM.sys [x]
R1 lsnfd;lsnfd;c:\windows\system32\drivers\lsnfd.sys;c:\windows\SYSNATIVE\drivers\lsnfd.sys [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20131101.003\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20131115.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20131115.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ    apphostsvc
iissvcs REG_MULTI_SZ    w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 11:34 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16 14:47]
.
2013-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16 14:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-07-21 1425408]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.10.19
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{10AD2C61-0898-4348-8600-14A342F22AC3} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Browsersafeguard - c:\program files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-11-19  12:44:47
ComboFix-quarantined-files.txt  2013-11-19 17:44
ComboFix2.txt  2013-11-19 05:29
ComboFix3.txt  2013-11-16 18:06
ComboFix4.txt  2013-11-15 22:49
ComboFix5.txt  2013-11-19 13:31
.
Pre-Run: 667,117,936,640 bytes free
Post-Run: 667,006,787,584 bytes free
.
- - End Of File - - ADEE126C0C55DAE6A40263022A12700E
5FB38429D5D77768867C76DCBDB35194
 

Link to post
Share on other sites

  • Root Admin

Okay I think we're just about done here but let me have you delete the FRST program and any logs it has and then download a new version and run it again and post back both new logs.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by Stephanie (administrator) on CROWEFAMILY on 19-11-2013 17:42:16
Running from C:\Users\Stephanie\Desktop
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKCU\...\Run: [HP Photosmart 5510 series (NET)] - C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-01-16] (Google Inc.)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKU\Amelie\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-01-16] (Google Inc.)
Startup: C:\Users\Amelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 5510 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {6FFE2BEF-327B-4B39-B1B9-D10641D31431} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {F58F22EB-3D69-4A89-A19D-D34630C7D6DC} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {6FFE2BEF-327B-4B39-B1B9-D10641D31431} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {F58F22EB-3D69-4A89-A19D-D34630C7D6DC} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317127&CUI=UN11179991152291113&UM=2
SearchScopes: HKCU - {26DD32B0-541D-4F0A-9DEB-DA8324B89C36} URL = http://search.conduit.com/Results.aspx?ctid=CT3300018&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKCU - {F58F22EB-3D69-4A89-A19D-D34630C7D6DC} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317127&CUI=UN11179991152291113&UM=2
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {10AD2C61-0898-4348-8600-14A342F22AC3} -  No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Stephanie\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.10.19

Chrome:
=======


CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Norton Identity Safe) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Extension: (YouTube) - C:\Users\STEPHA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\STEPHA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (WhiteSmoke New V.13) - C:\Users\STEPHA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgeaklkciolgbejekedbdphhbjbiaamp\10.22.3.518_0
CHR Extension: (Norton Identity Protection) - C:\Users\STEPHA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0
CHR Extension: (Google Wallet) - C:\Users\STEPHA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Scorpion Saver) - C:\Users\STEPHA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0
CHR Extension: (Gmail) - C:\Users\STEPHA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [hgeaklkciolgbejekedbdphhbjbiaamp] - C:\Users\Stephanie\AppData\Local\CRE\hgeaklkciolgbejekedbdphhbjbiaamp.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-28] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20131115.001\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20131117.009\ENG64.SYS [126040 2013-10-23] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20131117.009\EX64.SYS [2099288 2013-10-23] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1404000.028\SymELAM.sys [23448 2012-09-06] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 lsnfd; system32\drivers\lsnfd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-19 17:42 - 2013-11-19 17:42 - 00016966 _____ C:\Users\Stephanie\Desktop\FRST.txt
2013-11-19 17:41 - 2013-11-19 17:41 - 00000000 ____D C:\FRST
2013-11-19 17:40 - 2013-11-19 17:40 - 01957964 _____ (Farbar) C:\Users\Stephanie\Desktop\FRST64.exe
2013-11-19 12:44 - 2013-11-19 12:44 - 00013731 _____ C:\ComboFix.txt
2013-11-18 09:28 - 2013-11-18 09:31 - 00003410 _____ C:\Users\Stephanie\Desktop\SystemLook.txt
2013-11-18 09:28 - 2013-11-18 09:28 - 00165376 _____ C:\Users\Stephanie\Desktop\SystemLook_x64.exe
2013-11-18 09:22 - 2013-11-18 09:22 - 00891200 _____ C:\Users\Stephanie\Desktop\SecurityCheck.exe
2013-11-15 16:34 - 2013-11-15 16:35 - 00366384 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-15 16:32 - 2013-11-05 17:58 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-15 16:14 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-15 16:14 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-15 16:14 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-15 16:14 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-15 16:14 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-15 16:14 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-11-15 16:14 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-15 16:14 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-15 16:14 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-15 16:13 - 2013-11-19 12:44 - 00000000 ____D C:\Qoobox
2013-11-15 16:12 - 2013-11-16 12:43 - 05146587 ____R (Swearware) C:\Users\Stephanie\Desktop\ComboFix.exe
2013-11-15 09:51 - 2013-11-15 09:51 - 00002168 _____ C:\Users\Stephanie\Desktop\RKreport[0]_S_11152013_095100.txt
2013-11-15 09:45 - 2013-11-15 09:52 - 00000000 ____D C:\Users\Stephanie\Desktop\RK_Quarantine
2013-11-15 09:45 - 2013-11-15 09:45 - 04161024 _____ C:\Users\Stephanie\Desktop\RogueKillerX64.exe
2013-11-15 09:43 - 2013-11-15 16:43 - 00000000 ____D C:\Windows\ERDNT
2013-11-15 09:42 - 2013-11-15 09:42 - 00000928 _____ C:\Users\Stephanie\Desktop\NTREGOPT.lnk
2013-11-15 09:42 - 2013-11-15 09:42 - 00000928 _____ C:\Users\crowi_000\Desktop\NTREGOPT.lnk
2013-11-15 09:42 - 2013-11-15 09:42 - 00000928 _____ C:\Users\Amelie\Desktop\NTREGOPT.lnk
2013-11-15 09:42 - 2013-11-15 09:42 - 00000909 _____ C:\Users\Stephanie\Desktop\ERUNT.lnk
2013-11-15 09:42 - 2013-11-15 09:42 - 00000909 _____ C:\Users\crowi_000\Desktop\ERUNT.lnk
2013-11-15 09:42 - 2013-11-15 09:42 - 00000909 _____ C:\Users\Amelie\Desktop\ERUNT.lnk
2013-11-15 09:42 - 2013-11-15 09:42 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-11-15 09:40 - 2013-11-15 09:40 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Stephanie\Desktop\erunt-setup.exe
2013-11-15 09:38 - 2013-11-15 09:39 - 00002838 _____ C:\Users\Stephanie\Desktop\Rkill.txt
2013-11-15 09:38 - 2013-11-15 09:38 - 00000000 ____D C:\Users\Stephanie\Desktop\rkill
2013-11-15 09:36 - 2013-11-15 09:36 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Stephanie\Desktop\rkill.exe
2013-11-14 22:31 - 2013-11-14 22:31 - 00017018 _____ C:\Users\Stephanie\Desktop\dds.txt
2013-11-14 22:31 - 2013-11-14 22:31 - 00006903 _____ C:\Users\Stephanie\Desktop\attach.txt
2013-11-14 22:30 - 2013-11-14 22:30 - 00688992 ____R (Swearware) C:\Users\Stephanie\Desktop\dds.scr
2013-11-14 20:19 - 2013-11-14 20:19 - 00000000 ____D C:\Users\Stephanie\AppData\Local\NativeMessaging
2013-11-14 20:18 - 2013-11-14 20:18 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-14 20:18 - 2013-11-14 20:18 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Malwarebytes
2013-11-14 20:18 - 2013-11-14 20:18 - 00000000 ____D C:\Users\Stephanie\AppData\Local\WhiteListing
2013-11-14 20:18 - 2013-11-14 20:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-14 20:17 - 2013-11-14 20:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 20:17 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-14 20:15 - 2013-11-14 20:15 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Stephanie\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-14 19:56 - 2013-10-10 06:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-11-14 19:56 - 2013-10-10 04:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 19:56 - 2013-10-10 04:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-11-14 19:56 - 2013-10-02 18:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 19:56 - 2013-10-01 18:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 19:56 - 2013-10-01 18:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 19:56 - 2013-10-01 17:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 19:56 - 2013-09-23 17:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 19:56 - 2013-09-23 17:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 19:56 - 2013-09-13 20:15 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-11-14 19:56 - 2013-09-13 17:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-11-14 19:56 - 2013-09-13 17:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-11-14 19:56 - 2013-09-13 17:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-11-14 19:56 - 2013-09-13 17:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-11-14 19:56 - 2013-09-13 17:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-11-14 19:56 - 2013-09-13 17:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-11-14 19:56 - 2013-09-13 17:33 - 03279360 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-11-14 19:56 - 2013-09-13 17:33 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-11-14 19:56 - 2013-09-13 17:33 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-11-14 19:56 - 2013-09-13 17:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-11-14 19:56 - 2013-09-13 17:33 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-11-14 19:56 - 2013-09-13 17:33 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-11-14 19:56 - 2013-09-13 17:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-11-14 19:56 - 2013-09-13 17:33 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-11-14 19:56 - 2013-09-03 22:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 19:56 - 2013-08-30 00:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-11-14 19:56 - 2013-08-30 00:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2013-11-14 19:56 - 2013-08-29 18:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-14 19:56 - 2013-08-23 02:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-14 19:56 - 2013-08-22 20:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-14 19:56 - 2013-08-21 01:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-11-14 19:56 - 2013-08-10 01:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-11-14 19:56 - 2013-08-10 00:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-11-14 19:56 - 2013-08-09 22:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-11-14 19:56 - 2013-07-24 18:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-14 19:56 - 2013-07-24 18:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-11-14 19:56 - 2013-07-11 20:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-11-14 19:56 - 2013-07-11 20:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-11-14 19:55 - 2013-10-12 03:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 19:55 - 2013-10-12 03:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 19:55 - 2013-10-12 03:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 19:55 - 2013-10-12 03:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 19:55 - 2013-10-12 03:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 19:55 - 2013-10-12 03:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 19:55 - 2013-10-12 03:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 19:55 - 2013-10-12 03:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 19:55 - 2013-10-12 03:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 19:55 - 2013-10-12 02:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 19:55 - 2013-10-12 02:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 19:55 - 2013-10-12 02:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 19:55 - 2013-10-12 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 19:55 - 2013-10-12 02:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 19:55 - 2013-10-12 02:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 19:55 - 2013-10-12 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 19:55 - 2013-10-12 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 19:55 - 2013-10-01 18:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 19:55 - 2013-10-01 18:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-04 11:37 - 2013-11-04 11:54 - 00010377 _____ C:\Users\Stephanie\Documents\vocabulary cards.xlsx
2013-10-30 19:37 - 2013-10-30 19:37 - 00000000 ____D C:\Users\Stephanie\Documents\Optimizer Pro
2013-10-30 19:33 - 2013-10-30 19:33 - 00003872 _____ C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2013-10-30 19:33 - 2013-10-30 19:33 - 00000258 __RSH C:\Users\Stephanie\ntuser.pol
2013-10-30 19:32 - 2013-10-30 19:32 - 00000000 ____D C:\Program Files (x86)\Level Quality Watcher
2013-10-30 19:31 - 2013-10-30 19:56 - 00000000 ____D C:\Users\Stephanie\AppData\Local\Conduit
2013-10-30 19:31 - 2013-10-30 19:31 - 00000000 ____D C:\Users\Stephanie\AppData\Local\CRE
2013-10-30 19:31 - 2013-10-30 19:31 - 00000000 ____D C:\ProgramData\Conduit
2013-10-30 19:31 - 2013-10-30 19:31 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-10-30 13:14 - 2013-10-30 13:14 - 00000000 ____D C:\Users\crowi_000\AppData\Roaming\WebApp
2013-10-30 08:52 - 2013-10-30 08:52 - 00000000 ____D C:\Users\crowi_000\AppData\Local\Cyberlink
2013-10-30 08:15 - 2013-10-30 08:15 - 00000000 ____D C:\Users\crowi_000\Documents\CyberLink
2013-10-30 08:15 - 2013-10-30 08:15 - 00000000 ____D C:\Users\crowi_000\AppData\Roaming\CyberLink
2013-10-20 14:55 - 2013-10-20 14:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

==================== One Month Modified Files and Folders =======

2013-11-19 17:42 - 2013-11-19 17:42 - 00016966 _____ C:\Users\Stephanie\Desktop\FRST.txt
2013-11-19 17:41 - 2013-11-19 17:41 - 00000000 ____D C:\FRST
2013-11-19 17:40 - 2013-11-19 17:40 - 01957964 _____ (Farbar) C:\Users\Stephanie\Desktop\FRST64.exe
2013-11-19 17:34 - 2013-01-16 09:48 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-19 17:00 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\sru
2013-11-19 15:51 - 2013-01-10 18:55 - 01951884 _____ C:\Windows\WindowsUpdate.log
2013-11-19 15:36 - 2013-01-10 19:31 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2095566746-4171551616-1196269454-1002
2013-11-19 14:09 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-19 12:44 - 2013-11-19 12:44 - 00013731 _____ C:\ComboFix.txt
2013-11-19 12:44 - 2013-11-15 16:13 - 00000000 ____D C:\Qoobox
2013-11-19 12:41 - 2012-07-26 00:26 - 00000215 _____ C:\Windows\system.ini
2013-11-19 06:34 - 2013-01-16 09:48 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-18 09:31 - 2013-11-18 09:28 - 00003410 _____ C:\Users\Stephanie\Desktop\SystemLook.txt
2013-11-18 09:28 - 2013-11-18 09:28 - 00165376 _____ C:\Users\Stephanie\Desktop\SystemLook_x64.exe
2013-11-18 09:22 - 2013-11-18 09:22 - 00891200 _____ C:\Users\Stephanie\Desktop\SecurityCheck.exe
2013-11-16 13:06 - 2012-07-26 02:28 - 00941050 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-16 12:59 - 2012-08-03 17:23 - 00281882 _____ C:\Windows\PFRO.log
2013-11-16 12:59 - 2012-07-26 02:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-16 12:58 - 2013-01-10 18:45 - 00000000 ____D C:\Users\Stephanie
2013-11-16 12:58 - 2012-07-26 00:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2013-11-16 12:43 - 2013-11-15 16:12 - 05146587 ____R (Swearware) C:\Users\Stephanie\Desktop\ComboFix.exe
2013-11-15 16:48 - 2012-07-26 00:37 - 00000000 __RHD C:\Users\Default
2013-11-15 16:43 - 2013-11-15 09:43 - 00000000 ____D C:\Windows\ERDNT
2013-11-15 16:38 - 2012-07-26 00:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-11-15 16:35 - 2013-11-15 16:34 - 00366384 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-15 16:30 - 2012-07-26 00:26 - 72351744 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-11-15 16:30 - 2012-07-26 00:26 - 41943040 _____ C:\Windows\system32\config\SYSTEM.bak
2013-11-15 16:30 - 2012-07-26 00:26 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-11-15 16:30 - 2012-07-26 00:26 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-11-15 16:30 - 2012-07-26 00:26 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-11-15 16:28 - 2012-07-26 03:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-15 16:28 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\WinStore
2013-11-15 09:52 - 2013-11-15 09:45 - 00000000 ____D C:\Users\Stephanie\Desktop\RK_Quarantine
2013-11-15 09:51 - 2013-11-15 09:51 - 00002168 _____ C:\Users\Stephanie\Desktop\RKreport[0]_S_11152013_095100.txt
2013-11-15 09:45 - 2013-11-15 09:45 - 04161024 _____ C:\Users\Stephanie\Desktop\RogueKillerX64.exe
2013-11-15 09:42 - 2013-11-15 09:42 - 00000928 _____ C:\Users\Stephanie\Desktop\NTREGOPT.lnk
2013-11-15 09:42 - 2013-11-15 09:42 - 00000928 _____ C:\Users\crowi_000\Desktop\NTREGOPT.lnk
2013-11-15 09:42 - 2013-11-15 09:42 - 00000928 _____ C:\Users\Amelie\Desktop\NTREGOPT.lnk
2013-11-15 09:42 - 2013-11-15 09:42 - 00000909 _____ C:\Users\Stephanie\Desktop\ERUNT.lnk
2013-11-15 09:42 - 2013-11-15 09:42 - 00000909 _____ C:\Users\crowi_000\Desktop\ERUNT.lnk
2013-11-15 09:42 - 2013-11-15 09:42 - 00000909 _____ C:\Users\Amelie\Desktop\ERUNT.lnk
2013-11-15 09:42 - 2013-11-15 09:42 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-11-15 09:40 - 2013-11-15 09:40 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Stephanie\Desktop\erunt-setup.exe
2013-11-15 09:39 - 2013-11-15 09:38 - 00002838 _____ C:\Users\Stephanie\Desktop\Rkill.txt
2013-11-15 09:38 - 2013-11-15 09:38 - 00000000 ____D C:\Users\Stephanie\Desktop\rkill
2013-11-15 09:36 - 2013-11-15 09:36 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Stephanie\Desktop\rkill.exe
2013-11-15 06:38 - 2013-01-16 09:49 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-14 22:31 - 2013-11-14 22:31 - 00017018 _____ C:\Users\Stephanie\Desktop\dds.txt
2013-11-14 22:31 - 2013-11-14 22:31 - 00006903 _____ C:\Users\Stephanie\Desktop\attach.txt
2013-11-14 22:30 - 2013-11-14 22:30 - 00688992 ____R (Swearware) C:\Users\Stephanie\Desktop\dds.scr
2013-11-14 20:21 - 2013-01-12 10:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 20:19 - 2013-11-14 20:19 - 00000000 ____D C:\Users\Stephanie\AppData\Local\NativeMessaging
2013-11-14 20:18 - 2013-11-14 20:18 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-14 20:18 - 2013-11-14 20:18 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Malwarebytes
2013-11-14 20:18 - 2013-11-14 20:18 - 00000000 ____D C:\Users\Stephanie\AppData\Local\WhiteListing
2013-11-14 20:18 - 2013-11-14 20:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-14 20:18 - 2013-11-14 20:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 20:15 - 2013-11-14 20:15 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Stephanie\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-14 20:14 - 2013-08-15 09:05 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 20:12 - 2013-01-13 16:57 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-05 17:58 - 2013-11-15 16:32 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-04 12:01 - 2013-09-05 20:46 - 00023645 _____ C:\Users\Stephanie\Documents\2013-2014 School Schedule.xlsx
2013-11-04 11:54 - 2013-11-04 11:37 - 00010377 _____ C:\Users\Stephanie\Documents\vocabulary cards.xlsx
2013-10-30 19:56 - 2013-10-30 19:31 - 00000000 ____D C:\Users\Stephanie\AppData\Local\Conduit
2013-10-30 19:37 - 2013-10-30 19:37 - 00000000 ____D C:\Users\Stephanie\Documents\Optimizer Pro
2013-10-30 19:33 - 2013-10-30 19:33 - 00003872 _____ C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2013-10-30 19:33 - 2013-10-30 19:33 - 00000258 __RSH C:\Users\Stephanie\ntuser.pol
2013-10-30 19:33 - 2012-07-26 03:12 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-10-30 19:33 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-10-30 19:32 - 2013-10-30 19:32 - 00000000 ____D C:\Program Files (x86)\Level Quality Watcher
2013-10-30 19:31 - 2013-10-30 19:31 - 00000000 ____D C:\Users\Stephanie\AppData\Local\CRE
2013-10-30 19:31 - 2013-10-30 19:31 - 00000000 ____D C:\ProgramData\Conduit
2013-10-30 19:31 - 2013-10-30 19:31 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-10-30 18:25 - 2013-01-12 21:00 - 00000000 ____D C:\Users\Stephanie\AppData\Local\CrashDumps
2013-10-30 13:14 - 2013-10-30 13:14 - 00000000 ____D C:\Users\crowi_000\AppData\Roaming\WebApp
2013-10-30 08:52 - 2013-10-30 08:52 - 00000000 ____D C:\Users\crowi_000\AppData\Local\Cyberlink
2013-10-30 08:15 - 2013-10-30 08:15 - 00000000 ____D C:\Users\crowi_000\Documents\CyberLink
2013-10-30 08:15 - 2013-10-30 08:15 - 00000000 ____D C:\Users\crowi_000\AppData\Roaming\CyberLink
2013-10-29 10:06 - 2013-01-10 19:00 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{55140AF2-60A7-47E8-9512-31549F18C1BD}
2013-10-28 21:38 - 2013-09-15 20:07 - 00000000 ____D C:\Users\Stephanie\Documents\FLASH CARDS
2013-10-28 20:49 - 2013-02-11 16:18 - 00000000 ____D C:\Users\Stephanie\Documents\HOMESCHOOLING
2013-10-25 07:30 - 2013-01-14 17:25 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2095566746-4171551616-1196269454-1008
2013-10-23 18:28 - 2013-02-08 07:38 - 00000000 ____D C:\Users\crowi_000\AppData\Local\Google
2013-10-23 18:27 - 2013-01-14 17:18 - 00000000 ___RD C:\Users\crowi_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-23 18:27 - 2013-01-14 17:18 - 00000000 ___RD C:\Users\crowi_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-23 11:07 - 2013-01-13 14:32 - 00045056 ___SH C:\Users\Stephanie\Desktop\Thumbs.db
2013-10-20 14:55 - 2013-10-20 14:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-10-20 14:55 - 2012-07-26 02:21 - 00038793 _____ C:\Windows\setupact.log

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-19 03:01

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2013
Ran by Stephanie at 2013-11-19 17:43:01
Running from C:\Users\Stephanie\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

4 Elements II (x32 Version: 2.2.0.98)
Adobe AIR (x32 Version: 3.7.0.1860)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635)
AMD Accelerated Video Transcoding (Version: 12.5.100.20808)
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Install Manager (Version: 8.0.881.0)
AMD Fuel (Version: 2012.0808.1024.16666)
AMD Quick Stream (Version: 3.3.26.0)
AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666)
Bejeweled 3 (x32 Version: 2.2.0.98)
Bonjour (Version: 3.0.0.10)
BrowserSafeguard (x32)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0808.1024.16666)
Catalyst Control Center InstallProxy (x32 Version: 2012.0808.1024.16666)
Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666)
CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666)
CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666)
CCC Help Czech (x32 Version: 2012.0808.1023.16666)
CCC Help Danish (x32 Version: 2012.0808.1023.16666)
CCC Help Dutch (x32 Version: 2012.0808.1023.16666)
CCC Help English (x32 Version: 2012.0808.1023.16666)
CCC Help Finnish (x32 Version: 2012.0808.1023.16666)
CCC Help French (x32 Version: 2012.0808.1023.16666)
CCC Help German (x32 Version: 2012.0808.1023.16666)
CCC Help Greek (x32 Version: 2012.0808.1023.16666)
CCC Help Hungarian (x32 Version: 2012.0808.1023.16666)
CCC Help Italian (x32 Version: 2012.0808.1023.16666)
CCC Help Japanese (x32 Version: 2012.0808.1023.16666)
CCC Help Korean (x32 Version: 2012.0808.1023.16666)
CCC Help Norwegian (x32 Version: 2012.0808.1023.16666)
CCC Help Polish (x32 Version: 2012.0808.1023.16666)
CCC Help Portuguese (x32 Version: 2012.0808.1023.16666)
CCC Help Russian (x32 Version: 2012.0808.1023.16666)
CCC Help Spanish (x32 Version: 2012.0808.1023.16666)
CCC Help Swedish (x32 Version: 2012.0808.1023.16666)
CCC Help Thai (x32 Version: 2012.0808.1023.16666)
CCC Help Turkish (x32 Version: 2012.0808.1023.16666)
ccc-utility64 (Version: 2012.0808.1024.16666)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98)
Cradle of Rome 2 (x32 Version: 2.2.0.98)
CyberLink LabelPrint (x32 Version: 2.5.1.5407)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916)
CyberLink PhotoDirector (x32 Version: 2.0.1.3119)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1926)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925)
CyberLink PowerDVD (x32 Version: 10.0.6.4319)
CyberLink YouCam (x32 Version: 3.5.4.5527)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Energy Star (Version: 1.0.8)
ERUNT 1.1j (x32)
Farm Frenzy (x32 Version: 2.2.0.98)
FATE: The Cursed King (x32 Version: 2.2.0.97)
Final Drive Fury (x32 Version: 2.2.0.95)
FlatOut 2 (x32 Version: 2.2.0.98)
Google Chrome (x32 Version: 31.0.1650.57)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000)
Hoyle Card Games (x32 Version: 2.2.0.95)
HP 3D DriveGuard (Version: 4.2.5.1)
HP Connected Music (Meridian - installer) (x32 Version: v1.0)
HP Connected Music (Meridian - player) (HKCU Version: 1.1 (build 59) hp)
HP CoolSense (x32 Version: 2.10.3)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.1.0.0)
HP Games (x32 Version: 1.0.3.0)
HP MyRoom (x32 Version: 9.4.0151)
HP Photo Creations (x32 Version: 1.0.0.7702)
HP Photosmart 5510 series Basic Device Software (Version: 28.0.1315.0)
HP Photosmart 5510 series Help (x32 Version: 140.0.2.2)
HP Photosmart 5510 series Product Improvement Study (Version: 28.0.1315.0)
HP Postscript Converter (Version: 3.1.3554)
HP Quick Launch (x32 Version: 3.0.3)
HP Recovery Manager (x32 Version: 7.00)
HP Registration Service (Version: 1.0.5976.4186)
HP Software Framework (x32 Version: 4.6.8.1)
HP Support Assistant (x32 Version: 7.0.32.44)
HP Update (x32 Version: 5.003.003.001)
HP Utility Center (x32 Version: 1.0.7)
HP Wireless Button Driver (x32 Version: 1.0.5.1)
IDT Audio (x32 Version: 1.0.6417.0)
Jewel Match 3 (x32 Version: 2.2.0.98)
John Deere Drive Green (x32 Version: 2.2.0.95)
Luxor Evolved (x32 Version: 2.2.0.98)
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98)
MSVCRT (x32 Version: 15.4.2862.0708)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98)
Norton 360 (x32 Version: 20.4.0.40)
Peggle Nights (x32 Version: 2.2.0.98)
Penguins! (x32 Version: 2.2.0.98)
Polar Bowler (x32 Version: 2.2.0.97)
Polar Golfer (x32 Version: 2.2.0.98)
Qualcomm Atheros Driver Installation Program (x32 Version: 10.0)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012)
Realtek PCIE Card Reader (x32 Version: 6.2.8400.29029)
Roads of Rome 3 (x32 Version: 2.2.0.98)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Sheet Music Plus Digital Print (x32 Version: 255.11.14)
Sheet Music Plus Digital Print (x32 Version: v2011.11.14)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 16.2.10.12)
Tales of Lagoona (x32 Version: 2.2.0.110)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
Update Installer for WildTangent Games App (x32)
Vacation Quest™ - Australia (x32 Version: 2.2.0.98)
WildTangent Games (x32 Version: 1.0.3.0)
WildTangent Games App (x32 Version: 4.0.9.6)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Zuma's Revenge (x32 Version: 2.2.0.98)

==================== Restore Points  =========================

04-11-2013 22:35:00 Windows Update
15-11-2013 01:06:29 Windows Update
19-11-2013 01:34:21 ComboFix created restore point

==================== Hosts content: ==========================

2012-07-26 00:26 - 2013-11-19 00:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {03EA2620-27E3-4620-9199-5A725235B400} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2E673931-74D8-4765-97B7-7CFCC29C601A} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {309317BF-0AB0-48FB-BC0F-3B97845B3235} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {3E5D26C4-4551-4F13-9326-6FEBAB9241A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16] (Google Inc.)
Task: {4591EABE-CCA9-496E-B50C-2DAD13BCD0C2} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {5E7D7150-B302-4610-9A60-4BCE8DBA7477} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {5F202C8D-0350-4881-B092-EBCE38DFEC41} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {65DDCB48-A992-4F3C-931D-50D4722CB147} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {7E23C86F-BCE3-4401-BC72-98788621908F} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe
Task: {8275416D-EB59-4138-8E5F-AA8BC77399B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {9EC76CD8-7703-4747-9AD1-32D7E5EA7F83} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16] (Google Inc.)
Task: {D0664343-F5FC-424E-8772-174CB5CAE93A} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\SymErr.exe
Task: {D22B956D-54E0-427E-A98D-4E479815916F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\SymErr.exe
Task: {D822D446-F425-4750-9500-58F3BA02ACEE} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {DB47F5E8-B9EA-4DBF-ABB0-9120529D63CD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\wscstub.exe [2013-06-03] (Symantec Corporation)
Task: {E4F3DCE6-8921-4309-B7EB-FA81E8BFC7D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {E9E75A35-16C7-4BBB-B7C1-0FC4059D12F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {F8457566-EC43-4434-A6FB-8B95B7E1324E} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-14 18:28 - 2013-09-14 18:28 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-06-15 16:52 - 2012-05-30 09:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\wincfi39.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2013 09:45:10 AM) (Source: Application Hang) (User: )
Description: The program WWAHost.exe version 6.2.9200.16420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2894

Start Time: 01cee1bab057b918

Termination Time: 4294967295

Application Path: C:\Windows\System32\WWAHost.exe

Report Id: 83434f8a-4e04-11e3-bea4-28924a4c7990

Faulting package full name: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: Windows.Store

Error: (11/15/2013 09:45:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: CROWEFAMILY)
Description: Package winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy was terminated because it took too long to suspend.

Error: (11/14/2013 11:08:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1513

Error: (11/14/2013 11:08:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1513

Error: (11/14/2013 11:08:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/05/2013 01:49:16 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (11/05/2013 01:48:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15585

Error: (11/05/2013 01:48:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15585

Error: (11/05/2013 01:48:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/01/2013 09:42:13 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

System errors:
=============
Error: (11/19/2013 00:41:54 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/19/2013 11:29:13 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/19/2013 10:18:15 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/19/2013 00:25:53 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/19/2013 00:25:09 AM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys

Error: (11/19/2013 00:25:09 AM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys

Error: (11/18/2013 11:19:03 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/16/2013 01:01:49 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%31

Error: (11/16/2013 00:58:02 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/16/2013 00:56:59 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Microsoft Office Sessions:
=========================
Error: (11/15/2013 09:45:10 AM) (Source: Application Hang)(User: )
Description: WWAHost.exe6.2.9200.16420289401cee1bab057b9184294967295C:\Windows\System32\WWAHost.exe83434f8a-4e04-11e3-bea4-28924a4c7990winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewyWindows.Store

Error: (11/15/2013 09:45:04 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: CROWEFAMILY)
Description: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy

Error: (11/14/2013 11:08:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1513

Error: (11/14/2013 11:08:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1513

Error: (11/14/2013 11:08:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/05/2013 01:49:16 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (11/05/2013 01:48:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15585

Error: (11/05/2013 01:48:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15585

Error: (11/05/2013 01:48:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/01/2013 09:42:13 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

CodeIntegrity Errors:
===================================
  Date: 2013-11-19 17:41:01.885
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-19 17:29:11.698
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-19 15:30:55.231
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-19 15:30:52.507
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-19 15:29:46.693
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-19 15:29:37.822
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-19 10:18:19.219
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-19 10:18:19.138
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-19 10:18:19.032
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-19 10:18:18.952
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 3546.25 MB
Available physical RAM: 1858.8 MB
Total Pagefile: 5722.25 MB
Available Pagefile: 3780.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:673.08 GB) (Free:621.21 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.79 GB) (Free:2.96 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 3D867707)

Partition: GPT Partition Type
==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Well it looks like the computer still has a bit more left on it than I expected to still be there.

Please download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-11-2013
Ran by Stephanie at 2013-11-20 02:40:20 Run:1
Running from C:\Users\Stephanie\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {3E5D26C4-4551-4F13-9326-6FEBAB9241A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16] (Google Inc.)
Task: {7E23C86F-BCE3-4401-BC72-98788621908F} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe
Task: {9EC76CD8-7703-4747-9AD1-32D7E5EA7F83} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Browsersafeguard
C:\Users\Stephanie\AppData\Roaming\DefaultTab
HKLM-x32\...\Run: [] - [x]
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-01-16] (Google Inc.)
HKU\Amelie\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-01-16] (Google Inc.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM - {6FFE2BEF-327B-4B39-B1B9-D10641D31431} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {6FFE2BEF-327B-4B39-B1B9-D10641D31431} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://search.condui...1152291113&UM=2
SearchScopes: HKCU - {26DD32B0-541D-4F0A-9DEB-DA8324B89C36} URL = http://search.condui...&q={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKCU - {F58F22EB-3D69-4A89-A19D-D34630C7D6DC} URL = http://search.condui...1152291113&UM=2
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name - {10AD2C61-0898-4348-8600-14A342F22AC3} -  No File
BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Stephanie\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
CHR Extension: (WhiteSmoke New V.13) - C:\Users\STEPHA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgeaklkciolgbejekedbdphhbjbiaamp\10.22.3.518_0
CHR Extension: (Scorpion Saver) - C:\Users\STEPHA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0
CHR HKLM-x32\...\Chrome\Extension: [hgeaklkciolgbejekedbdphhbjbiaamp] - C:\Users\Stephanie\AppData\Local\CRE\hgeaklkciolgbejekedbdphhbjbiaamp.crx

*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3E5D26C4-4551-4F13-9326-6FEBAB9241A1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E5D26C4-4551-4F13-9326-6FEBAB9241A1} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E23C86F-BCE3-4401-BC72-98788621908F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E23C86F-BCE3-4401-BC72-98788621908F} => Key deleted successfully.
C:\Windows\System32\Tasks\BrowserSafeguard Update Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9EC76CD8-7703-4747-9AD1-32D7E5EA7F83} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EC76CD8-7703-4747-9AD1-32D7E5EA7F83} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
"C:\Program Files (x86)\Browsersafeguard" => File/Directory not found.
"C:\Users\Stephanie\AppData\Roaming\DefaultTab" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\swg => Value deleted successfully.
HKU\Amelie\Software\Microsoft\Windows\CurrentVersion\Run\\swg => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6FFE2BEF-327B-4B39-B1B9-D10641D31431} => Key deleted successfully.
HKCR\CLSID\{6FFE2BEF-327B-4B39-B1B9-D10641D31431} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key deleted successfully.
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6FFE2BEF-327B-4B39-B1B9-D10641D31431} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6FFE2BEF-327B-4B39-B1B9-D10641D31431} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{26DD32B0-541D-4F0A-9DEB-DA8324B89C36} => Key deleted successfully.
HKCR\CLSID\{26DD32B0-541D-4F0A-9DEB-DA8324B89C36} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F58F22EB-3D69-4A89-A19D-D34630C7D6DC} => Key deleted successfully.
HKCR\CLSID\{F58F22EB-3D69-4A89-A19D-D34630C7D6DC} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
C:\Users\STEPHA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgeaklkciolgbejekedbdphhbjbiaamp => Moved successfully.
C:\Users\STEPHA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hgeaklkciolgbejekedbdphhbjbiaamp => Key deleted successfully.
C:\Users\Stephanie\AppData\Local\CRE\hgeaklkciolgbejekedbdphhbjbiaamp.crx => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

Let me have you reset your browsers please.

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.

If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer

How to reset Internet Explorer settings

Firefox

Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome

Chrome - Reset browser settings

Opera

How to Perform a (really) clean Reinstall of Opera

Then run MBAM and check for updates and run a Quick Scan and post back the new log.

Then let me know how the computer is running now and if there are still any signs of an infection.

Link to post
Share on other sites

The computer is running well other than my own personal aversion to Windows 8. :D

 

Thank you for all of your wonderful and very professional help.

 

Log posted...

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.20.09

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16721
Stephanie :: CROWEFAMILY [administrator]

Protection: Enabled

11/20/2013 11:02:43 AM
MBAM-log-2013-11-20 (11-23-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256955
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX.1 (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> No action taken.
HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SOFTWARE\BROWSERSAFEGUARD (PUP.Optional.BrowserSafeGuard.A) -> No action taken.

Registry Values Detected: 1
HKLM\SOFTWARE\Browsersafeguard|sourceid (PUP.Optional.BrowserSafeGuard.A) -> Data: cpx_browsersafeguard-browser-display-US -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Users\Stephanie\Documents\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Level Quality Watcher (PUP.Optional.Adpeak) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard (PUP.Optional.BrowserSafeGuard) -> No action taken.
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> No action taken.

Files Detected: 6
C:\Windows\Installer\4de9cc02.msi (PUP.Optional.Adpeak) -> No action taken.
C:\Windows\Installer\4de9f6ca.msi (Adware.Adpeak) -> No action taken.
C:\Users\Stephanie\Documents\Optimizer Pro\CookiesException.txt (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Level Quality Watcher\LevelQualityWatcher64.exe (PUP.Optional.Adpeak) -> No action taken.
C:\Program Files (x86)\Level Quality Watcher\LevelQualityWatcher32.exe (PUP.Optional.Adpeak) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard\BrowserSafeguard.lnk (PUP.Optional.BrowserSafeGuard) -> No action taken.

(end)


 

Link to post
Share on other sites

  • Root Admin

Please run MBAM again but this time make sure you tell it to remove all of these threats.

HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> No action taken.

HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> No action taken.

HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken.

HKCR\DefaultTabBHO.DefaultTabBrowserActiveX.1 (PUP.Optional.DefaultTab.A) -> No action taken.

HKCR\DefaultTabBHO.DefaultTabBrowserActiveX (PUP.Optional.DefaultTab.A) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.

HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> No action taken.

HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> No action taken.

HKLM\SOFTWARE\BROWSERSAFEGUARD (PUP.Optional.BrowserSafeGuard.A) -> No action taken.

Registry Values Detected: 1

HKLM\SOFTWARE\Browsersafeguard|sourceid (PUP.Optional.BrowserSafeGuard.A) -> Data: cpx_browsersafeguard-browser-display-US -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 4

C:\Users\Stephanie\Documents\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Program Files (x86)\Level Quality Watcher (PUP.Optional.Adpeak) -> No action taken.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard (PUP.Optional.BrowserSafeGuard) -> No action taken.

C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> No action taken.

Files Detected: 6

C:\Windows\Installer\4de9cc02.msi (PUP.Optional.Adpeak) -> No action taken.

C:\Windows\Installer\4de9f6ca.msi (Adware.Adpeak) -> No action taken.

C:\Users\Stephanie\Documents\Optimizer Pro\CookiesException.txt (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Program Files (x86)\Level Quality Watcher\LevelQualityWatcher64.exe (PUP.Optional.Adpeak) -> No action taken.

C:\Program Files (x86)\Level Quality Watcher\LevelQualityWatcher32.exe (PUP.Optional.Adpeak) -> No action taken.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard\BrowserSafeguard.lnk (PUP.Optional.BrowserSafeGuard) -> No action taken.

(end)

Then post back with what hopefully will be a new clean log next time.

I'm leaving on vacation tomorrow so we need to finish today.

Thanks

Link to post
Share on other sites

Eureeka!

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.20.09

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16721
Stephanie :: CROWEFAMILY [administrator]

Protection: Enabled

11/20/2013 8:10:35 PM
mbam-log-2013-11-20 (20-10-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256665
Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.