guanine Posted August 6, 2014 ID:863189 Share Posted August 6, 2014 Lately I've been getting intrusion attempt alerts from Norton (3 in the past 2 weeks). Previously I never had any but these are strange, the acting path looks suspicious, I believe I may have an infection. Details are as follows: Category: Intrusion PreventionDate & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description8/6/2014 1:08:34 AM,High,An intrusion attempt by 50.7.111.2 was blocked.,Blocked,No Action Required,Web Attack: Malicious File Download 12,No Action Required,No Action Required,"50.7.111.2, 80","www.downgbb.com/US/Installer.php?dv1=10845073&dv2=&dv3=&dv4=&sec_id=qWJ8vBQjIEzEzrekY9hpCTekD38jfEJQvk8rNasah0H8vk8dNBwe7rCQvnsRPBYKPBV4h0z0qWsRhnhazoRavWMRNbëë&marketing_fid=MTQwNzMxMjQ2Ny04MjFjM2E0OTVhZDY5MmJiODBkNmMwNWNmYjBiZDIwOA==","CEE-PC (10.0.0.2, 50137)",50.7.111.2,"TCP, www-http"Network traffic from <b>www.downgbb.com/US/Installer.php?dv1=10845073&dv2=&dv3=&dv4=&sec_id=qWJ8vBQjIEzEzrekY9hpCTekD38jfEJQvk8rNasah0H8vk8dNBwe7rCQvnsRPBYKPBV4h0z0qWsRhnhazoRavWMRNbëë&marketing_fid=MTQwNzMxMjQ2Ny04MjFjM2E0OTVhZDY5MmJiODBkNmMwNWNmYjBiZDIwOA==</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSWOW64\SVCHOST.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>. Link to post Share on other sites More sharing options...
guanine Posted August 6, 2014 Author ID:863193 Share Posted August 6, 2014 EDIT: Malwarebytes and TSSDKILLER came up clean, as well as msert. Link to post Share on other sites More sharing options...
guanine Posted August 6, 2014 Author ID:863232 Share Posted August 6, 2014 EDIT 3: I'm guessing these are drive by downloads (from what i've read in my textbook) and that theres nothing I can really do about these intrusion ATTEMPTS? Can anyone give me some feedback on this. Link to post Share on other sites More sharing options...
guanine Posted August 8, 2014 Author ID:863907 Share Posted August 8, 2014 DO I NEED TO POST LOGS BEFORE I GET HELPED? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 8, 2014 Root Admin ID:863981 Share Posted August 8, 2014 Please read the following I'm infected - What do I do now? Link to post Share on other sites More sharing options...
guanine Posted August 8, 2014 Author ID:864013 Share Posted August 8, 2014 ISSUE IS WORSE :C MULTIPLE ATTEMPTS A DAY!!!! I hope I can get this fixed before I leave back to my country for uni! (( Here are the attached logs! (post too long)FRST.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 8, 2014 Root Admin ID:864034 Share Posted August 8, 2014 Please visit this webpage and read the ComboFix User's Guide:Once you've read the article and are ready to use the program you can download it directly from the link below. Important! - Please make sure you save combofix to your desktop and do not run it from your browser Direct download link for: ComboFix.exe Please make sure you disable your security applications before running ComboFix. Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load. Please attach that log file to your next reply. If needed the file can be located here: C:\combofix.txt NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer. Link to post Share on other sites More sharing options...
guanine Posted August 8, 2014 Author ID:864135 Share Posted August 8, 2014 ComboFix 14-08-06.02 - Cee 08/08/2014 7:49.1.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12248.10411 [GMT -7:00]Running from: c:\users\Cee\Desktop\ComboFix.exeAV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\msvcr71.dll..((((((((((((((((((((((((( Files Created from 2014-07-08 to 2014-08-08 )))))))))))))))))))))))))))))))..2014-08-08 14:54 . 2014-08-08 14:54 -------- d-----w- c:\users\Default\AppData\Local\temp2014-08-06 23:48 . 2014-08-08 09:12 -------- d-----w- C:\FRST2014-08-06 21:04 . 2014-08-06 21:05 -------- d-----w- C:\NPE2014-08-06 16:56 . 2014-08-06 20:26 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit2014-08-06 00:51 . 2014-08-06 00:51 -------- d-----w- c:\programdata\ASUS2014-08-04 23:10 . 2014-08-04 23:11 -------- d-----w- c:\programdata\Package Cache2014-08-03 14:46 . 2014-08-03 14:46 -------- d-----w- c:\program files (x86)\4KDownload2014-08-02 22:54 . 2014-08-02 22:54 -------- d-----w- c:\windows\Sun2014-08-01 01:06 . 2014-08-01 01:06 -------- d-----w- c:\programdata\Aeria Games2014-08-01 00:20 . 2014-08-01 00:57 -------- d-----w- C:\AeriaGames2014-07-31 20:45 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll2014-07-31 20:45 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe2014-07-31 20:45 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll2014-07-31 20:45 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll2014-07-31 20:45 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll2014-07-31 20:45 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll2014-07-31 20:45 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll2014-07-31 20:45 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll2014-07-31 20:45 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll2014-07-31 20:45 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll2014-07-31 20:44 . 2014-05-14 16:23 198600 ----a-w- c:\windows\system32\wuwebv.dll2014-07-31 20:44 . 2014-05-14 16:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll2014-07-31 20:44 . 2014-05-14 16:20 36864 ----a-w- c:\windows\system32\wuapp.exe2014-07-31 20:44 . 2014-05-14 16:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe2014-07-31 15:04 . 2014-07-31 15:04 -------- d-----w- c:\program files (x86)\AGEIA Technologies2014-07-31 15:04 . 2014-07-02 17:44 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe2014-07-31 14:34 . 2014-07-31 14:34 -------- d-----w- c:\programdata\RzMaelstromVAD_1.1.58.18542014-07-30 20:16 . 2014-08-05 04:30 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2014-07-30 20:16 . 2014-08-05 01:01 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02014-07-30 20:16 . 2014-07-31 18:49 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe2014-07-30 20:16 . 2011-12-19 22:16 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe2014-07-30 20:16 . 2014-07-30 20:16 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP2014-07-30 20:16 . 2014-07-30 20:16 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard2014-07-30 18:03 . 2014-07-31 18:33 -------- d-----w- C:\ArcTemp2014-07-30 03:52 . 2014-07-30 03:52 -------- d-----w- c:\windows\SysWow64\xlive2014-07-30 03:51 . 2014-07-30 03:52 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE2014-07-30 00:12 . 2014-07-30 00:12 -------- d-----w- C:\Python272014-07-29 22:58 . 2014-07-29 23:39 -------- d-----w- c:\program files (x86)\Notepad++2014-07-29 22:12 . 2014-08-05 04:30 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2014-07-29 21:38 . 2014-07-29 21:38 -------- d-----w- c:\program files (x86)\EA Games2014-07-29 19:23 . 2014-07-29 19:23 -------- d-----w- c:\programdata\SystemRequirementsLab2014-07-29 19:23 . 2014-07-29 19:23 -------- d-----w- c:\program files (x86)\SystemRequirementsLab2014-07-29 15:38 . 2014-07-29 15:38 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-07-29 15:38 . 2014-07-29 15:38 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-07-29 15:38 . 2014-07-29 15:38 -------- d-----w- c:\windows\system32\Macromed2014-07-29 12:12 . 2014-07-29 12:12 -------- d-----w- C:\N360_BACKUP2014-07-29 11:27 . 2014-06-19 00:14 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2014-07-29 04:05 . 2008-03-05 23:03 238088 ----a-w- c:\windows\SysWow64\xactengine3_0.dll2014-07-29 04:05 . 2008-03-05 23:03 177672 ----a-w- c:\windows\system32\xactengine3_0.dll2014-07-29 04:05 . 2008-03-05 23:00 28168 ----a-w- c:\windows\system32\X3DAudio1_3.dll2014-07-29 04:05 . 2008-03-05 23:00 25608 ----a-w- c:\windows\SysWow64\X3DAudio1_3.dll2014-07-29 04:05 . 2008-03-05 22:56 4910088 ----a-w- c:\windows\system32\D3DX9_37.dll2014-07-29 04:05 . 2008-03-05 22:56 3786760 ----a-w- c:\windows\SysWow64\D3DX9_37.dll2014-07-29 04:05 . 2008-03-05 22:56 1860120 ----a-w- c:\windows\system32\D3DCompiler_37.dll2014-07-29 04:05 . 2008-03-05 22:56 1420824 ----a-w- c:\windows\SysWow64\D3DCompiler_37.dll2014-07-29 04:05 . 2008-02-06 06:07 462864 ----a-w- c:\windows\SysWow64\d3dx10_37.dll2014-07-29 04:05 . 2008-02-06 06:07 529424 ----a-w- c:\windows\system32\d3dx10_37.dll2014-07-29 01:44 . 2014-07-29 01:44 -------- d-----w- c:\programdata\regid.1986-12.com.adobe2014-07-29 01:41 . 2014-08-06 18:53 -------- d-----w- c:\program files\Adobe2014-07-29 00:35 . 2014-07-29 00:35 -------- d-----w- C:\.jagex_cache_322014-07-28 21:58 . 2014-07-28 21:58 -------- d-----w- C:\Fraps2014-07-28 19:22 . 2014-08-01 21:50 -------- d-----w- c:\program files (x86)\puush2014-07-28 19:07 . 2014-07-28 19:07 -------- d-----w- c:\programdata\Oracle2014-07-28 19:07 . 2014-07-28 19:07 -------- d-----w- c:\program files (x86)\Common Files\Java2014-07-28 19:06 . 2014-07-28 19:06 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2014-07-28 19:06 . 2014-07-28 19:06 -------- d-----w- c:\program files (x86)\Java2014-07-28 19:03 . 2014-07-28 19:03 -------- d-----w- c:\programdata\Riot Games2014-07-28 19:02 . 2008-07-31 17:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll2014-07-28 19:02 . 2008-07-31 17:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll2014-07-28 19:02 . 2008-07-12 15:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll2014-07-28 19:02 . 2008-07-12 15:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll2014-07-28 19:02 . 2008-07-12 15:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll2014-07-28 19:01 . 2014-08-01 01:49 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin2014-07-28 19:01 . 2014-07-28 19:01 -------- d-----w- C:\Riot Games2014-07-28 18:59 . 2014-07-28 18:59 -------- d-----w- c:\program files (x86)\Pando Networks2014-07-28 17:36 . 2014-07-28 17:36 -------- d-----w- c:\windows\SysWow64\Wat2014-07-28 17:36 . 2014-07-28 17:36 -------- d-----w- c:\windows\system32\Wat2014-07-28 17:29 . 2013-10-15 01:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE2014-07-28 17:24 . 2014-07-28 17:24 327168 ----a-w- c:\windows\system32\mswsock.dll2014-07-28 17:24 . 2014-07-28 17:24 231424 ----a-w- c:\windows\SysWow64\mswsock.dll2014-07-28 17:24 . 2014-07-28 17:24 1887232 ----a-w- c:\windows\system32\d3d11.dll2014-07-28 17:24 . 2014-07-28 17:24 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll2014-07-28 17:15 . 2014-07-28 17:16 -------- d-----w- c:\windows\system32\MRT2014-07-28 17:11 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll2014-07-28 17:11 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll2014-07-28 17:11 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll2014-07-28 17:11 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll2014-07-28 17:10 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys2014-07-28 17:10 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS2014-07-28 16:54 . 2014-07-28 16:54 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS2014-07-28 16:54 . 2014-07-28 16:54 -------- d-----w- c:\program files\Common Files\Symantec Shared2014-07-28 16:53 . 2014-07-29 02:43 -------- d-----w- c:\windows\system32\drivers\N360x642014-07-28 16:53 . 2014-07-28 16:53 -------- d-----w- c:\program files (x86)\Norton Security Suite2014-07-28 16:51 . 2014-07-28 16:51 -------- d-----w- c:\program files (x86)\NortonInstaller2014-07-28 16:37 . 2014-07-14 11:12 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E24F2B65-2078-4E46-B0E1-5B210B4090BC}\mpengine.dll2014-07-28 16:37 . 2014-03-31 16:35 270496 ------w- c:\windows\system32\MpSigStub.exe2014-07-28 16:12 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe2014-07-28 16:12 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll2014-07-28 16:12 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll2014-07-28 16:12 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll2014-07-28 16:12 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll2014-07-28 16:12 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys2014-07-28 16:12 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys2014-07-28 16:05 . 2014-07-28 16:05 -------- d-----w- c:\program files\Microsoft Silverlight2014-07-28 16:05 . 2014-07-28 16:05 -------- d-----w- c:\program files (x86)\Microsoft Silverlight2014-07-28 16:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys2014-07-28 16:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll2014-07-28 16:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll2014-07-28 10:26 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll2014-07-28 10:25 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll2014-07-28 10:24 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll2014-07-28 10:23 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll2014-07-28 10:22 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll2014-07-28 10:21 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys2014-07-28 10:20 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll2014-07-28 10:19 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll2014-07-28 08:24 . 2014-07-28 08:25 -------- d-----w- c:\programdata\IObit2014-07-28 08:24 . 2014-08-05 00:55 -------- d-----w- c:\programdata\ProductData2014-07-28 08:24 . 2014-07-28 13:11 -------- d-----w- c:\program files (x86)\IObit2014-07-28 06:00 . 2014-07-28 07:47 -------- d-----w- c:\program files (x86)\Deluge2014-07-28 05:53 . 2014-07-28 05:53 -------- d-----w- c:\program files\CPUID2014-07-28 04:47 . 2014-08-07 15:28 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-07-28 04:46 . 2014-08-07 04:44 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-07-28 04:46 . 2014-05-12 14:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-07-28 04:46 . 2014-05-12 14:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys..(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-07-27 22:56 . 2010-06-24 18:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2014-07-02 20:48 . 2013-12-10 15:13 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll2014-07-02 20:48 . 2013-12-10 15:13 17555104 ----a-w- c:\windows\system32\nvd3dumx.dll2014-07-02 20:48 . 2013-12-10 15:13 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll2014-07-02 20:48 . 2013-12-10 15:12 3196816 ----a-w- c:\windows\system32\nvapi64.dll2014-07-02 20:48 . 2013-12-10 15:12 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll2014-06-30 23:03 . 2014-06-30 23:03 2454016 ----a-w- c:\windows\SysWow64\python27.dll2014-06-09 09:49 . 2014-06-09 09:49 69632 ----a-w- c:\windows\system32\DriverInstallCA.dll2014-06-09 09:49 . 2014-06-09 09:49 32768 ----a-w- c:\windows\system32\drivers\RzMaelstromVAD.sys2014-06-09 09:49 . 2014-06-09 09:49 245760 ----a-w- c:\windows\system32\DriverInstallCACMD.exe2014-05-16 03:38 . 2014-05-16 03:38 89088 ----a-w- c:\windows\SysWow64\rzdevinfo.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2014-07-28 01:03 223432 ----a-w- c:\users\Cee\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2014-07-28 01:03 223432 ----a-w- c:\users\Cee\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2014-07-28 01:03 223432 ----a-w- c:\users\Cee\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-02 21648480]"Akamai NetSession Interface"="c:\users\Cee\AppData\Local\Akamai\netsession_win.exe" [2014-04-18 4672920].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-11 2018032]"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 291608]"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-07 102568]"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2014-07-27 3058304]"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-02-16 322176]"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]"RazerGameBooster"="c:\program files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe" [2014-02-26 61152].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\96369110.sys]@="Driver".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]R3 sclbl;sclbl;c:\aeriagames\ScarletBlade\avital\scarbt64.sys;c:\aeriagames\ScarletBlade\avital\scarbt64.sys [x]R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1503000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\SYMDS64.SYS [x]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1503000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\SYMEFA64.SYS [x]S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [x]S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\ccSetx64.sys [x]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140806.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140806.001\IDSvia64.sys [x]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\Ironx64.SYS [x]S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1503000.00C\SYMNETS.SYS [x]S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]S2 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [x]S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]S2 FanChkService;Fan Filter Checker Service;c:\program files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe;c:\program files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [x]S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]..--- Other Services/Drivers In Memory ---.*Deregistered* - cpuz137.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-07-28 04:09 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-29 15:38].2014-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-28 04:06].2014-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-28 04:06].2014-08-07 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41].2014-08-08 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2014-07-28 01:03 262344 ----a-w- c:\users\Cee\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2014-07-28 01:03 262344 ----a-w- c:\users\Cee\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2014-07-28 01:03 262344 ----a-w- c:\users\Cee\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-12-29 1014432]"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-12-29 800416]"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-05-26 361984]"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://asus.msn.commLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <local>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105Trusted Zone: aeriagames.comTCP: DhcpNameServer = 75.75.75.75 75.75.76.76FF - ProfilePath - c:\users\Cee\AppData\Roaming\Mozilla\Firefox\Profiles\5e5mzx4c.default\FF - prefs.js: browser.startup.homepage - www.reddit.com.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKLM-Run-Malwarebytes Anti-Exploit - c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeAddRemove-Best Buy pc app - c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\Best Buy pc app Setup.exeAddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exeAddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\Best Buy pc app Setup.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\diMaster.dll\" /prefetch:1""ImagePath"="\SystemRoot\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS""TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12;c:\program files (x86)\Norton Security Suite\Engine64\21.3.0.12".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]@Denied: (A 2) (Everyone)@="IFlashBroker3".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-08-08 07:55:52ComboFix-quarantined-files.txt 2014-08-08 14:55.Pre-Run: 312,060,755,968 bytes freePost-Run: 311,970,844,672 bytes free.- - End Of File - - DD75DB27AFC5EC8090EAE410EBF916B3 Link to post Share on other sites More sharing options...
guanine Posted August 8, 2014 Author ID:864139 Share Posted August 8, 2014 I just realized your instruction said attach and not post the log, sorry for mistake! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 9, 2014 Root Admin ID:864389 Share Posted August 9, 2014 It's okay. Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following. Please download JavaRa-1.16 and save it to your computer.Double click to open the zip file and then select all and choose Copy.Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.Quit all browsers and other running applications.Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.From the drop-down menu, choose English and click on Select.JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.A logfile will pop up. Please save it to a convenient location and post it in your next reply.Next: Please Run TFC by OldTimer to clear temporary files:Download TFC from here and save it to your desktop.http://oldtimer.geekstogo.com/TFC.exeClose any open programs and Internet browsers.Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.Please be patient as clearing out temp files may take a while.Once it completes you may be prompted to restart your computer, please do so.Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files. Next:Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... linkOpen up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats foundOnce completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply. Link to post Share on other sites More sharing options...
guanine Posted August 9, 2014 Author ID:864501 Share Posted August 9, 2014 JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sat Aug 09 07:24:57 2014 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-applet Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-jnlp-file Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0 Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting. Link to post Share on other sites More sharing options...
guanine Posted August 9, 2014 Author ID:864508 Share Posted August 9, 2014 Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 8/9/2014Scan Time: 7:31:20 AMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.08.09.03Rootkit Database: v2014.08.04.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Cee Scan Type: Threat ScanResult: CompletedObjects Scanned: 302049Time Elapsed: 9 min, 48 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
guanine Posted August 11, 2014 Author ID:865172 Share Posted August 11, 2014 There were no intrusion attempts for about 1 day then I checked Norton and saw there were two attempts this morning at 3:50:52 AM and 3:50:54 AM. Issue has not been fixed. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 12, 2014 Root Admin ID:865484 Share Posted August 12, 2014 Please post the logs or screen shots of what you're seeing. Please also post the protection logs from MBAM for the past couple of days. Please download Security Check by screen317 from HERE or HERE.Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. If you get Unsupported operating system. Aborting now, just reboot and try again. A Notepad document should open automatically called checkup.txt. Please Post the contents of that document. Do Not Attach It!!! Link to post Share on other sites More sharing options...
guanine Posted August 12, 2014 Author ID:865497 Share Posted August 12, 2014 First they are shown in red with warning "High" like this. (There are MANY more sometimes in quick succession according to the times listed if I scroll down, these are just the recent ones)http://imgur.com/Zdfqbnn Then when I go into one it looks like this. (path says harddiskvolume2 and ends in svchost.exe.)http://imgur.com/fc8Mik8 Thank you for your help. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 12, 2014 Root Admin ID:865507 Share Posted August 12, 2014 These are incoming IP blocks. Not much one can do about it to prevent it. Norton and MBAM are doing their job blocking them which is what they're designed to do. You could silence the alert that's up to you. Myself I like to see them even though there isn't much one can do to completely stop the. They come from a remote computer and often can be due to a site or ad on a site that you visit. Please post the security log Link to post Share on other sites More sharing options...
guanine Posted August 12, 2014 Author ID:865586 Share Posted August 12, 2014 I thought these would be a drive download attempts or something like them but other Norton users that have drive by download attempts their alerts end with the browser name or say "\Internet" at the end. How come not mine? Here are the logs btw. Results of screen317's Security Check version 0.99.86 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Security Suite WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 14.0.0.145 Adobe Reader XI Mozilla Firefox (31.0) Google Chrome 36.0.1985.125 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4% ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 13, 2014 Root Admin ID:865927 Share Posted August 13, 2014 As I said this is not on your computer. It is simply a remote computer contacting your computer out of the blue. Adding the IP block to your firewall and letting MBAM do it's blocking is about all you can do. There is no infection. Link to post Share on other sites More sharing options...
guanine Posted August 13, 2014 Author ID:865974 Share Posted August 13, 2014 Ok, that is relief. Is there anything else to do? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 22, 2014 Root Admin ID:869820 Share Posted August 22, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts