Jump to content

Recommended Posts

Hello There,

    Hoping for a better start to the new year and have come here to see if anyone could help with my PC? It's had issues here n' there, that I battled through 2013 and really would like to get things cleaned up and running smoothly again. If any details as to the problems the PC is showing, or why I  think the behavior is abnormal would help let me know. I'll be happy to do whatever I can to have my computer back to the way it was without these issues that lead myself and a couple other under-qualified friends to believe its possible be hacked ( this is based on what we've looked up). Any instructions and help offered will be greatly welcomed and appreciated.

 

The requested DDS.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by StarCommand at 9:05:10 on 2014-01-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.1575 [GMT -8:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\WUDFHost.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\System32\MsSpellCheckingFacility.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.




uProxyOverride = <local>;*.local


BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\ips\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1C93436E-62F3-4C62-A21B-94B388234A87} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8F82F38E-41C9-41D8-BF76-6FEEB493C6CC} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.41\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coieplg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coieplg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\StarCommand\AppData\Roaming\Mozilla\Firefox\Profiles\audpebgh.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\N360x64\1501000.012\symds64.sys [2013-10-14 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\N360x64\1501000.012\symefa64.sys [2013-10-14 1147480]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [2013-12-3 1526488]
R1 ccSet_N360;N360 Settings Manager;C:\windows\System32\drivers\N360x64\1501000.012\ccsetx64.sys [2013-10-14 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20140101.001\IDSviA64.sys [2014-1-1 521944]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\N360x64\1501000.012\ironx64.sys [2013-10-14 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\N360x64\1501000.012\symnets.sys [2013-10-14 590936]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-21 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-21 701512]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\n360.exe [2013-10-14 264360]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2013-7-30 132504]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2013-4-24 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-24 2656280]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-20 137648]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2013-4-24 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-11-21 25928]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-4-24 38096]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2013-4-24 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2013-12-20 57840]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-6-6 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2013-4-24 243712]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2013-4-24 1109096]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\drivers\rtwlane.sys [2013-5-2 1514568]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-6-6 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-6-6 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-4-28 1255736]
.
=============== Created Last 30 ================
.
2013-12-29 08:21:00 -------- d-----w- C:\ProgramData\SMR410
2013-12-28 10:07:47 -------- d-----w- C:\windows\Migration
2013-12-20 21:57:59 -------- d-----w- C:\windows\en
2013-12-20 21:55:47 57840 ----a-w- C:\windows\System32\drivers\fssfltr.sys
2013-12-20 21:55:22 22240 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-20 21:54:44 77656 ----a-w- C:\windows\System32\XAPOFX1_5.dll
2013-12-20 21:54:44 74072 ----a-w- C:\windows\SysWow64\XAPOFX1_5.dll
2013-12-20 21:54:44 527192 ----a-w- C:\windows\SysWow64\XAudio2_7.dll
2013-12-20 21:54:44 518488 ----a-w- C:\windows\System32\XAudio2_7.dll
2013-12-20 21:54:41 2526056 ----a-w- C:\windows\System32\D3DCompiler_43.dll
2013-12-20 21:54:41 2106216 ----a-w- C:\windows\SysWow64\D3DCompiler_43.dll
2013-12-20 21:54:40 276832 ----a-w- C:\windows\System32\d3dx11_43.dll
2013-12-20 21:54:40 248672 ----a-w- C:\windows\SysWow64\d3dx11_43.dll
2013-12-20 21:54:20 523088 ----a-w- C:\windows\System32\d3dx10_42.dll
2013-12-20 21:54:20 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll
2013-12-20 21:53:58 4398360 ----a-w- C:\windows\System32\d3dx9_32.dll
2013-12-20 21:53:58 3426072 ----a-w- C:\windows\SysWow64\d3dx9_32.dll
2013-12-20 21:53:34 5659096 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a02375b81cefdcd04\skydrivesetup.exe
2013-12-20 21:53:34 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
2013-12-20 21:53:34 -------- d-----r- C:\Users\StarCommand\SkyDrive
2013-12-20 21:53:16 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2013-12-20 21:51:33 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a4128add1cefdcd06\DSETUP.dll
2013-12-20 21:51:33 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a4128add1cefdcd06\DXSETUP.exe
2013-12-20 21:51:33 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a4128add1cefdcd06\dsetup32.dll
2013-12-20 21:51:29 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a273328a1cefdcd05\DSETUP.dll
2013-12-20 21:51:29 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a273328a1cefdcd05\DXSETUP.exe
2013-12-20 21:51:29 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a273328a1cefdcd05\dsetup32.dll
2013-12-20 21:51:19 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9d4079b71cefdcd01\DSETUP.dll
2013-12-20 21:51:19 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9d4079b71cefdcd01\DXSETUP.exe
2013-12-20 21:51:19 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9d4079b71cefdcd01\dsetup32.dll
2013-12-20 21:51:17 -------- d-----w- C:\Users\StarCommand\AppData\Local\Windows Live
2013-12-14 21:47:42 -------- d-----w- C:\Users\StarCommand\AppData\Local\{EDADB347-39ED-4778-BA3E-43C4951664CE}
2013-12-14 21:46:39 -------- d-----w- C:\Users\StarCommand\AppData\Local\{EEE917BB-12B7-45C9-BC48-A765B4C64FBD}
2013-12-14 21:45:53 -------- d-----w- C:\Users\StarCommand\AppData\Local\{832B56C2-1894-4457-8F78-ECEDDC2A969F}
2013-12-14 21:43:46 -------- d-----w- C:\Users\StarCommand\AppData\Local\{C4ED5C3C-B301-452C-9698-330B9A660380}
2013-12-13 21:13:56 -------- d-----w- C:\Users\StarCommand\AppData\Local\{5EF08A4E-5F93-4A2B-A7C0-ABDF031E2443}
2013-12-12 11:02:45 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 11:02:45 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 11:02:45 12625920 ----a-w- C:\windows\System32\wmploc.DLL
2013-12-12 11:02:44 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL
2013-12-12 00:06:46 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2013-12-10 16:33:24 -------- d-----w- C:\Users\StarCommand\AppData\Local\{17E8426E-0426-4928-B9F9-35F7967EB8F8}
2013-12-10 00:53:44 89304 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2013-12-03 18:37:45 -------- d-----w- C:\Users\StarCommand\AppData\Local\{E558E62E-F099-435F-8071-2D3F837F5CC7}
.
==================== Find3M  ====================
.
2013-12-18 04:17:21 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-18 04:17:21 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-11-04 20:16:43 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-30 02:32:01 335360 ----a-w- C:\windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\windows\SysWow64\cscript.exe
2013-10-10 00:58:57 177752 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2013-10-05 20:25:35 1474048 ----a-w- C:\windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll
.
============= FINISH:  9:05:40.59 ===============


 

 

The requested Attach.txt:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/26/2013 9:28:38 AM
System Uptime: 12/31/2013 12:25:54 AM (57 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Intel® Pentium® CPU B960 @ 2.20GHz | CPU | 792/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 192.309 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 231 GiB total, 46.256 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 517.675 GiB free.
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Device ID: PCI\VEN_10EC&DEV_8176&SUBSYS_818110EC&REV_01\4&F943F65&0&00E1
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
PNP Device ID: PCI\VEN_10EC&DEV_8176&SUBSYS_818110EC&REV_01\4&F943F65&0&00E1
Service: RTWlanE
.
==== System Restore Points ===================
.
RP111: 12/20/2013 1:51:20 PM - Windows Live Essentials
RP112: 12/20/2013 1:53:39 PM - Installed DirectX
RP113: 12/20/2013 1:54:04 PM - Installed DirectX
RP114: 12/20/2013 1:54:25 PM - Installed DirectX
RP115: 12/20/2013 1:55:30 PM - WLSetup
RP116: 12/28/2013 2:06:37 AM - Windows Update
RP117: 12/28/2013 2:38:52 AM - Norton 360 Registry Clean
RP118: 12/28/2013 3:02:11 AM - Removed Apple Mobile Device Support
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.8) MUI
Amazon Links
Apple Application Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Bejeweled 3
Bonjour
Cards_Calendar_OrderGift_DoMorePlugout
Conexant HD Audio
D3DX10
FATE - The Traitor Soul
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HP Photosmart Essential 2.5
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Internet Explorer (Enable DEP)
iTunes
Java 7 Update 45
Java Auto Updater
Junk Mail filter update
Letters from Nowhere 2
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Movie Maker
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Norton 360
Norton PC Checkup
Penguins!
Photo Common
Photo Gallery
Picasa 3
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Polar Bowler
PSSWCORE
QuickTime
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RollerCoaster Tycoon 3: Platinum
Synaptics Pointing Device Driver
Tales of Lagoona
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBARegistration
VideoToolkit01
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
12/30/2013 2:57:26 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR6.
12/29/2013 6:45:31 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR5.
12/29/2013 6:42:52 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR2.
12/28/2013 10:07:23 AM, Error: Microsoft-Windows-Bits-Client [16398]  - A new BITS job could not be created. The current job count for the user StarCommand-PC\StarCommand (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
12/28/2013 10:06:28 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR5.
.
==== End Of File ===========================
 

Link to post
Share on other sites

  • Staff

Hello LostBravado

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

AdwCleaner

 

 

# AdwCleaner v3.016 - Report created 10/01/2014 at 20:41:20
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : StarCommand - STARCOMMAND-PC
# Running from : C:\Users\StarCommand\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\StarCommand\AppData\Roaming\pccustubinstaller

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v21.0 (en-US)

[ File : C:\Users\StarCommand\AppData\Roaming\Mozilla\Firefox\Profiles\audpebgh.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [1246 octets] - [10/01/2014 20:37:40]
AdwCleaner[R1].txt - [1306 octets] - [10/01/2014 20:39:45]
AdwCleaner[s0].txt - [1124 octets] - [10/01/2014 20:41:20]

########## EOF - C:\AdwCle

 

 

 

 

 

Junkware Removal Tool

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by StarCommand on Fri 01/10/2014 at 21:00:01.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{032835EA-C078-4563-BCEF-AC3B04205F3D}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{093A0B96-0808-40A3-9BA7-8B33EE2DF788}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{16196CA3-C5F7-4357-87E2-F5A30AB6AA94}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{17E8426E-0426-4928-B9F9-35F7967EB8F8}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{215DC721-D671-4A0F-822B-D3C94331BB35}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{2948AE9F-6FE8-476C-BA31-364AFE639326}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{2D6CF309-AD7B-4E45-91D2-854639A93E85}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{33A7542B-21DC-4694-8892-B6B8422DE2F1}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{38B1E394-F5D0-4D37-8586-F78B7C105678}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{3ED9DE9F-3EBF-4BA4-9A89-163AC98A6559}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{3F9B0830-1334-4CB8-932F-E85BB90F8B95}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{4035D3F4-15D6-4469-88A0-6136B6CEC667}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{52152189-7C82-4957-8395-5D8F85B11C9A}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{5EF08A4E-5F93-4A2B-A7C0-ABDF031E2443}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{654F0DE3-59F7-406C-BF49-8CB89339D7E7}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{6BB560BE-E4EA-4A51-8C44-F7C68891952D}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{6FB27991-1B48-420B-88C4-E7B2BFE581CB}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{7C27418E-62E7-4A9B-8051-595947AB8989}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{832B56C2-1894-4457-8F78-ECEDDC2A969F}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{85BA9EA7-1681-4167-969C-108091161336}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{922F0855-E8CF-4EE5-8E99-60176A6496A2}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{A2F00C8E-1A17-4888-BD84-A98DB521524E}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{A3CF0E90-F1E4-4EFE-8C86-C959EB9937FB}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{AE214AD9-579E-4C6B-8D23-CD004A619E2F}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{B84072F6-6A15-48A9-A7F7-CA8FAC0F3304}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{C019B562-D1E8-4F97-ADFC-1F701CB6706E}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{C4ED5C3C-B301-452C-9698-330B9A660380}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{D469CACF-4823-411E-BAA3-1AB7544369F2}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{DE5A1538-DCAC-469B-8498-35A8BA73690D}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{E558E62E-F099-435F-8071-2D3F837F5CC7}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{EA306CA6-F9BB-4F4F-9385-5E27B12B638E}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{EDADB347-39ED-4778-BA3E-43C4951664CE}
Successfully deleted: [Empty Folder] C:\Users\StarCommand\appdata\local\{EEE917BB-12B7-45C9-BC48-A765B4C64FBD}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/10/2014 at 21:07:25.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

I still have the changed MAC address showing ,  In properties I'm listed in different variations of myself under the security tab as under group, but getting a better layoutt with IE now. Now I have the internet issue resolved, that I tried to send a message to you briefly explaining . Thanks

Link to post
Share on other sites

  • Staff

Hello LostBravado

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
Link to post
Share on other sites

OK, I'm worried , as I've found myself in a "warning" zone after following the instructions on one then the other, of the links provided to disable security software. I followed the instructions they provided for Nortons 360 in the first set ,it said it was disabled but when I ran combo fix it said it was not disabled . So I followed the instructions via the second suggestions, which there was nothing to change it was already saying it's state is disabled for both the smart firewall and the anti-virus protection.  When I attempted to see if I could just close Combofix, to be able to come and ask here , what best to do, It took that as me wanting to move on with its work and popped up again with  :  Warning!!

                          antispyware: Norton360

      The above real time scanner(s) are still active but ComboFix shall continue to run. Kindly note that this is at your own risk

                                                                                           

There is an " X " in the top right corner to close this Warning!! and an " OK " box beneath the dialog. I have gone into Nortons and manually checked over every last form of protection to verify that everything IS in " OFF " mode. It truly is all disabled. But I'm scared to touch anything to do with ComboFix, as Norton's has maintained the same status of disabled and twice ComboFix said such is not the case, continue at your own risk. Yikes ! What should I do ?

Link to post
Share on other sites

OK (Exhale . . ) Ok . Everything  appears correct as far as overall layout and view of the Desktop, the distorted bar that ran through windows did not show up with the quick try I gave it. Will poke around at a few other things as well , and post them in a min.

 

 

ComboFix 14-01-08.03 - StarCommand 01/12/2014  11:38:19.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2186 [GMT -8:00]
Running from: c:\users\StarCommand\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-12 to 2014-01-12  )))))))))))))))))))))))))))))))
.
.
2014-01-11 05:00 . 2014-01-11 05:00 -------- d-----w- c:\windows\ERUNT
2014-01-11 04:37 . 2014-01-11 04:41 -------- d-----w- C:\AdwCleaner
2014-01-06 03:26 . 2014-01-06 03:26 -------- d-----w- c:\users\StarCommand\AppData\Roaming\Windows Live Writer
2014-01-06 03:26 . 2014-01-06 03:26 -------- d-----w- c:\users\StarCommand\AppData\Local\Windows Live Writer
2013-12-29 08:21 . 2013-12-29 08:21 -------- d-----w- c:\programdata\SMR410
2013-12-28 10:07 . 2013-12-28 10:07 -------- d-----w- c:\windows\Migration
2013-12-20 21:57 . 2013-12-20 21:57 -------- d-----w- c:\windows\en
2013-12-20 21:55 . 2014-01-11 18:00 -------- d-----w- c:\program files\Windows Live
2013-12-20 21:55 . 2013-12-20 21:55 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-20 21:54 . 2010-06-02 12:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-12-20 21:54 . 2010-06-02 12:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2013-12-20 21:54 . 2010-06-02 12:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2013-12-20 21:54 . 2010-06-02 12:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-12-20 21:54 . 2010-05-26 19:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-12-20 21:54 . 2010-05-26 19:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2013-12-20 21:54 . 2010-05-26 19:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-12-20 21:54 . 2010-05-26 19:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2013-12-20 21:54 . 2009-09-05 01:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2013-12-20 21:54 . 2009-09-05 01:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-12-20 21:53 . 2006-11-29 21:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-12-20 21:53 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2013-12-20 21:53 . 2013-12-20 21:53 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2013-12-20 21:53 . 2013-12-20 21:53 -------- d-----r- c:\users\StarCommand\SkyDrive
2013-12-20 21:53 . 2013-12-20 21:51 5659096 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a02375b81cefdcd04\skydrivesetup.exe
2013-12-20 21:53 . 2013-12-20 21:53 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-12-20 21:51 . 2014-01-06 03:26 -------- d-----w- c:\users\StarCommand\AppData\Local\Windows Live
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-18 04:17 . 2013-11-29 06:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-18 04:17 . 2013-11-29 06:19 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-01 22:42 . 2013-04-29 16:13 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-11-26 11:54 . 2013-12-12 11:01 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 11:03 . 2013-11-26 11:03 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-26 11:03 . 2013-11-26 11:03 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-26 11:03 . 2013-11-26 11:03 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-26 11:03 . 2013-11-26 11:03 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-26 11:03 . 2013-11-26 11:03 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-26 11:03 . 2013-11-26 11:03 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-26 11:03 . 2013-11-26 11:03 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-26 11:03 . 2013-11-26 11:03 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-26 11:03 . 2013-11-26 11:03 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-26 11:03 . 2013-11-26 11:03 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-26 11:03 . 2013-11-26 11:03 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-26 11:03 . 2013-11-26 11:03 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-26 11:03 . 2013-11-26 11:03 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-26 11:03 . 2013-11-26 11:03 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-26 11:03 . 2013-11-26 11:03 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-26 11:03 . 2013-11-26 11:03 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-26 11:03 . 2013-11-26 11:03 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-26 11:03 . 2013-11-26 11:03 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-26 11:03 . 2013-11-26 11:03 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-26 11:03 . 2013-11-26 11:03 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-26 11:03 . 2013-11-26 11:03 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-26 11:03 . 2013-11-26 11:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-26 11:03 . 2013-11-26 11:03 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-26 11:03 . 2013-11-26 11:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-26 11:03 . 2013-11-26 11:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-26 11:03 . 2013-11-26 11:03 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-26 11:03 . 2013-11-26 11:03 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-26 11:03 . 2013-11-26 11:03 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-26 11:03 . 2013-11-26 11:03 413696 ----a-w- c:\windows\system32\html.iec
2013-11-26 11:03 . 2013-11-26 11:03 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 11:03 . 2013-11-26 11:03 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-26 11:03 . 2013-11-26 11:03 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-26 11:03 . 2013-11-26 11:03 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-26 11:03 . 2013-11-26 11:03 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-26 11:03 . 2013-11-26 11:03 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-26 11:03 . 2013-11-26 11:03 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-26 11:03 . 2013-11-26 11:03 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-26 11:03 . 2013-11-26 11:03 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-26 11:03 . 2013-11-26 11:03 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-26 11:03 . 2013-11-26 11:03 235520 ----a-w- c:\windows\system32\url.dll
2013-11-26 11:03 . 2013-11-26 11:03 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-26 11:03 . 2013-11-26 11:03 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-26 11:03 . 2013-11-26 11:03 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-26 11:03 . 2013-11-26 11:03 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-26 11:03 . 2013-11-26 11:03 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-26 11:03 . 2013-11-26 11:03 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-26 11:03 . 2013-11-26 11:03 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-26 11:03 . 2013-11-26 11:03 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-26 11:03 . 2013-11-26 11:03 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-26 11:03 . 2013-11-26 11:03 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-26 11:03 . 2013-11-26 11:03 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-26 11:03 . 2013-11-26 11:03 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-26 11:03 . 2013-11-26 11:03 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-26 11:03 . 2013-11-26 11:03 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-26 11:03 . 2013-11-26 11:03 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-26 11:03 . 2013-11-26 11:03 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-26 11:03 . 2013-11-26 11:03 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-26 11:03 . 2013-11-26 11:03 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-26 11:03 . 2013-11-26 11:03 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-26 10:19 . 2013-12-12 11:01 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-12 11:01 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-12 11:01 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-12 11:01 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-12 11:01 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-12 11:01 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-12 11:01 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-12 11:01 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-12 11:01 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-12 11:01 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-12 11:01 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-12 11:01 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-12 11:01 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-12 11:01 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-12 11:01 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-12 11:01 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-12 11:01 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-12 11:01 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-12 11:01 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-12 11:01 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-12 11:01 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-12 11:01 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-12 11:01 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-12 00:06 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 00:06 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 02:23 . 2013-12-12 00:06 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-12 00:06 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-11-04 20:16 . 2013-11-04 20:16 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-30 02:32 . 2013-12-12 00:06 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-12 00:06 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-10-30 01:24 . 2013-12-12 00:06 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-10-19 02:18 . 2013-12-12 00:06 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-19 01:36 . 2013-12-12 00:06 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-10-15 02:00 . 2013-11-26 11:06 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-12-20 21:53 220632 ----a-w- c:\users\StarCommand\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-12-20 21:53 220632 ----a-w- c:\users\StarCommand\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-12-20 21:53 220632 ----a-w- c:\users\StarCommand\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-04-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMEFA64.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20131218.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20131218.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20140110.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20140110.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1501000.012\SYMNETS.SYS [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe;c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - EraserUtilDrv11312
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-04 23:22 1211344 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.41\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-29 04:17]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-25 06:08]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-25 06:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-12-20 21:53 244696 ----a-w- c:\users\StarCommand\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-12-20 21:53 244696 ----a-w- c:\users\StarCommand\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-12-20 21:53 244696 ----a-w- c:\users\StarCommand\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local


IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\StarCommand\AppData\Roaming\Mozilla\Firefox\Profiles\audpebgh.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.1.0.18;c:\program files (x86)\Norton 360\Engine64\21.1.0.18"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-601775634-3342353785-2946369947-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-601775634-3342353785-2946369947-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-12  11:46:12
ComboFix-quarantined-files.txt  2014-01-12 19:46
.
Pre-Run: 214,051,516,416 bytes free
Post-Run: 213,986,607,104 bytes free
.
- - End Of File - - A6D8BDFC212D3FF13DCF35C7893C42BB
 

Link to post
Share on other sites

  • Staff

Hello LostBravado

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
Link to post
Share on other sites

This is the resulting Log for Combo fix, that got to run with all AntiVirus and AntiMalware disabled:

 

ComboFix 14-01-14.02 - StarCommand 01/15/2014  22:31:05.4.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2195 [GMT -8:00]
Running from: c:\users\StarCommand\Desktop\ComboFix.exe
Command switches used :: c:\users\StarCommand\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-16 to 2014-01-16  )))))))))))))))))))))))))))))))
.
.
2014-01-16 06:40 . 2014-01-16 06:40 -------- d-----w- c:\users\The Irie One\AppData\Local\temp
2014-01-16 06:40 . 2014-01-16 06:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-16 06:40 . 2014-01-16 06:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-16 05:13 . 2014-01-16 05:13 96856 ----a-w- c:\windows\system32\drivers\SMR410.SYS
2014-01-11 05:00 . 2014-01-11 05:00 -------- d-----w- c:\windows\ERUNT
2014-01-11 04:37 . 2014-01-11 04:41 -------- d-----w- C:\AdwCleaner
2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\SysWow64\GPhotos.scr
2014-01-06 03:26 . 2014-01-06 03:26 -------- d-----w- c:\users\StarCommand\AppData\Roaming\Windows Live Writer
2014-01-06 03:26 . 2014-01-06 03:26 -------- d-----w- c:\users\StarCommand\AppData\Local\Windows Live Writer
2013-12-29 08:21 . 2013-12-29 08:21 -------- d-----w- c:\programdata\SMR410
2013-12-28 10:07 . 2013-12-28 10:07 -------- d-----w- c:\windows\Migration
2013-12-20 21:57 . 2013-12-20 21:57 -------- d-----w- c:\windows\en
2013-12-20 21:55 . 2014-01-11 18:00 -------- d-----w- c:\program files\Windows Live
2013-12-20 21:55 . 2013-12-20 21:55 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-20 21:54 . 2010-06-02 12:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-12-20 21:54 . 2010-06-02 12:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2013-12-20 21:54 . 2010-06-02 12:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2013-12-20 21:54 . 2010-06-02 12:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-12-20 21:54 . 2010-05-26 19:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-12-20 21:54 . 2010-05-26 19:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2013-12-20 21:54 . 2010-05-26 19:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-12-20 21:54 . 2010-05-26 19:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2013-12-20 21:54 . 2009-09-05 01:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2013-12-20 21:54 . 2009-09-05 01:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-12-20 21:53 . 2006-11-29 21:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-12-20 21:53 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2013-12-20 21:53 . 2013-12-20 21:53 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2013-12-20 21:53 . 2013-12-20 21:53 -------- d-----r- c:\users\StarCommand\SkyDrive
2013-12-20 21:53 . 2013-12-20 21:51 5659096 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a02375b81cefdcd04\skydrivesetup.exe
2013-12-20 21:53 . 2013-12-20 21:53 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-12-20 21:51 . 2014-01-06 03:26 -------- d-----w- c:\users\StarCommand\AppData\Local\Windows Live
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-14 21:05 . 2013-11-29 06:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-14 21:05 . 2013-11-29 06:19 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-01 22:42 . 2013-04-29 16:13 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-11-26 11:54 . 2013-12-12 11:01 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 11:03 . 2013-11-26 11:03 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-26 11:03 . 2013-11-26 11:03 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-26 11:03 . 2013-11-26 11:03 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-26 11:03 . 2013-11-26 11:03 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-26 11:03 . 2013-11-26 11:03 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-26 11:03 . 2013-11-26 11:03 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-26 11:03 . 2013-11-26 11:03 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-26 11:03 . 2013-11-26 11:03 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-26 11:03 . 2013-11-26 11:03 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-26 11:03 . 2013-11-26 11:03 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-26 11:03 . 2013-11-26 11:03 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-26 11:03 . 2013-11-26 11:03 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-26 11:03 . 2013-11-26 11:03 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-26 11:03 . 2013-11-26 11:03 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-26 11:03 . 2013-11-26 11:03 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-26 11:03 . 2013-11-26 11:03 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-26 11:03 . 2013-11-26 11:03 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-26 11:03 . 2013-11-26 11:03 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-26 11:03 . 2013-11-26 11:03 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-26 11:03 . 2013-11-26 11:03 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-26 11:03 . 2013-11-26 11:03 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-26 11:03 . 2013-11-26 11:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-26 11:03 . 2013-11-26 11:03 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-26 11:03 . 2013-11-26 11:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-26 11:03 . 2013-11-26 11:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-26 11:03 . 2013-11-26 11:03 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-26 11:03 . 2013-11-26 11:03 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-26 11:03 . 2013-11-26 11:03 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-26 11:03 . 2013-11-26 11:03 413696 ----a-w- c:\windows\system32\html.iec
2013-11-26 11:03 . 2013-11-26 11:03 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 11:03 . 2013-11-26 11:03 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-26 11:03 . 2013-11-26 11:03 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-26 11:03 . 2013-11-26 11:03 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-26 11:03 . 2013-11-26 11:03 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-26 11:03 . 2013-11-26 11:03 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-26 11:03 . 2013-11-26 11:03 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-26 11:03 . 2013-11-26 11:03 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-26 11:03 . 2013-11-26 11:03 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-26 11:03 . 2013-11-26 11:03 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-26 11:03 . 2013-11-26 11:03 235520 ----a-w- c:\windows\system32\url.dll
2013-11-26 11:03 . 2013-11-26 11:03 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-26 11:03 . 2013-11-26 11:03 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-26 11:03 . 2013-11-26 11:03 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-26 11:03 . 2013-11-26 11:03 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-26 11:03 . 2013-11-26 11:03 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-26 11:03 . 2013-11-26 11:03 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-26 11:03 . 2013-11-26 11:03 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-26 11:03 . 2013-11-26 11:03 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-26 11:03 . 2013-11-26 11:03 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-26 11:03 . 2013-11-26 11:03 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-26 11:03 . 2013-11-26 11:03 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-26 11:03 . 2013-11-26 11:03 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-26 11:03 . 2013-11-26 11:03 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-26 11:03 . 2013-11-26 11:03 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-26 11:03 . 2013-11-26 11:03 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-26 11:03 . 2013-11-26 11:03 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-26 11:03 . 2013-11-26 11:03 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-26 11:03 . 2013-11-26 11:03 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-26 11:03 . 2013-11-26 11:03 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-26 10:19 . 2013-12-12 11:01 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-12 11:01 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-12 11:01 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-12 11:01 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-12 11:01 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-12 11:01 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-12 11:01 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-12 11:01 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-12 11:01 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-12 11:01 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-12 11:01 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-12 11:01 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-12 11:01 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-12 11:01 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-12 11:01 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-12 11:01 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-12 11:01 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-12 11:01 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-12 11:01 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-12 11:01 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-12 11:01 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-12 11:01 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-12 11:01 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-12 00:06 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 00:06 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 02:23 . 2013-12-12 00:06 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-12 00:06 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-11-04 20:16 . 2013-11-04 20:16 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-30 02:32 . 2013-12-12 00:06 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-12 00:06 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-10-30 01:24 . 2013-12-12 00:06 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-10-19 02:18 . 2013-12-12 00:06 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-19 01:36 . 2013-12-12 00:06 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-12-20 21:53 220632 ----a-w- c:\users\StarCommand\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-12-20 21:53 220632 ----a-w- c:\users\StarCommand\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-12-20 21:53 220632 ----a-w- c:\users\StarCommand\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-04-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SMR410;Symantec SMR Utility Service 4.1.0;c:\windows\System32\drivers\SMR410.SYS;c:\windows\SYSNATIVE\drivers\SMR410.SYS [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMEFA64.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20140110.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20140110.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20140114.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20140114.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1501000.012\SYMNETS.SYS [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe;c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SMR410
*Deregistered* - EraserUtilDrv11312
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-16 01:22 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-29 21:05]
.
2014-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-25 06:08]
.
2014-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-25 06:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-12-20 21:53 244696 ----a-w- c:\users\StarCommand\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-12-20 21:53 244696 ----a-w- c:\users\StarCommand\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-12-20 21:53 244696 ----a-w- c:\users\StarCommand\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local


IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\StarCommand\AppData\Roaming\Mozilla\Firefox\Profiles\audpebgh.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.1.0.18;c:\program files (x86)\Norton 360\Engine64\21.1.0.18"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-601775634-3342353785-2946369947-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-601775634-3342353785-2946369947-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-15  22:50:42
ComboFix-quarantined-files.txt  2014-01-16 06:50
ComboFix2.txt  2014-01-12 19:46
.
Pre-Run: 203,615,563,776 bytes free
Post-Run: 203,547,885,568 bytes free
.
- - End Of File - - 18B9118C6B16A1E7ECF1CC5D531CC53A

 

 

 

  • I did not experience any problems or issues running ComboFix
  • I still have the changed MAC address, there are constant attacks on my computer according to Nortons and looking at the access logs the router produces , there is constant action that doesn't make sense. The main computer is a Apple MacBookPro  which "doesn't get viruses and can't be hacked, that's why there doesn't need to be a firewall or protection." So with everything running rampant, its hard to tell whats going on, because its never had any interaction other than the installation, until the other day when I was shown how to look at the access logs. I had to convince the MacBookPro to have a password to the internet, but it had been running with for who knows how long?
  • I also don't have access to pretty much 90% of one of my external harddrives any longer. It's got a lot of the same initial confusion with my saved files on this PC now,  
  • **** the first included pic is of properties with a culprit file that pops up when things are going bad. its shown up before and been told to me that its probably the account that was first used to set up this computer in the factory so it was ready to go when I bought it. I thought that sounded legit , until it showed up riddled in my external hard drive  (Old ExHD) before the whole thing was no longer accessible to me. the second clip shows the same culprit that was riddled  through random things, and this time its as a Sid of an audit success  ( one of sooooo many both reg and special log on entries ) .The third is of the IP address issue I was having prior to my sudden MAC address change.

 

I had written far more detail and specific response but had to brief for some explanation at this point.

  •  
  • It gets really frustrating typing in a descriptive reply that last auto saved at 11:19P.M. on 1/15/14 only to have another program on my computer , pop up asking me to handle something , and because I've interacted with this window that's taken up the whole screen, everything else is minimized , causing me to have to re-open and always refresh what page(s) I have open, in turn I lose everything I've had to poke around to find and type between 11:19PM on 1/15/14 and now, which is 2:55AM on 1/16/14. The same thing kept happening to me in the prior response I'd been trying to give. I'm exhausted and steam is coming from my ears. I will have to continue with response  tomorrow , when my eyes aren't struggling and taking turns to stay open
     
  • Now 3:15AM since I had to sign in again to post  . . . 

post-153429-0-40232700-1389870743_thumb.

post-153429-0-22759400-1389870759_thumb.

post-153429-0-21560400-1389870971_thumb.

Link to post
Share on other sites

  • Staff

Hello

"I still have the changed MAC address, there are constant attacks on my computer according to Nortons and looking at the access logs the router produces , there is constant action that doesn't make sense. The main computer is a Apple MacBookPro which "doesn't get viruses and can't be hacked, that's why there doesn't need to be a firewall or protection." So with everything running rampant, its hard to tell whats going on, because its never had any interaction other than the installation, until the other day when I was shown how to look at the access logs. I had to convince the MacBookPro to have a password to the internet, but it had been running with for who knows how long?"

I have not heard of a Mac address getting changed and where do you get this information "MacbookPro" can get virus and you will be seeing more and more in the near future - anybody tell you different they are walking aound with their eyes closed.

"I also don't have access to pretty much 90% of one of my external harddrives any longer. It's got a lot of the same initial confusion with my saved files on this PC now, " what happens when you try to access the files?

"**** the first included pic is of properties with a culprit file that pops up when things are going bad. its shown up before and been told to me that its probably the account that was first used to set up this computer in the factory so it was ready to go when I bought it. I thought that sounded legit , until it showed up riddled in my external hard drive (Old ExHD) before the whole thing was no longer accessible to me. the second clip shows the same culprit that was riddled through random things, and this time its as a Sid of an audit success ( one of sooooo many both reg and special log on entries ) .The third is of the IP address issue I was having prior to my sudden MAC address change."

The S-1-5-21 number is normal part of windows and I know it is really confusing to what it is but I know it is normal and has to do with types of accounts

so actully looking at what you have wrote and sifting thru things - the only thing I can say that is causing you problems is that you cannot access some files - that is the only negative thing that is going on at this time

Ohh and those IP's in the report are local IP numbers and have nothing to do with the internet

Gringo

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.