Jump to content

Help Malicious Website Attacks

galen222
 Share

Recommended Posts

galen222

galen222

Posted
Posted

Help, my Norton keeps detecting malicious website attacks...

 

Category: Intrusion Prevention

Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
6/30/2014 9:17:25 AM,High,An intrusion attempt by 54.230.38.246 was blocked.,Blocked,No Action Required,"Malicious Site: Malicious Web Site, Domain, or URL (1)",No Action Required,No Action Required,"54.230.38.246, 80",d2cga0idq39sb9.cloudfront.net/50ONRED/RedUS96.exe,"GALEN-HP (192.168.17.180, 49203)",54.230.38.246,"TCP, www-http"
Network traffic from <b>d2cga0idq39sb9.cloudfront.net/50ONRED/RedUS96.exe</b> matches the signature of a known attack.  The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\PCMAX\SERVICE.EXE. 
 
I have tried to delete "pcmax" from my system in program files & services to no avail....
 
FRST Log
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02
Ran by Galen (administrator) on GALEN-HP on 30-06-2014 10:21:16
Running from C:\Users\Galen\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: "https://webmail.sjtp.net/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.sjtp.net%2fowa%2f", "https://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Create PDF) - C:\Users\Galen\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0\plugin/npWCChromeExtnStub.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Simple Pass) - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Galen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-02]
CHR Extension: (Google Drive) - C:\Users\Galen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Galen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\Galen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-02]
CHR Extension: (Google Search) - C:\Users\Galen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-02]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Galen\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-09-12]
CHR Extension: (GlowModified) - C:\Users\Galen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhabmhnmepifdbcjioefehlfipkhmgnh [2013-03-04]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Galen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-07-18]
CHR Extension: (Google Maps) - C:\Users\Galen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-11-02]
CHR Extension: (Google Wallet) - C:\Users\Galen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Outlook.com) - C:\Users\Galen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2013-03-04]
CHR Extension: (Gmail) - C:\Users\Galen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [jaaieiajnhcnimjgfmjpccjmmfkploci] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\Exts\Chrome.crx [2014-06-06]
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-01-26] (Advanced Micro Devices, Inc.) [File not signed]
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [265040 2014-05-23] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [31360 2012-01-18] (Advanced Micro Devices, Inc.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [189760 2012-02-05] (AppEx Networks Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62392 2014-06-04] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140627.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140629.023\ENG64.SYS [126040 2014-05-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140629.023\EX64.SYS [2099288 2014-05-27] (Symantec Corporation)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [35816 2014-06-30] (Greatis Software)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [266896 2012-10-30] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [20016 2011-10-14] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 getbus; \??\C:\Users\Galen\AppData\Local\Temp\getbus.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Accelerometer.sys 899B7E724BF19F17978B6A37B864A277
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdhub30.sys 2EF1BA6D5DC79FCE5E9216C8C2D3F193
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys F46EB9066C311EA44DBD29BBB7B710E2
C:\Windows\System32\DRIVERS\atikmpag.sys 6CED03A1A176526B15F2256B6C1E72BA
C:\Windows\System32\drivers\amdkmpfd.sys 19D7EED3928930BAFC541F1758AA6AA1
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\amdxhc.sys 541A6C49C792ED71FB3EFF8C815CFE60
C:\Windows\System32\drivers\amd_sata.sys A1434F35B7B171CB697D74D33F7D029F
C:\Windows\System32\drivers\amd_xata.sys E9B5A82FA268BB2D1B012030D5F4E096
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys D7253A1A7A49FA40EF0BA1955AAFB346
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\appexDrv.sys BC6526297C2E1377949F79A3AC622BAD
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys CE197ECAA255ACC7A7765DC24FAB3A0D
C:\Windows\System32\drivers\AtihdW76.sys 2B3B05C0A7768BF033217EB8F33F9C35
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 9E84A931DBEE0292E38ED672F6293A99
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys F10EFCE086C794F8A7C2C7A3EA52AC5F
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys 0510396A957E9FD7205BA62D3CAE4528
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\clwvd.sys 50F92C943F18B070F166D019DFAB3D9A
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 53BD875C7C0808235BFB803C1A8BE009
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 5E346ADBAD5110EAB2E9808ABE877A00
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 773ACF5823046FA40D7FD898559A7228
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys 3BE1C5810E4873962CE0FEADEA9F32C5
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcmon.sys 3CC07DAD48FA53193AE2F85DD8200B5E
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\System32\drivers\hpdskflt.sys D104FF402FC3DDB686E6DEF00334DB26
C:\Windows\System32\drivers\hppdbulkio.sys E325F85012E793CEE74B73C4F22AE311
C:\Windows\System32\drivers\hppdfaxio.sys AA2790DDA5EBE22FE5AAC11DA1103E5B
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140627.001\IDSvia64.sys F6F8CDA3CC5207BFD0B319A26E33ACD3
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140629.023\ENG64.SYS 702E07EC32F96ACDB873E9A5465D4401
C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140629.023\EX64.SYS 302EA314A1AF0D7CEF0A3D0195F79561
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvm62x64.sys A85B4F2EF3A7304A5399EF0526423040
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\Partizan.sys 6DDCF3F801EC15FE698F6A215CF30A1F
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RtsP2Stor.sys A1D5FFEFDBEB3881EC3D74CC7136847F
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 7F4F11527AF5A7E4526CB6A146B3E40C
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\system32\drivers\Smb_driver.sys 8AF2546861B179E2517EB02748B4FAB7
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS F718A57D946EAC76EFCB351D74E269F4
C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS B18CE01B9C09C59422BA7C7064248B35
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys 7E89F65EB250463EE8665CFE19566FC3
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS 5C9EE2303CA7F267665D75237862B39C
C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS 9F31630D7FC2DD9D5DA1CE359AAD1F46
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 97E11C50CE52277B377396EA8838E539
C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS 48C2934683CBD06F662B088EEF49EF6A
C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS 5570A74FF9B1EFBC5154DD1E2F05C517
C:\Windows\system32\drivers\SynTP.sys AC3CC98B1BDB6540021D3FFB105AC2B9
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbfilter.sys 33A58C5630200E17B51C8D73DD64181B
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vmci.sys 6203C901DEFF10631AAD919B3BD1489B
C:\Windows\system32\drivers\VMkbd.sys E75DDD0A4768CF509C80E76B8428A644
C:\Windows\System32\DRIVERS\vmnetadapter.sys AEF53B47E960F227BF7638A6A1A9D5C6
C:\Windows\System32\DRIVERS\vmnetbridge.sys C234A1DC2F06A15B9210787F54253810
C:\Windows\system32\drivers\vmnetuserif.sys 25FBBC8C168AEE1753C330352EA6D009
C:\Windows\system32\drivers\vmx86.sys D37CB37BF3FB6612BCA19D81EFA16122
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vsock.sys EF1E48D431223F670CFFD6169B1A136F
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUSB.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-30 10:21 - 2014-06-30 10:21 - 00051282 _____ () C:\Users\Galen\Downloads\FRST.txt
2014-06-30 10:20 - 2014-06-30 10:21 - 00000000 ____D () C:\FRST
2014-06-30 10:20 - 2014-06-30 10:20 - 02083328 _____ (Farbar) C:\Users\Galen\Downloads\FRST64.exe
2014-06-30 10:10 - 2014-06-30 10:10 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-06-30 10:10 - 2014-06-30 10:10 - 00001106 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Exploit.lnk
2014-06-30 10:10 - 2014-06-30 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-06-30 10:10 - 2014-06-30 10:10 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-06-30 10:10 - 2014-06-30 10:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-06-30 10:08 - 2014-06-30 10:08 - 02650408 _____ (Malwarebytes ) C:\Users\Galen\Downloads\mbae-setup-1.03.1.1220.exe
2014-06-30 09:11 - 2014-06-30 09:22 - 00000552 _____ () C:\Windows\SysWOW64\PARTIZAN.TXT
2014-06-30 09:10 - 2014-06-30 09:10 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.new
2014-06-30 09:07 - 2014-06-30 09:10 - 00000142 _____ () C:\Windows\system32\Partizan.RRI
2014-06-30 09:07 - 2014-06-30 09:07 - 00040720 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2014-06-30 08:45 - 2014-06-30 09:30 - 00000000 ____D () C:\ProgramData\RegRun
2014-06-30 08:11 - 2014-06-30 08:11 - 00035816 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2014-06-30 08:10 - 2014-06-30 09:16 - 00000000 ____D () C:\Users\Public\Documents\regruninfo
2014-06-30 08:10 - 2014-06-30 09:16 - 00000000 ____D () C:\ProgramData\Documents\regruninfo
2014-06-30 08:10 - 2014-06-30 09:07 - 00000000 ____D () C:\Users\Galen\Documents\RegRun2
2014-06-30 08:10 - 2014-06-30 08:13 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-06-30 08:10 - 2014-06-30 08:10 - 00003324 _____ () C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2014-06-30 08:10 - 2014-06-30 08:10 - 00001011 _____ () C:\Users\Galen\Desktop\UnHackMe.lnk
2014-06-30 08:10 - 2014-06-30 08:10 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-06-30 08:10 - 2014-06-30 08:10 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT
2014-06-30 08:10 - 2014-06-30 08:10 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-06-30 08:10 - 2014-06-30 08:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2014-06-30 08:10 - 2014-03-28 13:01 - 00012800 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2014-06-30 08:07 - 2014-06-30 08:07 - 01138397 _____ () C:\Users\Galen\Downloads\7z922.exe
2014-06-30 08:07 - 2014-06-30 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-30 08:07 - 2014-06-30 08:07 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-06-30 08:05 - 2014-06-30 08:05 - 15295838 _____ () C:\Users\Galen\Downloads\unhackme.zip
2014-06-14 11:19 - 2014-06-14 11:21 - 29405096 _____ (Oracle Corporation) C:\Users\Galen\Downloads\jre-7u60-windows-i586.exe
2014-06-14 11:18 - 2014-06-14 11:20 - 30984104 _____ (Oracle Corporation) C:\Users\Galen\Downloads\jre-7u60-windows-x64 (1).exe
2014-06-14 11:11 - 2014-06-14 11:11 - 00000000 ____D () C:\Users\Galen\AppData\Roaming\Oracle
2014-06-14 11:09 - 2014-06-14 11:09 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-14 11:09 - 2014-06-14 11:09 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-14 11:09 - 2014-06-14 11:09 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-14 11:09 - 2014-06-14 11:09 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-14 11:04 - 2014-06-14 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-14 11:04 - 2014-06-14 11:03 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-14 11:04 - 2014-06-14 11:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-14 11:04 - 2014-06-14 11:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-14 11:04 - 2014-06-14 11:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-14 10:05 - 2014-06-14 10:08 - 30984104 _____ (Oracle Corporation) C:\Users\Galen\Downloads\jre-7u60-windows-x64.exe
2014-06-14 10:03 - 2014-06-14 10:04 - 00918952 _____ (Oracle Corporation) C:\Users\Galen\Downloads\chromeinstall-7u60.exe
2014-06-14 08:46 - 2014-06-14 09:39 - 00000000 ____D () C:\NPE
2014-06-14 07:08 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-06-14 07:08 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-06-12 03:42 - 2014-06-30 09:22 - 00012044 _____ () C:\Windows\PFRO.log
2014-06-12 03:42 - 2014-06-30 09:22 - 00001512 _____ () C:\Windows\setupact.log
2014-06-12 03:42 - 2014-06-12 03:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-12 03:37 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-06-12 03:37 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-12 03:37 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-12 03:37 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-06-12 03:37 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-06-12 03:37 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-06-12 03:37 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-06-12 03:37 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-06-12 03:37 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-06-12 03:37 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-06-12 03:37 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-06-12 03:37 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-06-12 03:37 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-06-12 03:37 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-06-12 03:37 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-06-12 03:37 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-06-12 03:33 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 03:33 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 03:33 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 03:33 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 03:33 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 03:33 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 03:33 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 03:33 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 03:33 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 03:33 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 03:33 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 03:33 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 03:33 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 03:33 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 03:33 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 03:33 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 03:33 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 03:33 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 03:33 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 03:33 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 03:33 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 03:33 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 03:33 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 03:33 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 03:33 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 03:33 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 03:33 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 03:33 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 03:33 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 03:33 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 03:33 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 03:33 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 03:33 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 03:33 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 03:33 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 03:33 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 03:33 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 03:33 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 03:33 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 03:33 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 03:33 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 03:33 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 03:33 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 03:33 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 03:33 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 03:33 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 03:33 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 03:33 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 03:33 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 03:33 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 03:33 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 03:32 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 03:28 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 03:28 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-12 03:28 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 03:28 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 03:28 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 03:28 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 03:28 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 03:28 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 03:28 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 03:28 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 03:28 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 03:28 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 03:28 - 2013-09-24 22:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-06-12 03:28 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-06-12 03:27 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 03:27 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 03:27 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 03:27 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 02:52 - 2014-06-12 02:53 - 02041880 _____ (Lavasoft) C:\Users\Galen\Downloads\setup (2).exe
2014-06-12 02:46 - 2014-06-12 02:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-12 02:44 - 2014-06-12 02:45 - 04748896 _____ (Piriform Ltd) C:\Users\Galen\Downloads\ccsetup414 (1).exe
2014-06-12 01:40 - 2014-06-23 09:46 - 00000000 ____D () C:\temp
2014-06-12 01:35 - 2014-06-23 09:48 - 00000000 ____D () C:\Program Files\003
2014-06-12 01:34 - 2014-06-30 09:11 - 00000000 ____D () C:\Program Files\pcmax
2014-06-12 01:34 - 2014-06-12 01:34 - 00003690 _____ () C:\Windows\System32\Tasks\pcreg
2014-06-12 01:29 - 2014-06-12 02:43 - 00000000 _____ () C:\END
2014-06-11 16:55 - 2014-06-11 16:55 - 04748896 _____ (Piriform Ltd) C:\Users\Galen\Downloads\ccsetup414.exe
2014-06-06 11:47 - 2014-06-06 11:47 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
 
==================== One Month Modified Files and Folders =======
 
2014-06-30 10:21 - 2014-06-30 10:21 - 00051282 _____ () C:\Users\Galen\Downloads\FRST.txt
2014-06-30 10:21 - 2014-06-30 10:20 - 00000000 ____D () C:\FRST
2014-06-30 10:20 - 2014-06-30 10:20 - 02083328 _____ (Farbar) C:\Users\Galen\Downloads\FRST64.exe
2014-06-30 10:12 - 2012-03-09 22:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-30 10:10 - 2014-06-30 10:10 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-06-30 10:10 - 2014-06-30 10:10 - 00001106 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Exploit.lnk
2014-06-30 10:10 - 2014-06-30 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-06-30 10:10 - 2014-06-30 10:10 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-06-30 10:10 - 2014-06-30 10:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-06-30 10:08 - 2014-06-30 10:08 - 02650408 _____ (Malwarebytes ) C:\Users\Galen\Downloads\mbae-setup-1.03.1.1220.exe
2014-06-30 10:00 - 2013-03-02 18:29 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-30 09:30 - 2014-06-30 08:45 - 00000000 ____D () C:\ProgramData\RegRun
2014-06-30 09:29 - 2009-07-14 00:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-30 09:29 - 2009-07-14 00:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-30 09:27 - 2012-09-04 19:23 - 01209865 _____ () C:\Windows\WindowsUpdate.log
2014-06-30 09:22 - 2014-06-30 09:11 - 00000552 _____ () C:\Windows\SysWOW64\PARTIZAN.TXT
2014-06-30 09:22 - 2014-06-12 03:42 - 00012044 _____ () C:\Windows\PFRO.log
2014-06-30 09:22 - 2014-06-12 03:42 - 00001512 _____ () C:\Windows\setupact.log
2014-06-30 09:22 - 2013-03-28 12:58 - 00000000 ____D () C:\ProgramData\VMware
2014-06-30 09:22 - 2013-03-02 18:29 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-30 09:22 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-30 09:16 - 2014-06-30 08:10 - 00000000 ____D () C:\Users\Public\Documents\regruninfo
2014-06-30 09:16 - 2014-06-30 08:10 - 00000000 ____D () C:\ProgramData\Documents\regruninfo
2014-06-30 09:11 - 2014-06-12 01:34 - 00000000 ____D () C:\Program Files\pcmax
2014-06-30 09:10 - 2014-06-30 09:10 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.new
2014-06-30 09:10 - 2014-06-30 09:07 - 00000142 _____ () C:\Windows\system32\Partizan.RRI
2014-06-30 09:07 - 2014-06-30 09:07 - 00040720 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2014-06-30 09:07 - 2014-06-30 08:10 - 00000000 ____D () C:\Users\Galen\Documents\RegRun2
2014-06-30 08:46 - 2014-03-26 09:27 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGalen
2014-06-30 08:46 - 2014-03-26 09:27 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForGalen.job
2014-06-30 08:13 - 2014-06-30 08:10 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-06-30 08:11 - 2014-06-30 08:11 - 00035816 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2014-06-30 08:10 - 2014-06-30 08:10 - 00003324 _____ () C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2014-06-30 08:10 - 2014-06-30 08:10 - 00001011 _____ () C:\Users\Galen\Desktop\UnHackMe.lnk
2014-06-30 08:10 - 2014-06-30 08:10 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-06-30 08:10 - 2014-06-30 08:10 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT
2014-06-30 08:10 - 2014-06-30 08:10 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-06-30 08:10 - 2014-06-30 08:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2014-06-30 08:07 - 2014-06-30 08:07 - 01138397 _____ () C:\Users\Galen\Downloads\7z922.exe
2014-06-30 08:07 - 2014-06-30 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-30 08:07 - 2014-06-30 08:07 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-06-30 08:05 - 2014-06-30 08:05 - 15295838 _____ () C:\Users\Galen\Downloads\unhackme.zip
2014-06-30 07:29 - 2012-09-04 19:28 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7288152E-4F9D-4155-8FC9-4876D24682B5}
2014-06-30 07:20 - 2012-09-05 23:47 - 00000000 ____D () C:\Users\Galen\AppData\Local\Adobe
2014-06-25 11:27 - 2012-10-30 11:29 - 00000000 ____D () C:\Program Files (x86)\HP SimplePass
2014-06-25 08:46 - 2012-12-11 08:44 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-25 08:46 - 2012-09-05 11:02 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-06-25 07:36 - 2014-03-03 15:47 - 00000000 ____D () C:\Users\Galen\Desktop\Work SOP'S & Orders
2014-06-23 09:48 - 2014-06-12 01:35 - 00000000 ____D () C:\Program Files\003
2014-06-23 09:46 - 2014-06-12 01:40 - 00000000 ____D () C:\temp
2014-06-22 18:18 - 2012-12-19 18:26 - 00000000 ____D () C:\Users\Galen\Desktop\Union
2014-06-22 16:12 - 2014-01-10 16:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-22 08:02 - 2013-12-10 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-21 07:55 - 2013-03-02 18:29 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 07:55 - 2013-03-02 18:29 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-16 09:15 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-14 11:21 - 2014-06-14 11:19 - 29405096 _____ (Oracle Corporation) C:\Users\Galen\Downloads\jre-7u60-windows-i586.exe
2014-06-14 11:20 - 2014-06-14 11:18 - 30984104 _____ (Oracle Corporation) C:\Users\Galen\Downloads\jre-7u60-windows-x64 (1).exe
2014-06-14 11:11 - 2014-06-14 11:11 - 00000000 ____D () C:\Users\Galen\AppData\Roaming\Oracle
2014-06-14 11:09 - 2014-06-14 11:09 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-14 11:09 - 2014-06-14 11:09 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-14 11:09 - 2014-06-14 11:09 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-14 11:09 - 2014-06-14 11:09 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-14 11:08 - 2013-10-20 15:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-14 11:04 - 2014-06-14 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-14 11:03 - 2014-06-14 11:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-14 11:03 - 2014-06-14 11:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-14 11:03 - 2014-06-14 11:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-14 11:03 - 2014-06-14 11:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-14 11:03 - 2012-10-30 10:17 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-14 10:08 - 2014-06-14 10:05 - 30984104 _____ (Oracle Corporation) C:\Users\Galen\Downloads\jre-7u60-windows-x64.exe
2014-06-14 10:04 - 2014-06-14 10:03 - 00918952 _____ (Oracle Corporation) C:\Users\Galen\Downloads\chromeinstall-7u60.exe
2014-06-14 09:45 - 2013-12-16 22:50 - 00000000 ____D () C:\Users\Galen\AppData\Local\NPE
2014-06-14 09:39 - 2014-06-14 08:46 - 00000000 ____D () C:\NPE
2014-06-12 03:42 - 2014-06-12 03:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-12 03:40 - 2013-08-11 11:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 03:38 - 2012-09-04 19:42 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 03:35 - 2012-09-05 11:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 03:34 - 2014-05-02 08:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 02:53 - 2014-06-12 02:52 - 02041880 _____ (Lavasoft) C:\Users\Galen\Downloads\setup (2).exe
2014-06-12 02:47 - 2012-10-12 14:29 - 00000000 ____D () C:\Users\Galen\AppData\Local\CrashDumps
2014-06-12 02:46 - 2014-06-12 02:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-12 02:45 - 2014-06-12 02:44 - 04748896 _____ (Piriform Ltd) C:\Users\Galen\Downloads\ccsetup414 (1).exe
2014-06-12 02:45 - 2013-07-08 07:03 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-12 02:43 - 2014-06-12 01:29 - 00000000 _____ () C:\END
2014-06-12 01:34 - 2014-06-12 01:34 - 00003690 _____ () C:\Windows\System32\Tasks\pcreg
2014-06-11 16:55 - 2014-06-11 16:55 - 04748896 _____ (Piriform Ltd) C:\Users\Galen\Downloads\ccsetup414.exe
2014-06-08 05:13 - 2014-06-12 03:27 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-12 03:27 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 12:22 - 2013-10-28 07:33 - 00000000 ____D () C:\Users\Galen\Desktop\Work
2014-06-06 11:47 - 2014-06-06 11:47 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-06-06 11:46 - 2013-12-16 22:37 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-06-06 11:46 - 2013-12-16 22:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2014-06-06 11:46 - 2013-12-16 22:36 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {current}
resumeobject            {158181c0-9a00-11db-8a1d-b11d19fd3102}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
customactions           0x1000085000001
                        0x5400000f
custom:5400000f         {d49ace14-f219-11e1-a8c2-e7d8a76da7ba}
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {d49ace14-f219-11e1-a8c2-e7d8a76da7ba}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {158181c0-9a00-11db-8a1d-b11d19fd3102}
nx                      OptIn
bootlog                 No
 
Windows Boot Loader
-------------------
identifier              {572bcd60-ffa7-11d9-aae0-0007e994107d}
device                  ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             Microsoft Windows PE 2.0 
osdevice                ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
detecthal               Yes
winpe                   Yes
ems                     Yes
 
Windows Boot Loader
-------------------
identifier              {d49ace14-f219-11e1-a8c2-e7d8a76da7ba}
device                  ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{d49ace15-f219-11e1-a8c2-e7d8a76da7ba}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{d49ace15-f219-11e1-a8c2-e7d8a76da7ba}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {158181c0-9a00-11db-8a1d-b11d19fd3102}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             Ramdisk Options
ramdisksdidevice        boot
ramdisksdipath          \boot\boot.sdi
 
Device options
--------------
identifier              {d49ace15-f219-11e1-a8c2-e7d8a76da7ba}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
 
LastRegBack: 2014-06-20 08:44
 
==================== End Of Log ============================
 
 
All log files attached as post was too long with addition log
 
Thanks for the help
 
 

 

FRST.txt

Addition.txt

Shortcut.txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum.

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Please run a Quick Scan with Malwarebytes

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites
galen222

galen222

Posted
  • Author
Posted

Malwarebytes Log

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/30/2014
Scan Time: 3:13:06 PM
Logfile: malware.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.30.09
Rootkit Database: v2014.06.30.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Galen
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 303007
Time Elapsed: 20 min, 59 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\LevelQualityWatcher, Quarantined, [6b37285622595ed8811308a64db5867a], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\suprasavings, Quarantined, [267c83fb5c1fc86ec4ddc103d13149b7], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 1
Hijack.HomePage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\SHELL\OPENHOMEPAGE\COMMAND, http://securityresponse.symantec.com/avcenter/fix_homepage/, Good: (iexplore.exe), Bad: (http://securityresponse.symantec.com/avcenter/fix_homepage/),Delete-on-Reboot,[6f33afcfcfac3bfb64a220689b69cc34]
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites
galen222

galen222

Posted
  • Author
Posted

RogueKiller Log

 

RogueKiller V9.1.0.0 (x64) [Jun 23 2014] by Adlice Software

 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Galen [Admin rights]
Mode : Scan -- Date : 06/30/2014  16:42:23
 
¤¤¤ Bad processes : 1 ¤¤¤
[Hidden]  -- [x] -> KILLED [TermThr]
 
¤¤¤ Registry Entries : 11 ¤¤¤
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\getbus -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\getbus -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\getbus -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3717007182-3465714349-4040858219-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3717007182-3465714349-4040858219-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3717007182-3465714349-4040858219-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3717007182-3465714349-4040858219-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 1 ¤¤¤
[suspicious.Path] \\{8019D4CC-64C1-4E7D-9774-00F130ABB863} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Galen\Desktop\Work Viper Project\CCS Backup\VMware-player-3.0.1-227600.exe" -d "C:\Users\Galen\Desktop\Work Viper Project\CCS Backup") -> FOUND
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST750LM0 22 HN-M750MBB SATA Disk Device +++++
--- User ---
[MBR] 7f9f4db18a74cb01f2e6a78b79ac4f93
[bSP] 64b910be8d7ee242f93cd740d0858b6a : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 695349 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1424484352 | Size: 19752 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 MB
User = LL1 ... OK
User = LL2 ... OK
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Make sure you have created a restore point and.....

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ---------------------------------

    Download the attached fixlist.txt to the same folder as FRST.exe.

    Run FRST.exe and click Fix only once and wait

    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    -------------------------------------

    Please read the directions carefully so you don't end up deleting something that is good!!

    If in doubt about an entry....please ask or choose Skip!!!!

    Don't Delete anything unless instructed to!

    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

    Skip and click on Continue

    If a suspicious object is detected, the default action will be Skip, click on Continue

    Please note that TDSSKiller can be run in safe mode if needed.

    Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

      tds2.jpg

    • Put a checkmark beside loaded modules.

      13040712472913819.png

    • A reboot will be needed to apply the changes. Do it.
    • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
    • Then click on Change parameters in TDSSKiller.
    • Check all boxes then click OK.

      clip.jpg

    • Click the Start Scan button.

      19695967.jpg

    • The scan should take no longer than 2 minutes.
    • If a suspicious object is detected, the default action will be Skip, click on Continue.

      67776163.jpg

      Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

      If in doubt about an entry....please ask or choose Skip

    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

      Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

      62117367.jpg

      Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
    • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    Here's a summary of what to do if you would like to print it out:

    If in doubt about an entry....please ask or choose Skip

    Don't Delete anything unless instructed to!

    If a suspicious object is detected, the default action will be Skip, click on Continue

    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

    Skip and click on Continue

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    ~~~~~~~~~~~~~~~~~~~~

    You can attach the logs if they're too long:

    Bottom right corner of this page.

    reply1.jpg

    New window that comes up.

    replyer1.jpg

    Then...........

    Please download and run ComboFix.

    The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

    Please visit this webpage for download links, and instructions for running ComboFix

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

    Please make sure you click download buttons that look similar to this, not "sponsored ad links":

    bleep-crop.jpg

    Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Information on disabling your malware programs can be found Here.

    Make sure you run ComboFix from your desktop.

    Give it at least 30-45 minutes to finish if needed.

    Please include the C:\ComboFix.txt in your next reply for further review.

    ---------->NOTE<----------

    If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

    MrC

Link to post
Share on other sites
galen222

galen222

Posted
  • Author
Posted

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-06-2014 02
Ran by Galen at 2014-06-30 17:56:05 Run:1
Running from C:\Users\Galen\Desktop\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Task: {BDAFBA66-B712-437D-BB5D-F05B39EBA283} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe [2014-05-29] 
C:\Program Files\pcmax
*****************
 
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BDAFBA66-B712-437D-BB5D-F05B39EBA283}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDAFBA66-B712-437D-BB5D-F05B39EBA283}' => Key deleted successfully.
C:\Windows\System32\Tasks\pcreg => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg' => Key deleted successfully.
C:\Program Files\pcmax => Moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites
galen222

galen222

Posted
  • Author
Posted

TDSKiller Log #1 - There were 2 logs created for some reason & nothing found to Cure or Skip

 

17:59:54.0901 0x1bbc  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
18:00:01.0497 0x1bbc  ============================================================
18:00:01.0497 0x1bbc  Current date / time: 2014/06/30 18:00:01.0497
18:00:01.0497 0x1bbc  SystemInfo:
18:00:01.0497 0x1bbc  
18:00:01.0497 0x1bbc  OS Version: 6.1.7601 ServicePack: 1.0
18:00:01.0497 0x1bbc  Product type: Workstation
18:00:01.0498 0x1bbc  ComputerName: GALEN-HP
18:00:01.0498 0x1bbc  UserName: Galen
18:00:01.0498 0x1bbc  Windows directory: C:\Windows
18:00:01.0498 0x1bbc  System windows directory: C:\Windows
18:00:01.0498 0x1bbc  Running under WOW64
18:00:01.0498 0x1bbc  Processor architecture: Intel x64
18:00:01.0498 0x1bbc  Number of processors: 4
18:00:01.0498 0x1bbc  Page size: 0x1000
18:00:01.0498 0x1bbc  Boot type: Normal boot
18:00:01.0498 0x1bbc  ============================================================
18:00:02.0097 0x1bbc  KLMD registered as C:\Windows\system32\drivers\68036731.sys
18:00:02.0903 0x1bbc  System UUID: {45DDC482-34FA-6E4E-04D8-B6400AC1AB0C}
18:00:04.0417 0x1bbc  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:00:04.0426 0x1bbc  ============================================================
18:00:04.0426 0x1bbc  \Device\Harddisk0\DR0:
18:00:04.0426 0x1bbc  MBR partitions:
18:00:04.0426 0x1bbc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:00:04.0426 0x1bbc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x54E1A800
18:00:04.0426 0x1bbc  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x54E7E800, BlocksNum 0x2694000
18:00:04.0426 0x1bbc  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x33000
18:00:04.0426 0x1bbc  ============================================================
18:00:04.0458 0x1bbc  C: <-> \Device\Harddisk0\DR0\Partition2
18:00:04.0520 0x1bbc  D: <-> \Device\Harddisk0\DR0\Partition3
18:00:04.0536 0x1bbc  F: <-> \Device\Harddisk0\DR0\Partition4
18:00:04.0536 0x1bbc  ============================================================
18:00:04.0536 0x1bbc  Initialize success
18:00:04.0536 0x1bbc  ============================================================
18:03:13.0754 0x1880  KLMD registered as C:\Windows\system32\drivers\07706334.sys
18:03:14.0450 0x1880  Deinitialize success
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

OK.....Next:

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next..................

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next.........

If you're using Malwarebytes 2.0, please run a Threat Scan
Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
Same for PUM (Potentially Unwanted Modifications)
Quarantine All that's found

MrC

Link to post
Share on other sites
galen222

galen222

Posted
  • Author
Posted
# AdwCleaner v3.214 - Report created 01/07/2014 at 12:51:11

# Updated 29/06/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Galen - GALEN-HP

# Running from : C:\Users\Galen\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Program Files\003

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17126

 

 

-\\ Google Chrome v35.0.1916.153

 

[ File : C:\Users\Galen\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl

Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

 

*************************

 

AdwCleaner[R0].txt - [1353 octets] - [25/01/2014 15:50:07]

AdwCleaner[R1].txt - [889 octets] - [25/01/2014 16:45:05]

AdwCleaner[R2].txt - [1172 octets] - [01/07/2014 12:48:31]

AdwCleaner[s0].txt - [1336 octets] - [25/01/2014 15:51:32]

AdwCleaner[s1].txt - [1102 octets] - [01/07/2014 12:51:11]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1162 octets] ##########
Link to post
Share on other sites
galen222

galen222

Posted
  • Author
Posted
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by Galen on Tue 07/01/2014 at 13:00:42.43

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Empty Folder] C:\Users\Galen\appdata\local\{A0ADB0F9-7DF5-4560-B0FE-7EA089D1F039}

Successfully deleted: [Empty Folder] C:\Users\Galen\appdata\local\{A13D5A00-BE12-4E3D-B8C6-BC5C653AA113}

Successfully deleted: [Empty Folder] C:\Users\Galen\appdata\local\{DC52439B-5857-48A4-91BA-64FDE5D5D451}

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 07/01/2014 at 13:13:30.17

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites
galen222

galen222

Posted
  • Author
Posted
Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 7/1/2014

Scan Time: 1:19:33 PM

Logfile: Malware2.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.07.01.06

Rootkit Database: v2014.07.01.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Galen

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 303283

Time Elapsed: 21 min, 0 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.