Jump to content
guanine

Getting Norton Intrusion Attempt alert at least once a week

Recommended Posts

Lately I've been getting intrusion attempt alerts from Norton (3 in the past 2 weeks). Previously I never had any but these are strange, the acting path looks suspicious, I believe I may have an infection. Details are as follows:

 

Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
8/6/2014 1:08:34 AM,High,An intrusion attempt by 50.7.111.2 was blocked.,Blocked,No Action Required,Web Attack: Malicious File Download 12,No Action Required,No Action Required,"50.7.111.2, 80","www.downgbb.com/US/Installer.php?dv1=10845073&dv2=&dv3=&dv4=&sec_id=qWJ8vBQjIEzEzrekY9hpCTekD38jfEJQvk8rNasah0H8vk8dNBwe7rCQvnsRPBYKPBV4h0z0qWsRhnhazoRavWMRNbëë&marketing_fid=MTQwNzMxMjQ2Ny04MjFjM2E0OTVhZDY5MmJiODBkNmMwNWNmYjBiZDIwOA==","CEE-PC (10.0.0.2, 50137)",50.7.111.2,"TCP, www-http"
Network traffic from <b>www.downgbb.com/US/Installer.php?dv1=10845073&dv2=&dv3=&dv4=&sec_id=qWJ8vBQjIEzEzrekY9hpCTekD38jfEJQvk8rNasah0H8vk8dNBwe7rCQvnsRPBYKPBV4h0z0qWsRhnhazoRavWMRNbëë&marketing_fid=MTQwNzMxMjQ2Ny04MjFjM2E0OTVhZDY5MmJiODBkNmMwNWNmYjBiZDIwOA==</b> matches the signature of a known attack.  The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSWOW64\SVCHOST.EXE.  To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>. 
 

Share this post


Link to post
Share on other sites

EDIT 3: I'm guessing these are drive by downloads (from what i've read in my textbook) and that theres nothing I can really do about these intrusion ATTEMPTS? Can anyone give me some feedback on this. 

Share this post


Link to post
Share on other sites

ISSUE IS WORSE :C MULTIPLE ATTEMPTS A DAY!!!! I hope I can get this fixed before I leave back to my country for uni! :((( Here are the attached logs! (post too long)

FRST.txt

Share this post


Link to post
Share on other sites

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Share this post


Link to post
Share on other sites
ComboFix 14-08-06.02 - Cee 08/08/2014   7:49.1.8 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12248.10411 [GMT -7:00]

Running from: c:\users\Cee\Desktop\ComboFix.exe

AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\msvcr71.dll

.

.

(((((((((((((((((((((((((   Files Created from 2014-07-08 to 2014-08-08  )))))))))))))))))))))))))))))))

.

.

2014-08-08 14:54 . 2014-08-08 14:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-08-06 23:48 . 2014-08-08 09:12 -------- d-----w- C:\FRST

2014-08-06 21:04 . 2014-08-06 21:05 -------- d-----w- C:\NPE

2014-08-06 16:56 . 2014-08-06 20:26 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit

2014-08-06 00:51 . 2014-08-06 00:51 -------- d-----w- c:\programdata\ASUS

2014-08-04 23:10 . 2014-08-04 23:11 -------- d-----w- c:\programdata\Package Cache

2014-08-03 14:46 . 2014-08-03 14:46 -------- d-----w- c:\program files (x86)\4KDownload

2014-08-02 22:54 . 2014-08-02 22:54 -------- d-----w- c:\windows\Sun

2014-08-01 01:06 . 2014-08-01 01:06 -------- d-----w- c:\programdata\Aeria Games

2014-08-01 00:20 . 2014-08-01 00:57 -------- d-----w- C:\AeriaGames

2014-07-31 20:45 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll

2014-07-31 20:45 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe

2014-07-31 20:45 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll

2014-07-31 20:45 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll

2014-07-31 20:45 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll

2014-07-31 20:45 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll

2014-07-31 20:45 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll

2014-07-31 20:45 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll

2014-07-31 20:45 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll

2014-07-31 20:45 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll

2014-07-31 20:44 . 2014-05-14 16:23 198600 ----a-w- c:\windows\system32\wuwebv.dll

2014-07-31 20:44 . 2014-05-14 16:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll

2014-07-31 20:44 . 2014-05-14 16:20 36864 ----a-w- c:\windows\system32\wuapp.exe

2014-07-31 20:44 . 2014-05-14 16:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe

2014-07-31 15:04 . 2014-07-31 15:04 -------- d-----w- c:\program files (x86)\AGEIA Technologies

2014-07-31 15:04 . 2014-07-02 17:44 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2014-07-31 14:34 . 2014-07-31 14:34 -------- d-----w- c:\programdata\RzMaelstromVAD_1.1.58.1854

2014-07-30 20:16 . 2014-08-05 04:30 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2014-07-30 20:16 . 2014-08-05 01:01 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2014-07-30 20:16 . 2014-07-31 18:49 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2014-07-30 20:16 . 2011-12-19 22:16 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe

2014-07-30 20:16 . 2014-07-30 20:16 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP

2014-07-30 20:16 . 2014-07-30 20:16 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2014-07-30 18:03 . 2014-07-31 18:33 -------- d-----w- C:\ArcTemp

2014-07-30 03:52 . 2014-07-30 03:52 -------- d-----w- c:\windows\SysWow64\xlive

2014-07-30 03:51 . 2014-07-30 03:52 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE

2014-07-30 00:12 . 2014-07-30 00:12 -------- d-----w- C:\Python27

2014-07-29 22:58 . 2014-07-29 23:39 -------- d-----w- c:\program files (x86)\Notepad++

2014-07-29 22:12 . 2014-08-05 04:30 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2014-07-29 21:38 . 2014-07-29 21:38 -------- d-----w- c:\program files (x86)\EA Games

2014-07-29 19:23 . 2014-07-29 19:23 -------- d-----w- c:\programdata\SystemRequirementsLab

2014-07-29 19:23 . 2014-07-29 19:23 -------- d-----w- c:\program files (x86)\SystemRequirementsLab

2014-07-29 15:38 . 2014-07-29 15:38 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-07-29 15:38 . 2014-07-29 15:38 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-07-29 15:38 . 2014-07-29 15:38 -------- d-----w- c:\windows\system32\Macromed

2014-07-29 12:12 . 2014-07-29 12:12 -------- d-----w- C:\N360_BACKUP

2014-07-29 11:27 . 2014-06-19 00:14 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2014-07-29 04:05 . 2008-03-05 23:03 238088 ----a-w- c:\windows\SysWow64\xactengine3_0.dll

2014-07-29 04:05 . 2008-03-05 23:03 177672 ----a-w- c:\windows\system32\xactengine3_0.dll

2014-07-29 04:05 . 2008-03-05 23:00 28168 ----a-w- c:\windows\system32\X3DAudio1_3.dll

2014-07-29 04:05 . 2008-03-05 23:00 25608 ----a-w- c:\windows\SysWow64\X3DAudio1_3.dll

2014-07-29 04:05 . 2008-03-05 22:56 4910088 ----a-w- c:\windows\system32\D3DX9_37.dll

2014-07-29 04:05 . 2008-03-05 22:56 3786760 ----a-w- c:\windows\SysWow64\D3DX9_37.dll

2014-07-29 04:05 . 2008-03-05 22:56 1860120 ----a-w- c:\windows\system32\D3DCompiler_37.dll

2014-07-29 04:05 . 2008-03-05 22:56 1420824 ----a-w- c:\windows\SysWow64\D3DCompiler_37.dll

2014-07-29 04:05 . 2008-02-06 06:07 462864 ----a-w- c:\windows\SysWow64\d3dx10_37.dll

2014-07-29 04:05 . 2008-02-06 06:07 529424 ----a-w- c:\windows\system32\d3dx10_37.dll

2014-07-29 01:44 . 2014-07-29 01:44 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2014-07-29 01:41 . 2014-08-06 18:53 -------- d-----w- c:\program files\Adobe

2014-07-29 00:35 . 2014-07-29 00:35 -------- d-----w- C:\.jagex_cache_32

2014-07-28 21:58 . 2014-07-28 21:58 -------- d-----w- C:\Fraps

2014-07-28 19:22 . 2014-08-01 21:50 -------- d-----w- c:\program files (x86)\puush

2014-07-28 19:07 . 2014-07-28 19:07 -------- d-----w- c:\programdata\Oracle

2014-07-28 19:07 . 2014-07-28 19:07 -------- d-----w- c:\program files (x86)\Common Files\Java

2014-07-28 19:06 . 2014-07-28 19:06 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-07-28 19:06 . 2014-07-28 19:06 -------- d-----w- c:\program files (x86)\Java

2014-07-28 19:03 . 2014-07-28 19:03 -------- d-----w- c:\programdata\Riot Games

2014-07-28 19:02 . 2008-07-31 17:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll

2014-07-28 19:02 . 2008-07-31 17:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll

2014-07-28 19:02 . 2008-07-12 15:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2014-07-28 19:02 . 2008-07-12 15:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2014-07-28 19:02 . 2008-07-12 15:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2014-07-28 19:01 . 2014-08-01 01:49 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin

2014-07-28 19:01 . 2014-07-28 19:01 -------- d-----w- C:\Riot Games

2014-07-28 18:59 . 2014-07-28 18:59 -------- d-----w- c:\program files (x86)\Pando Networks

2014-07-28 17:36 . 2014-07-28 17:36 -------- d-----w- c:\windows\SysWow64\Wat

2014-07-28 17:36 . 2014-07-28 17:36 -------- d-----w- c:\windows\system32\Wat

2014-07-28 17:29 . 2013-10-15 01:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2014-07-28 17:24 . 2014-07-28 17:24 327168 ----a-w- c:\windows\system32\mswsock.dll

2014-07-28 17:24 . 2014-07-28 17:24 231424 ----a-w- c:\windows\SysWow64\mswsock.dll

2014-07-28 17:24 . 2014-07-28 17:24 1887232 ----a-w- c:\windows\system32\d3d11.dll

2014-07-28 17:24 . 2014-07-28 17:24 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll

2014-07-28 17:15 . 2014-07-28 17:16 -------- d-----w- c:\windows\system32\MRT

2014-07-28 17:11 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2014-07-28 17:11 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2014-07-28 17:11 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

2014-07-28 17:11 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll

2014-07-28 17:10 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2014-07-28 17:10 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS

2014-07-28 16:54 . 2014-07-28 16:54 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2014-07-28 16:54 . 2014-07-28 16:54 -------- d-----w- c:\program files\Common Files\Symantec Shared

2014-07-28 16:53 . 2014-07-29 02:43 -------- d-----w- c:\windows\system32\drivers\N360x64

2014-07-28 16:53 . 2014-07-28 16:53 -------- d-----w- c:\program files (x86)\Norton Security Suite

2014-07-28 16:51 . 2014-07-28 16:51 -------- d-----w- c:\program files (x86)\NortonInstaller

2014-07-28 16:37 . 2014-07-14 11:12 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E24F2B65-2078-4E46-B0E1-5B210B4090BC}\mpengine.dll

2014-07-28 16:37 . 2014-03-31 16:35 270496 ------w- c:\windows\system32\MpSigStub.exe

2014-07-28 16:12 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2014-07-28 16:12 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2014-07-28 16:12 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2014-07-28 16:12 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2014-07-28 16:12 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2014-07-28 16:12 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2014-07-28 16:12 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2014-07-28 16:05 . 2014-07-28 16:05 -------- d-----w- c:\program files\Microsoft Silverlight

2014-07-28 16:05 . 2014-07-28 16:05 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2014-07-28 16:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2014-07-28 16:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2014-07-28 16:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2014-07-28 10:26 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll

2014-07-28 10:25 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll

2014-07-28 10:24 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll

2014-07-28 10:23 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll

2014-07-28 10:22 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll

2014-07-28 10:21 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys

2014-07-28 10:20 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll

2014-07-28 10:19 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2014-07-28 08:24 . 2014-07-28 08:25 -------- d-----w- c:\programdata\IObit

2014-07-28 08:24 . 2014-08-05 00:55 -------- d-----w- c:\programdata\ProductData

2014-07-28 08:24 . 2014-07-28 13:11 -------- d-----w- c:\program files (x86)\IObit

2014-07-28 06:00 . 2014-07-28 07:47 -------- d-----w- c:\program files (x86)\Deluge

2014-07-28 05:53 . 2014-07-28 05:53 -------- d-----w- c:\program files\CPUID

2014-07-28 04:47 . 2014-08-07 15:28 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-07-28 04:46 . 2014-08-07 04:44 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware

2014-07-28 04:46 . 2014-05-12 14:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-07-28 04:46 . 2014-05-12 14:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-07-27 22:56 . 2010-06-24 18:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2014-07-02 20:48 . 2013-12-10 15:13 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll

2014-07-02 20:48 . 2013-12-10 15:13 17555104 ----a-w- c:\windows\system32\nvd3dumx.dll

2014-07-02 20:48 . 2013-12-10 15:13 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2014-07-02 20:48 . 2013-12-10 15:12 3196816 ----a-w- c:\windows\system32\nvapi64.dll

2014-07-02 20:48 . 2013-12-10 15:12 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll

2014-06-30 23:03 . 2014-06-30 23:03 2454016 ----a-w- c:\windows\SysWow64\python27.dll

2014-06-09 09:49 . 2014-06-09 09:49 69632 ----a-w- c:\windows\system32\DriverInstallCA.dll

2014-06-09 09:49 . 2014-06-09 09:49 32768 ----a-w- c:\windows\system32\drivers\RzMaelstromVAD.sys

2014-06-09 09:49 . 2014-06-09 09:49 245760 ----a-w- c:\windows\system32\DriverInstallCACMD.exe

2014-05-16 03:38 . 2014-05-16 03:38 89088 ----a-w- c:\windows\SysWow64\rzdevinfo.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2014-07-28 01:03 223432 ----a-w- c:\users\Cee\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2014-07-28 01:03 223432 ----a-w- c:\users\Cee\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2014-07-28 01:03 223432 ----a-w- c:\users\Cee\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-02 21648480]

"Akamai NetSession Interface"="c:\users\Cee\AppData\Local\Akamai\netsession_win.exe" [2014-04-18 4672920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-11 2018032]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 291608]

"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-07 102568]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2014-07-27 3058304]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-02-16 322176]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]

"RazerGameBooster"="c:\program files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe" [2014-02-26 61152]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\96369110.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]

R3 sclbl;sclbl;c:\aeriagames\ScarletBlade\avital\scarbt64.sys;c:\aeriagames\ScarletBlade\avital\scarbt64.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1503000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1503000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\SYMEFA64.SYS [x]

S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]

S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [x]

S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\ccSetx64.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140806.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140806.001\IDSvia64.sys [x]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1503000.00C\SYMNETS.SYS [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]

S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]

S2 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]

S2 FanChkService;Fan Filter Checker Service;c:\program files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe;c:\program files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [x]

S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]

S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]

S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - cpuz137

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-07-28 04:09 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-29 15:38]

.

2014-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-28 04:06]

.

2014-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-28 04:06]

.

2014-08-07 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]

.

2014-08-08 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2014-07-28 01:03 262344 ----a-w- c:\users\Cee\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2014-07-28 01:03 262344 ----a-w- c:\users\Cee\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2014-07-28 01:03 262344 ----a-w- c:\users\Cee\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-12-29 1014432]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-12-29 800416]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-05-26 361984]

"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105

Trusted Zone: aeriagames.com

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\Cee\AppData\Roaming\Mozilla\Firefox\Profiles\5e5mzx4c.default\

FF - prefs.js: browser.startup.homepage - www.reddit.com

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-Malwarebytes Anti-Exploit - c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Best Buy pc app - c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\Best Buy pc app Setup.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe

AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\Best Buy pc app Setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\diMaster.dll\" /prefetch:1"

"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS"

"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12;c:\program files (x86)\Norton Security Suite\Engine64\21.3.0.12"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-08-08  07:55:52

ComboFix-quarantined-files.txt  2014-08-08 14:55

.

Pre-Run: 312,060,755,968 bytes free

Post-Run: 311,970,844,672 bytes free

.

- - End Of File - - DD75DB27AFC5EC8090EAE410EBF916B3

Share this post


Link to post
Share on other sites

I just realized your instruction said attach and not post the log, sorry for mistake!

Share this post


Link to post
Share on other sites

It's okay.

 

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:


  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 
 

 

Next:

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 

 

Share this post


Link to post
Share on other sites
JavaRa 1.16 Removal Log.

 

Report follows after line.

 

------------------------------------

 

The JavaRa removal process was started on Sat Aug 09 07:24:57 2014

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

 

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

 

Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}

 

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

 

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

 

Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}

 

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

 

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-applet

 

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-jnlp-file

 

Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}

 

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled

 

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0

 

Found and removed: SOFTWARE\JavaSoft

 

Found and removed: SOFTWARE\JreMetrics

 

Found and removed: SOFTWARE\MozillaPlugins

 

------------------------------------

 

Finished reporting.

Share this post


Link to post
Share on other sites
Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 8/9/2014

Scan Time: 7:31:20 AM

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.08.09.03

Rootkit Database: v2014.08.04.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Cee

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 302049

Time Elapsed: 9 min, 48 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Share this post


Link to post
Share on other sites

There were no intrusion attempts for about 1 day then I checked Norton and saw there were two attempts this morning at 3:50:52 AM and 3:50:54 AM. Issue has not been fixed. :(

Share this post


Link to post
Share on other sites

Please post the logs or screen shots of what you're seeing. Please also post the protection logs from MBAM for the past couple of days.

 

 

 

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!


 

Share this post


Link to post
Share on other sites

First they are shown in red with warning "High" like this. (There are MANY more sometimes in quick succession according to the times listed if I scroll down, these are just the recent ones)

http://imgur.com/Zdfqbnn

 

Zdfqbnn.png?1

 

Then when I go into one it looks like this. (path says harddiskvolume2 and ends in svchost.exe.)

http://imgur.com/fc8Mik8

 

fc8Mik8.png?1

 

Thank you for your help.

 

Share this post


Link to post
Share on other sites

These are incoming IP blocks. Not much one can do about it to prevent it. Norton and MBAM are doing their job blocking them which is what they're designed to do. You could silence the alert that's up to you. Myself I like to see them even though there isn't much one can do to completely stop the. They come from a remote computer and often can be due to a site or ad on a site that you visit.

 

Please post the security log

Share this post


Link to post
Share on other sites
I thought these would be a drive download attempts or something like them but other Norton users that have drive by download attempts their alerts end with the browser name or say "\Internet" at the end. How come not mine? Here are the logs btw.

 

 Results of screen317's Security Check version 0.99.86  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Norton Security Suite   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Adobe Flash Player 10 Flash Player out of Date! 

 Adobe Flash Player 14.0.0.145  

 Adobe Reader XI  

 Mozilla Firefox (31.0) 

 Google Chrome 36.0.1985.125  

````````Process Check: objlist.exe by Laurent````````  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 4% 

````````````````````End of Log`````````````````````` 

Share this post


Link to post
Share on other sites

As I said this is not on your computer. It is simply a remote computer contacting your computer out of the blue. Adding the IP block to your firewall and letting MBAM do it's blocking is about all you can do. There is no infection.

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.