Jump to content

Malware.Trace won't remove


Aero

Recommended Posts

Yesterday I noticed that the process regscvs.exe was taking up to 50% of my CPU usage! Today I began running MB scans and it found 3 things: two of them were dclogs (Stolen.Data) and the other is a Malware.Trace. I keep restarting my computer after that and running scans again, and the same things keep popping up. However, the two stolen.data's are gone now but the malware.trace is still there. Please help me!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Rachel at 15:19:04 on 2013-12-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.2273 [GMT -5:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\DLLSuite\2013\DLLSuite.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\explorer.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\nacl64.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = www.dell.com
mWinlogon: Userinit = userinit.exe,
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\CoIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\CoIEPlg.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRunOnce: [uoceg] C:\Users\Rachel\uoceg\33513.vbs
uRunOnce: [nwkic] C:\Users\Rachel\nwkic\48667.vbs
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 131.91.129.32 131.91.129.61 131.91.120.123
TCP: Interfaces\{4BF82BDE-96F8-4159-BD58-05676C58CE4E} : DHCPNameServer = 131.91.129.32 131.91.129.61 131.91.120.123
TCP: Interfaces\{4BF82BDE-96F8-4159-BD58-05676C58CE4E}\14355535 : DHCPNameServer = 192.168.2.1 192.168.1.254
TCP: Interfaces\{4BF82BDE-96F8-4159-BD58-05676C58CE4E}\241627E686162747 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{4BF82BDE-96F8-4159-BD58-05676C58CE4E}\35471607C6563784F6473707F647 : DHCPNameServer = 12.127.16.68 216.57.128.2 12.127.17.77 216.57.130.1 12.127.16.77
TCP: Interfaces\{4BF82BDE-96F8-4159-BD58-05676C58CE4E}\4646D2772747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4BF82BDE-96F8-4159-BD58-05676C58CE4E}\6616577657563747 : DHCPNameServer = 131.91.129.32 131.91.129.61
TCP: Interfaces\{4BF82BDE-96F8-4159-BD58-05676C58CE4E}\D4561646F67737 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{4BF82BDE-96F8-4159-BD58-05676C58CE4E}\E4164656C6D616E6D21607 : DHCPNameServer = 192.168.0.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-3-21 55856]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys [2013-12-8 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys [2013-12-8 1147480]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [2013-12-8 1525848]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys [2013-12-8 162392]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2013-7-26 30752]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20130930.001\IDSviA64.sys [2013-12-8 520280]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys [2013-12-8 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys [2013-12-8 590936]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2013-7-26 82160]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2012-3-21 23912]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-3-21 172704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-8 137648]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-3-21 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2013-7-25 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-21 271872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-25 708200]
R3 SmbDrvIntel;SmbDrvIntel;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-7-25 26936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-2-27 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-2-27 180736]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-3 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-3-21 250984]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-7-3 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-15 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-7-3 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-11-7 98208]
.
=============== Created Last 30 ================
.
2013-12-08 19:55:27 219248 ----a-w- C:\Windows\SysWow64\vm3dum.dll
2013-12-08 19:54:22 3223152 ----a-w- C:\Windows\SysWow64\vm3dgl.dll
2013-12-08 19:50:51 63088 ----a-w- C:\Windows\SysWow64\vsocklib.dll
2013-12-08 19:50:47 50800 ----a-w- C:\Windows\SysWow64\vmhgfs.dll
2013-12-08 19:50:43 34416 ----a-w- C:\Windows\SysWow64\vmGuestLibJava.dll
2013-12-08 19:50:39 53360 ----a-w- C:\Windows\SysWow64\vmGuestLib.dll
2013-12-08 19:49:21 18432 ----a-w- C:\Windows\SysWow64\corpol.dll
2013-12-08 19:49:16 73216 ----a-w- C:\Windows\SysWow64\admparse.dll
2013-12-08 19:49:08 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-12-08 19:41:42 -------- d-----w- C:\Program Files (x86)\ESET
2013-12-08 19:41:19 -------- d-----w- C:\Windows\ERUNT
2013-12-08 19:22:56 -------- d-----w- C:\ProgramData\Weskysoft
2013-12-08 19:17:42 -------- d-----w- C:\Program Files (x86)\DLLSuite
2013-12-08 17:51:13 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-12-08 17:51:13 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-12-08 15:13:23 590936 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys
2013-12-08 15:13:23 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymELAM.sys
2013-12-08 15:13:22 858200 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\srtsp64.sys
2013-12-08 15:13:22 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys
2013-12-08 15:13:22 36952 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\srtspx64.sys
2013-12-08 15:13:22 264280 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys
2013-12-08 15:13:22 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys
2013-12-08 15:13:22 1147480 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys
2013-12-08 15:13:04 -------- d-----w- C:\Windows\System32\drivers\N360x64\1501000.012
2013-12-08 01:00:26 -------- d-----w- C:\Windows\Migration
2013-12-08 00:54:40 -------- d-----w- C:\e41020d7100ec0a78d4983ccbd
2013-12-07 20:49:44 -------- d-sh--r- C:\Users\Rachel\uoceg
2013-12-07 20:49:43 -------- d-sh--r- C:\Users\Rachel\nwkic
2013-12-07 20:49:32 -------- d-sh--r- C:\Users\Rachel\wrkcj
2013-11-27 20:01:28 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2013-11-19 16:57:43 -------- d-----w- C:\Users\Rachel\AppData\Local\FreemakeVideoConverter
2013-11-19 16:56:52 -------- d-----w- C:\ProgramData\Freemake
2013-11-19 16:56:40 -------- d-----w- C:\Program Files (x86)\Freemake
2013-11-17 14:52:08 -------- d-----w- C:\Users\Rachel\AppData\Roaming\SUPERAntiSpyware.com
2013-11-17 14:51:51 -------- d-----w- C:\Users\Rachel\AppData\Local\VS Revo Group
2013-11-17 14:51:41 -------- d-----w- C:\ProgramData\VS Revo Group
2013-11-15 11:45:57 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2013-11-15 11:45:57 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2013-11-14 22:28:53 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-14 22:28:53 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-14 22:28:44 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-14 22:24:56 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-11-14 22:24:19 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-11-14 22:24:19 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-11-14 22:24:19 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-11-14 22:24:19 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-11-14 22:24:19 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-11-14 21:31:00 -------- d-----w- C:\Program Files\HP
2013-11-14 18:41:23 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
==================== Find3M  ====================
.
2013-12-08 15:14:02 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-11-07 16:12:26 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-07 16:12:26 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-19 01:28:53 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-19 01:22:58 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-02 02:22:20 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2013-10-02 02:11:13 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-10-02 02:08:53 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-10-02 01:48:59 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2013-10-02 01:48:08 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2013-10-02 01:29:05 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2013-10-02 01:10:56 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-10-02 00:15:45 1057280 ----a-w- C:\Windows\System32\rdvidcrl.dll
2013-10-02 00:14:58 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2013-10-02 00:14:20 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2013-10-02 00:08:30 83968 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2013-10-02 00:01:16 420864 ----a-w- C:\Windows\System32\wksprt.exe
2013-10-01 23:58:48 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-10-01 23:31:09 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2013-10-01 23:08:10 855552 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2013-10-01 22:34:12 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2013-10-01 20:57:46 6578176 ----a-w- C:\Windows\System32\mstscax.dll
2013-10-01 20:55:10 5698048 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-18 20:08:56 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll
2013-09-15 20:18:14 57584 ----a-w- C:\Windows\System32\iolobtdfg.exe
2013-09-15 20:18:04 26184 ----a-w- C:\Windows\System32\smrgdf.exe
2013-09-15 19:59:14 2155152 ----a-w- C:\Windows\System32\Incinerator64.dll
2013-09-15 19:59:12 2097984 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2013-09-12 02:21:54 863344 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll
2013-09-12 02:21:54 501872 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll
2013-09-12 02:21:54 28776 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll
2013-09-12 02:21:54 18000 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2013-09-12 00:39:06 855664 ----a-w- C:\Windows\System32\msvcr110_clr0400.dll
2013-09-12 00:39:06 614000 ----a-w- C:\Windows\System32\msvcp110_clr0400.dll
2013-09-12 00:39:06 30312 ----a-w- C:\Windows\System32\aspnet_counters.dll
2013-09-12 00:39:06 18000 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
.
============= FINISH: 15:21:06.36 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 6/29/2013 2:11:24 PM
System Uptime: 12/8/2013 2:09:09 PM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0R225F
Processor: Intel® Core i5 CPU       M 450  @ 2.40GHz | U2E1 | 1176/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 284 GiB total, 90.392 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 7.066 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
==== System Restore Points ===================
.
RP161: 12/7/2013 7:54:13 PM - Windows Update
RP162: 12/8/2013 10:05:06 AM - Norton 360 Registry Clean
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Advanced Audio FX Engine
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audible Download Manager
Bonjour
Broadcom Wireless Utility
BufferChm
C4700
calibre 64bit
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CleanMem
Coupon Printer for Windows
CyberLink PowerDVD 9.5
Dell System Detect
Dell Webcam Central
Destinations
DeviceDiscovery
DivX Setup
DLL Suite 2013
ESET Online Scanner v3
Facebook Video Calling 1.2.0.287
Google Chrome
Google Update Helper
GPBaseService2
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
HPSSupply
Intel® Turbo Boost Technology Driver
Intel® Turbo Boost Technology Monitor
iolo technologies' System Mechanic
iTunes
Java 7 Update 45
Java 7 Update 45 (64-bit)
Java Auto Updater
JDownloader 0.9
Junk Mail filter update
K-Lite Codec Pack 10.0.0 Full
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 4.5.1
Microsoft Choice Guard
Microsoft Office 365 Home Premium - en-us
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Dell
Network64
Norton 360
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
PhotoFiltre 7
PS_AIO_06_C4700_SW_Min
Quickset64
QuickTime
QuickTransfer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Scan
Shop for HP Supplies
Skype™ 6.6
SmartWebPrinting
SolutionCenter
SpeedFan (remove only)
Status
SUPERAntiSpyware
Synaptics Pointing Device Driver
Toolbox
TrayApp
Trillian
VC80CRTRedist - 8.0.50727.6195
VSFilter 2.41.7634 (f47b42b) Beta
WebReg
WinDirStat 1.1.2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Movie Maker 2.6
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

I realized I had a lot of programs running during the course of that last one so here's an updated list with only Chrome and dds running:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 6/29/2013 2:11:24 PM
System Uptime: 12/9/2013 10:18:00 AM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0R225F
Processor: Intel® Core i5 CPU       M 450  @ 2.40GHz | U2E1 | 1176/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 284 GiB total, 89.945 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 7.066 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
==== System Restore Points ===================
.
RP161: 12/7/2013 7:54:13 PM - Windows Update
RP162: 12/8/2013 10:05:06 AM - Norton 360 Registry Clean
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Advanced Audio FX Engine
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audible Download Manager
Bonjour
Broadcom Wireless Utility
BufferChm
C4700
calibre 64bit
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CleanMem
Coupon Printer for Windows
CyberLink PowerDVD 9.5
Dell System Detect
Dell Webcam Central
Destinations
DeviceDiscovery
DivX Setup
DLL Suite 2013
ESET Online Scanner v3
Facebook Video Calling 1.2.0.287
Google Chrome
Google Update Helper
GPBaseService2
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
HPSSupply
Intel® Turbo Boost Technology Driver
Intel® Turbo Boost Technology Monitor
iolo technologies' System Mechanic
iTunes
Java 7 Update 45
Java 7 Update 45 (64-bit)
Java Auto Updater
JDownloader 0.9
Junk Mail filter update
K-Lite Codec Pack 10.0.0 Full
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 4.5.1
Microsoft Choice Guard
Microsoft Office 365 Home Premium - en-us
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Dell
Network64
Norton 360
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
PhotoFiltre 7
PS_AIO_06_C4700_SW_Min
Quickset64
QuickTime
QuickTransfer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Scan
Shop for HP Supplies
Skype™ 6.6
SmartWebPrinting
SolutionCenter
SpeedFan (remove only)
Status
SUPERAntiSpyware
Synaptics Pointing Device Driver
Toolbox
TrayApp
Trillian
VC80CRTRedist - 8.0.50727.6195
VSFilter 2.41.7634 (f47b42b) Beta
WebReg
WinDirStat 1.1.2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Movie Maker 2.6
.
==== End Of File ===========================
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Rachel at 10:57:30 on 2013-12-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.2487 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = www.dell.com
mWinlogon: Userinit = userinit.exe,
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\CoIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\CoIEPlg.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRunOnce: [uoceg] C:\Users\Rachel\uoceg\33513.vbs
uRunOnce: [nwkic] C:\Users\Rachel\nwkic\48667.vbs
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 131.91.129.32 131.91.129.61 131.91.120.123
TCP: Interfaces\{4BF82BDE-96F8-4159-BD58-05676C58CE4E} : DHCPNameServer = 131.91.129.32 131.91.129.61 131.91.120.123
TCP: Interfaces\{4BF82BDE-96F8-4159-BD58-05676C58CE4E}\14355535 : DHCPNameServer = 192.168.2.1 192.168.1.254
TCP: Interfaces\{4BF82BDE-96F8-4159-BD58-05676C58CE4E}\241627E686162747 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{4BF82BDE-96F8-4159-BD58-05676C58CE4E}\35471607C6563784F6473707F647 : DHCPNameServer = 12.127.16.68 216.57.128.2 12.127.17.77 216.57.130.1 12.127.16.77
TCP: Interfaces\{4BF82BDE-96F8-4159-BD58-05676C58CE4E}\4646D2772747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4BF82BDE-96F8-4159-BD58-05676C58CE4E}\6616577657563747 : DHCPNameServer = 131.91.129.32 131.91.129.61
TCP: Interfaces\{4BF82BDE-96F8-4159-BD58-05676C58CE4E}\D4561646F67737 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{4BF82BDE-96F8-4159-BD58-05676C58CE4E}\E4164656C6D616E6D21607 : DHCPNameServer = 192.168.0.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-3-21 55856]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys [2013-12-8 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys [2013-12-8 1147480]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [2013-12-3 1526488]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys [2013-12-8 162392]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2013-7-26 30752]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20131206.001\IDSviA64.sys [2013-12-6 521816]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys [2013-12-8 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys [2013-12-8 590936]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [2013-12-8 264360]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-7-27 1907896]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2013-7-26 82160]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2012-3-21 23912]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-3-21 172704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-8 137648]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-3-21 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2013-7-25 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-21 271872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-25 708200]
R3 SmbDrvIntel;SmbDrvIntel;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-7-25 26936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-19 111616]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-2-27 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-2-27 180736]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-3 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-3-21 250984]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-7-3 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-15 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-7-3 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-29 1255736]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-11-7 98208]
S4 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-9-17 1164328]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S4 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
.
=============== Created Last 30 ================
.
2013-12-08 20:24:36 -------- d-----w- C:\Users\Rachel\AppData\Roaming\dclogs
2013-12-08 19:55:27 219248 ----a-w- C:\Windows\SysWow64\vm3dum.dll
2013-12-08 19:54:22 3223152 ----a-w- C:\Windows\SysWow64\vm3dgl.dll
2013-12-08 19:50:51 63088 ----a-w- C:\Windows\SysWow64\vsocklib.dll
2013-12-08 19:50:47 50800 ----a-w- C:\Windows\SysWow64\vmhgfs.dll
2013-12-08 19:50:43 34416 ----a-w- C:\Windows\SysWow64\vmGuestLibJava.dll
2013-12-08 19:50:39 53360 ----a-w- C:\Windows\SysWow64\vmGuestLib.dll
2013-12-08 19:49:21 18432 ----a-w- C:\Windows\SysWow64\corpol.dll
2013-12-08 19:49:16 73216 ----a-w- C:\Windows\SysWow64\admparse.dll
2013-12-08 19:49:08 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-12-08 19:41:42 -------- d-----w- C:\Program Files (x86)\ESET
2013-12-08 19:41:19 -------- d-----w- C:\Windows\ERUNT
2013-12-08 19:22:56 -------- d-----w- C:\ProgramData\Weskysoft
2013-12-08 19:17:42 -------- d-----w- C:\Program Files (x86)\DLLSuite
2013-12-08 17:51:13 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-12-08 17:51:13 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-12-08 15:13:23 590936 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys
2013-12-08 15:13:23 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymELAM.sys
2013-12-08 15:13:22 858200 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\srtsp64.sys
2013-12-08 15:13:22 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys
2013-12-08 15:13:22 36952 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\srtspx64.sys
2013-12-08 15:13:22 264280 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys
2013-12-08 15:13:22 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys
2013-12-08 15:13:22 1147480 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys
2013-12-08 15:13:04 -------- d-----w- C:\Windows\System32\drivers\N360x64\1501000.012
2013-12-08 01:00:26 -------- d-----w- C:\Windows\Migration
2013-12-08 00:54:40 -------- d-----w- C:\e41020d7100ec0a78d4983ccbd
2013-12-07 20:49:44 -------- d-sh--r- C:\Users\Rachel\uoceg
2013-12-07 20:49:43 -------- d-sh--r- C:\Users\Rachel\nwkic
2013-12-07 20:49:32 -------- d-sh--r- C:\Users\Rachel\wrkcj
2013-11-27 20:01:28 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2013-11-19 16:57:43 -------- d-----w- C:\Users\Rachel\AppData\Local\FreemakeVideoConverter
2013-11-19 16:56:52 -------- d-----w- C:\ProgramData\Freemake
2013-11-19 16:56:40 -------- d-----w- C:\Program Files (x86)\Freemake
2013-11-17 14:52:08 -------- d-----w- C:\Users\Rachel\AppData\Roaming\SUPERAntiSpyware.com
2013-11-17 14:51:51 -------- d-----w- C:\Users\Rachel\AppData\Local\VS Revo Group
2013-11-17 14:51:41 -------- d-----w- C:\ProgramData\VS Revo Group
2013-11-15 11:45:57 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2013-11-15 11:45:57 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2013-11-14 22:28:53 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-14 22:28:53 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-14 22:28:44 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-14 22:24:56 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-11-14 22:24:19 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-11-14 22:24:19 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-11-14 22:24:19 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-11-14 22:24:19 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-11-14 22:24:19 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-11-14 21:31:00 -------- d-----w- C:\Program Files\HP
2013-11-14 18:41:23 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
==================== Find3M  ====================
.
2013-12-08 15:14:02 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-11-07 16:12:26 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-07 16:12:26 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-19 01:28:53 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-19 01:22:58 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-02 02:22:20 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2013-10-02 02:11:13 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-10-02 02:08:53 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-10-02 01:48:59 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2013-10-02 01:48:08 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2013-10-02 01:29:05 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2013-10-02 01:10:56 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-10-02 00:15:45 1057280 ----a-w- C:\Windows\System32\rdvidcrl.dll
2013-10-02 00:14:58 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2013-10-02 00:14:20 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2013-10-02 00:08:30 83968 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2013-10-02 00:01:16 420864 ----a-w- C:\Windows\System32\wksprt.exe
2013-10-01 23:58:48 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-10-01 23:31:09 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2013-10-01 23:08:10 855552 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2013-10-01 22:34:12 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2013-10-01 20:57:46 6578176 ----a-w- C:\Windows\System32\mstscax.dll
2013-10-01 20:55:10 5698048 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-18 20:08:56 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll
2013-09-15 20:18:14 57584 ----a-w- C:\Windows\System32\iolobtdfg.exe
2013-09-15 20:18:04 26184 ----a-w- C:\Windows\System32\smrgdf.exe
2013-09-15 19:59:14 2155152 ----a-w- C:\Windows\System32\Incinerator64.dll
2013-09-15 19:59:12 2097984 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2013-09-12 02:21:54 863344 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll
2013-09-12 02:21:54 501872 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll
2013-09-12 02:21:54 28776 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll
2013-09-12 02:21:54 18000 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2013-09-12 00:39:06 855664 ----a-w- C:\Windows\System32\msvcr110_clr0400.dll
2013-09-12 00:39:06 614000 ----a-w- C:\Windows\System32\msvcp110_clr0400.dll
2013-09-12 00:39:06 30312 ----a-w- C:\Windows\System32\aspnet_counters.dll
2013-09-12 00:39:06 18000 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
.
============= FINISH: 10:58:41.55 ===============
 

 

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Thank you for replying! Here's my log:

 

RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Rachel [Admin rights]
Mode : Scan -- Date : 12/10/2013 09:28:26
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 12 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[FF][PROXY] ilbmqufa.default-1383841768833 : user_pref("network.proxy.type", 2); -> FOUND
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BPVT-75JJ5T0 ATA Device +++++
--- User ---
[MBR] 825cabfd23f1fed859f5479f3a8bfc03
[bSP] 202b39974951ccf8d565ebf5a54d8dca : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 291242 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 596465664 | Size: 14001 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Seagate Backup+ SL USB Device +++++
--- User ---
[MBR] ab2f189fb2a6259fbd73bc92a123bded
[bSP] bcead0892629770487c65741f192befe : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_S_12102013_092826.txt >>
Link to post
Share on other sites

Sure. Here it is:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.08.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Rachel :: MININT-SCI4UD2 [administrator]
 
12/9/2013 5:25:12 PM
mbam-log-2013-12-09 (17-25-12).txt
 
Scan type: Full scan (C:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 408335
Time elapsed: 1 hour(s), 23 minute(s), 12 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
C:\Users\Rachel\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.
 
Files Detected: 1
C:\Users\Rachel\AppData\Roaming\dclogs\2013-12-09-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
 
(end)
 
 
Even though it says it was deleted successfully, whenever I run it again, it's back.
Link to post
Share on other sites

Clean out temp files by using disk cleanup or.........

Download, install and run CCleaner free to clean out temp files.
Here's a Tutorial if needed.
You may want to uncheck "cookies" and please stay away from the registry cleaner.

Then.....

Now download and unzip fix.zip (fix.reg)
Now double click on it and allow it to merge into the registry.

Reboot and run another scan with Malwarebytes.

MrC

Link to post
Share on other sites

It found nothing. Yay!

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.08.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Rachel :: MININT-SCI4UD2 [administrator]
 
12/10/2013 10:17:46 AM
mbam-log-2013-12-10 (10-17-46).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 361812
Time elapsed: 46 minute(s), 50 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
Yesterday I deleted everything in my Quarantine. Could that have something to do with it?
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.