Help needed

[BkmEvilgio]

Hi there

 

I've tried to do something about what i believe is a virus in my notebook, but so far i'm getting only dead ends.

 

Thanks for all the help you may give me.

 

Here are the logs:

 

 

FRST.exe

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014

Ran by Sergio (administrator) on SERGIO-PC on 03-10-2014 02:57:03

Running from D:\Archivo\Desktop

Loaded Profiles: Sergio & UpdatusUser (Available profiles: Sergio & UpdatusUser)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Acresso Software Inc.) C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

(Acresso Software Inc.) C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe

(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe

() C:\Program Files (x86)\ESRI\License\arcgis9x\ARCGIS.EXE

() C:\Program Files (x86)\Input Director\IDWinService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

() C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe

(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corporation) D:\Office 2013\Office15\MSOSYNC.EXE

(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Dropbox, Inc.) C:\Users\Sergio\AppData\Roaming\Dropbox\bin\Dropbox.exe

(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-15] (Synaptics Incorporated)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)

HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)

HKU\S-1-5-21-1493215691-313182909-2788800161-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)

HKU\S-1-5-21-1493215691-313182909-2788800161-1000\...\Run: [inputDirector] => C:\Program Files (x86)\Input Director\InputDirector.exe [475136 2010-02-01] ()

HKU\S-1-5-21-1493215691-313182909-2788800161-1000\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-1493215691-313182909-2788800161-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

Startup: C:\Users\Sergio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Sergio\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => D:\Office 2013\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => D:\Office 2013\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => D:\Office 2013\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers: [1CryptoProviderIcons] -> {24808826-C2BF-4269-B3BA-89D1D5F431A4} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll (Autodesk)

GroupPolicyUsers\S-1-5-21-1493215691-313182909-2788800161-1005\User: Group Policy restriction detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyServer: servidor-fw:8080

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_3

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDA77BC140344CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-cl

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Office 2013\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Office 2013\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Office 2013\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Office 2013\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 190.160.0.11 200.30.192.15 200.83.1.4

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\OFFICE~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Sergio\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Sergio\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Sergio\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Sergio\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sergio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Users\Sergio\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Sergio\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\IPSFF

FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\IPSFF [2014-08-20]

 

Chrome: 

=======

CHR DefaultSearchURL: Default -> https://docs.google.com/offline/backgroundshell#ouid=u787e9ee4dbb5bc1f

CHR Profile: C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (esriArcMapUI.InternetTiledLayerContextMenu) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-08-10]

CHR Extension: (Google Docs) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-20]

CHR Extension: (Google Drive) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-20]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]

CHR Extension: (YouTube) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-20]

CHR Extension: (Google Search) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-20]

CHR Extension: (Cargo Bridge) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn [2014-03-20]

CHR Extension: (Cuevana Stream) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdckejfnkaemompfjhecfmhjgnchmjg [2014-03-20]

CHR Extension: (Google Wallet) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20]

CHR Extension: (AT_DJTiesto) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmcbgkkeagngnijeiighgblfljbekip [2014-03-20]

CHR Extension: (Gmail) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-20]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-08-11] (Adobe Systems) [File not signed]

R2 ArcGIS License Manager; C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe [1431440 2008-08-02] (Acresso Software Inc.)

S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2014-04-01] (Autodesk)

U2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-07] (Red Bend Ltd.) [File not signed]

R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)

S4 hasplms; C:\Windows\system32\hasplms.exe [4683144 2014-04-29] (SafeNet Inc.)

S3 IDVistaService; C:\Program Files (x86)\Input Director\IDVistaService.exe [13824 2009-02-08] () [File not signed]

R2 InputDirector; C:\Program Files (x86)\Input Director\IDWinService.exe [36864 2010-02-01] () [File not signed]

S4 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-03-22] () [File not signed]

S4 Legion Licence Service; C:\Program Files (x86)\Common Files\Legion International\Legion Licensing Utility\Bin\LegnLicenceService.exe [65024 2014-04-23] (Legion International Limited) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()

R2 QDLService2kDell; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [330488 2010-01-14] (QUALCOMM, Inc.)

R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe [144368 2013-05-25] (Symantec Corporation)

R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe [2316184 2013-05-25] (Symantec Corporation)

S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\snac64.exe [334736 2013-05-25] (Symantec Corporation)

S4 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14401104 2013-08-27] ()

R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-07] (Intel® Corporation) [File not signed]

S4 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [453120 2010-01-28] () [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2014-04-29] (SafeNet Inc.)

S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2014-04-29] (SafeNet Inc.)

S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2014-04-29] (SafeNet Inc.)

R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20140913.012\BHDrvx64.sys [1530160 2014-08-01] (Symantec Corporation)

R1 ccSettings_{E1A40A89-2B89-44FA-9E96-395B7D7F03AC}; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys [169048 2013-05-25] (Symantec Corporation)

R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()

R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-03-22] (DT Soft Ltd)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)

R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-04-29] (SafeNet Inc.)

R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\IPSDefs\20141002.011\IDSvia64.sys [525016 2014-08-19] (Symantec Corporation)

S3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [158976 2010-02-26] (Intel Corporation) [File not signed]

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-03] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20141002.018\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20141002.018\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)

S2 Sentinel; C:\Windows\System32\Drivers\SENTINEL64.SYS [141888 2006-04-20] (SafeNet, Inc.)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2014-03-21] (Duplex Secure Ltd.)

R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSP64.SYS [796760 2013-05-25] (Symantec Corporation)

R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSPX64.SYS [36952 2013-05-25] (Symantec Corporation)

S2 SSIPDDP; C:\Windows\SysWOW64\DRIVERS\SSIPDDP.SYS [55296 1997-09-10] () [File not signed]

S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\SyDvCtrl64.sys [34800 2013-05-25] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMDS64.SYS [493656 2013-05-25] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMEFA64.SYS [1139800 2013-05-25] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-08-20] (Symantec Corporation)

R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\Ironx64.SYS [224416 2013-05-25] (Symantec Corporation)

R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMNETS.SYS [433752 2013-05-25] (Symantec Corporation)

R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [159472 2014-08-20] (Symantec Corporation)

R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()

R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-08-15] (VMware, Inc.)

R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)

U3 ao0p6d8g; C:\Windows\System32\Drivers\ao0p6d8g.sys [0 ] (Intel Corporation)

S3 btwampfl; system32\drivers\btwampfl.sys [X]

S3 btwaudio; system32\drivers\btwaudio.sys [X]

S3 btwavdt; system32\drivers\btwavdt.sys [X]

S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]

S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

 

========================== Drivers MD5 =======================

 

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\Accelern.sys 7A505465BBB1EB8B5AD4D76E8749383B

C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit

C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit

C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit

C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9

C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\aksdf.sys 3190C577746303CA4C65114441192FE2

C:\Windows\System32\DRIVERS\aksfridge.sys 6ED46C83547E93828A76B7A221D504E4

C:\Windows\System32\DRIVERS\akshasp.sys 35E43EE8FE28CFD581E8CE42847DFE2B

C:\Windows\System32\DRIVERS\akshhl.sys 053B204554F104CB5DC3D94B61BDA458

C:\Windows\System32\DRIVERS\aksusb.sys 8D584711424446969B5E4CB16870A898

C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49

C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit

C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048

C:\Windows\system32\drivers\appid.sys ==> MD5 is legit

C:\Windows\system32\drivers\arc.sys ==> MD5 is legit

C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit

C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit

C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit

C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20140913.012\BHDrvx64.sys F10EFCE086C794F8A7C2C7A3EA52AC5F

C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bpenum.sys F46DD257FAD7D2D097EF32E72220A06C

C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit

C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B

C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit

C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315

C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF

C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4

C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37

C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys 56685951208AC81CF923B9B08BEDF3B7

C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit

C:\Windows\System32\CLFS.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit

C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706

C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit

C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit

C:\Windows\System32\drivers\csc.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\CVirtA64.sys 44BDDEB03C84A1C993C992FFB5700357

C:\Windows\system32\Drivers\CVPNDRVA.sys CC8E52DAA9826064BA464DBE531F2BB5

C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit

C:\Windows\System32\drivers\discache.sys ==> MD5 is legit

C:\Windows\System32\drivers\disk.sys ==> MD5 is legit

C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415

C:\Windows\System32\DRIVERS\dne64x.sys 05CB5910B3CA6019FC3CCA815EE06FFB

C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\dtsoftbus01.sys 46571ED73AE84469DCA53081D33CF3C8

C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868

C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit

C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 03E1B8BA59327D186C7C533A6998FEF9

C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit

C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 142EA7DF1851C563571F2DCFC7AFBB40

C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit

C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit

C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit

C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit

C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit

C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit

C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit

C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B

C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0

C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit

C:\Windows\system32\drivers\hardlock.sys 3921C845A24C62CA1F44EEF4826263E9

C:\Windows\system32\drivers\hcmon.sys 23AF3730B7B757A385721E900250CF3B

C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit

C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A

C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF

C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit

C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit

C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit

C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\iaStor.sys ABBF174CB394F5C437410A788B7E404A

C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366

C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\IPSDefs\20141002.011\IDSvia64.sys 47D561365913893120FC651419745FDA

C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9

C:\Windows\System32\drivers\RTKVHD64.sys 8FED6428FDE53D7F4C105095F22524BE

C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit

C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit

C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit

C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6

C:\Windows\System32\DRIVERS\jmcr.sys 3926C8C55A2CD2C94888BE39B4BEB629

C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit

C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC

C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB

C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit

C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit

C:\Windows\system32\drivers\mbam.sys F92B0E478C0FAA6D6661E6E977247E60

C:\Windows\system32\drivers\MBAMSwissArmy.sys 8A50D5304E6AE48664CF5838EC32F647

C:\Windows\system32\drivers\mwac.sys 15E8ABC06843672955CE26A009533BAD

C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit

C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit

C:\Windows\System32\drivers\modem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit

C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit

C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404

C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC

C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163

C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C

C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit

C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit

C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit

C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit

C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit

C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20141002.018\ENG64.SYS C180A82874D3CDC390A27F2F1E1AF025

C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20141002.018\EX64.SYS E66CA6C321614D7BC0AFC9C8436131B9

C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88

C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit

C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\NETw5s64.sys 18555F48844C2861D9DCE8F2B7223AE5

C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2

C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\nusb3hub.sys 0EBC9D13CD96C15B1B18D8678A609E4B

C:\Windows\System32\DRIVERS\nusb3xhc.sys 7BDEC000D56D485021D9C1E63C2F81CA

C:\Windows\System32\drivers\nvhda64v.sys 554964B900AE2954B8B589B6287034AC

C:\Windows\System32\DRIVERS\nvlddmkm.sys E71E299FF15390E585BACF2C18F55078

C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD

C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A

C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit

C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit

C:\Windows\system32\drivers\parport.sys ==> MD5 is legit

C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C

C:\Windows\System32\drivers\pci.sys ==> MD5 is legit

C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit

C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit

C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit

C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit

C:\Windows\system32\drivers\processr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit

C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1

C:\Windows\System32\DRIVERS\qicflt.sys 0928BD20273625622722FE1DE5BBDE57

C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit

C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34

C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A

C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932

C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0

C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit

C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0

C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit

C:\Windows\System32\Drivers\SENTINEL64.SYS 82215BBED5D37B0C354F0E83FD0C8423

C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit

C:\Windows\system32\drivers\serial.sys ==> MD5 is legit

C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit

C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit

C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit

C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit

C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit

C:\Windows\System32\Drivers\sptd.sys D6AB7C13FCDD2E4CAC35244D2C172D9A

C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSP64.SYS 193154DCA42A098683BBC693CF0DCBF6

C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSPX64.SYS 0E76CEF892C45734F7AED09FDDF35D4D

C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B

C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28

C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3

C:\Windows\SysWOW64\DRIVERS\SSIPDDP.SYS 6DB0676E502995C59053683817C94286

C:\Windows\System32\DRIVERS\stdcfltn.sys 92E7F6666633D2DD91D527503DAA7BE0

C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit

C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit

C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\SyDvCtrl64.sys 78E04DAACEBEEA41259FF5D6ACD0F565

C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMDS64.SYS E174C8BC572E93AEEE1036DEDAC5F225

C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMEFA64.SYS 599872BAD7CFB45C7CE47CDED4B726D8

C:\Windows\system32\Drivers\SYMEVENT64x86.SYS F19E5E37ED8134B9E5F6287F2D3A75D7

C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\Ironx64.SYS ADF37F1A715D6C56C8E065FD8569A9A4

C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMNETS.SYS 9CDCA70485BD6B9D230365F67C31F132

C:\Windows\System32\DRIVERS\SynTP.sys 36F506C894E1EA59C65FAF6398BDF49A

C:\Windows\System32\Drivers\SysPlant.sys D9355B8939719F00E21C053932C00192

C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E

C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E

C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC

C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit

C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8

C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09

C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426

C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07

C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\TurboB.sys 825E7A1F48FB8BCFBA27C178AAB4E275

C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit

C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit

C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit

C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2

C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A

C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31

C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965

C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA

C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit

C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6

C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit

C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7

C:\Windows\System32\DRIVERS\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29

C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit

C:\Windows\System32\drivers\vga.sys ==> MD5 is legit

C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit

C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit

C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit

C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vmci.sys BE8E5E5D53ACF71D4E8E686B68C99B04

C:\Windows\System32\DRIVERS\vmnetadapter.sys 18AA5F4A3B1204AD00045EE5AD39BCDB

C:\Windows\System32\DRIVERS\vmnetbridge.sys 04CD4347CD9E8C40F78AD51F7FF426D0

C:\Windows\system32\drivers\vmnetuserif.sys 748FD60D1B73F50020CFD126F940543F

C:\Windows\System32\DRIVERS\vmusb.sys F347A28F63162FF82BDDAADC14935BA4

C:\Windows\system32\drivers\vmx86.sys CB41CC41F83C9A6081A2AE71251A16D5

C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit

C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit

C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit

C:\Windows\System32\drivers\vsock.sys 108196FE0580A18AB6237EA36FD210F2

C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys E7CE8988B98202A5CF429CA358D26CC5

C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit

C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\system32\drivers\wd.sys ==> MD5 is legit

C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8

C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit

C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D

C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit

C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit

C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F

C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

C:\Windows\System32\Drivers\ao0p6d8g.sys 

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-03 02:56 - 2014-10-03 02:57 - 00000000 ____D () C:\FRST

2014-10-03 02:42 - 2014-10-03 02:42 - 00000056 _____ () C:\Windows\setupact.log

2014-10-03 02:42 - 2014-10-03 02:42 - 00000000 _____ () C:\Windows\setuperr.log

2014-10-03 02:41 - 2014-10-03 02:41 - 00000292 _____ () C:\Windows\PFRO.log

2014-10-03 01:10 - 2014-10-03 02:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-03 01:10 - 2014-10-03 01:10 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-03 01:10 - 2014-10-03 01:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-03 01:10 - 2014-10-03 01:10 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-10-03 01:10 - 2014-10-03 01:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-03 01:10 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-10-03 01:10 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-10-03 01:10 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-10-03 01:02 - 2014-10-03 01:02 - 00032437 _____ () C:\ComboFix.txt

2014-10-03 00:49 - 2011-06-26 03:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-10-03 00:49 - 2010-11-07 14:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-10-03 00:49 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-10-03 00:49 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-10-03 00:49 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-10-03 00:49 - 2000-08-30 21:00 - 00098816 _____ () C:\Windows\sed.exe

2014-10-03 00:49 - 2000-08-30 21:00 - 00080412 _____ () C:\Windows\grep.exe

2014-10-03 00:49 - 2000-08-30 21:00 - 00068096 _____ () C:\Windows\zip.exe

2014-10-03 00:48 - 2014-10-03 01:02 - 00000000 ____D () C:\Qoobox

2014-10-03 00:47 - 2014-10-03 00:59 - 00000000 ____D () C:\Windows\erdnt

2014-10-03 00:31 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-10-03 00:29 - 2014-10-03 00:34 - 00000000 ____D () C:\AdwCleaner

2014-10-01 11:16 - 2014-09-24 23:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-10-01 11:16 - 2014-09-24 22:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2014-09-27 19:07 - 2014-09-29 22:53 - 00000000 ____D () C:\ProgramData\Freemake

2014-09-27 19:07 - 2014-09-29 22:53 - 00000000 ____D () C:\Program Files (x86)\Freemake

2014-09-24 15:32 - 2014-09-24 15:32 - 00000000 ____D () C:\Users\Sergio\AppData\Roaming\Atari

2014-09-24 15:29 - 2014-10-03 01:51 - 00000000 ____D () C:\Users\Sergio\AppData\OICE_15_974FA576_32C1D314_39DC

2014-09-24 00:47 - 2014-10-03 02:44 - 00004928 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Sergio-PC-Sergio Sergio-PC

2014-09-23 22:17 - 2014-09-09 19:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-09-23 22:17 - 2014-09-09 18:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-09-15 13:07 - 2014-09-15 13:07 - 00001074 _____ () C:\Users\Public\Desktop\Input Director.lnk

2014-09-15 13:07 - 2014-09-15 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Input Director

2014-09-15 13:07 - 2014-09-15 13:07 - 00000000 ____D () C:\Program Files (x86)\Input Director

2014-09-11 14:38 - 2014-09-24 02:17 - 00000000 ____D () C:\Windows\rescache

2014-09-11 00:18 - 2014-08-18 19:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-11 00:18 - 2014-08-18 19:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-09-11 00:18 - 2014-08-18 19:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-09-11 00:18 - 2014-08-18 19:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-09-11 00:18 - 2014-08-18 19:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-11 00:18 - 2014-08-18 19:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-11 00:18 - 2014-08-18 19:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-11 00:18 - 2014-08-18 19:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-09-11 00:18 - 2014-08-18 19:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-09-11 00:18 - 2014-08-18 18:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-11 00:18 - 2014-08-18 18:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-11 00:18 - 2014-08-18 18:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-11 00:18 - 2014-08-18 18:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-09-11 00:18 - 2014-08-18 18:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-09-11 00:18 - 2014-08-18 18:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-11 00:18 - 2014-08-18 18:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-11 00:18 - 2014-08-18 18:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-11 00:18 - 2014-08-18 18:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-11 00:18 - 2014-08-18 18:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-11 00:18 - 2014-08-18 18:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-11 00:18 - 2014-08-18 18:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-11 00:18 - 2014-08-18 18:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-09-11 00:18 - 2014-08-18 18:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-11 00:18 - 2014-08-18 18:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-11 00:18 - 2014-08-18 18:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-11 00:17 - 2014-08-19 15:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-11 00:17 - 2014-08-19 14:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-09-11 00:17 - 2014-08-18 20:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-11 00:17 - 2014-08-18 19:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-11 00:17 - 2014-08-18 19:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-11 00:17 - 2014-08-18 19:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-11 00:17 - 2014-08-18 19:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-11 00:17 - 2014-08-18 19:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-09-11 00:17 - 2014-08-18 19:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-11 00:17 - 2014-08-18 19:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-09-11 00:17 - 2014-08-18 18:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-09-11 00:17 - 2014-08-18 18:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-09-11 00:17 - 2014-08-18 18:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-09-11 00:17 - 2014-08-18 18:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-11 00:17 - 2014-08-18 18:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-09-11 00:17 - 2014-08-18 18:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-09-11 00:17 - 2014-08-18 18:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-11 00:17 - 2014-08-18 18:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-11 00:17 - 2014-08-18 18:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-11 00:17 - 2014-08-18 18:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-09-11 00:17 - 2014-08-18 18:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-11 00:17 - 2014-08-18 18:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-11 00:17 - 2014-08-18 18:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-11 00:17 - 2014-08-18 18:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-11 00:17 - 2014-08-18 18:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-11 00:17 - 2014-08-18 18:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-09-11 00:17 - 2014-08-18 17:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-11 00:17 - 2014-08-18 17:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-11 00:17 - 2014-08-18 17:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-11 00:17 - 2014-08-18 17:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-09-11 00:17 - 2014-08-18 17:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-09-11 00:03 - 2014-06-26 23:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2014-09-11 00:03 - 2014-06-26 22:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2014-09-10 22:36 - 2014-08-01 08:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2014-09-10 22:36 - 2014-08-01 08:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-09-10 22:34 - 2014-06-24 00:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-09-10 22:34 - 2014-06-23 23:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-09-10 22:24 - 2014-07-06 23:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-10 22:23 - 2014-07-06 23:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-10 22:23 - 2014-07-06 22:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-09-10 22:23 - 2014-07-06 22:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-09-10 22:23 - 2014-07-06 22:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-09-05 18:56 - 2014-09-05 18:56 - 00000957 _____ () C:\Users\Sergio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk

2014-09-05 18:56 - 2014-09-05 18:56 - 00000000 ____D () C:\Users\Sergio\AppData\Roaming\Helios

2014-09-05 18:56 - 2014-09-05 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TextPad

2014-09-05 18:56 - 2014-09-05 18:56 - 00000000 ____D () C:\Program Files\TextPad 7

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-03 02:54 - 2014-03-20 04:45 - 00000000 ____D () C:\Users\Sergio\AppData\Roaming\uTorrent

2014-10-03 02:53 - 2009-07-14 01:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-03 02:53 - 2009-07-14 01:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-03 02:51 - 2014-03-20 01:58 - 01401365 _____ () C:\Windows\WindowsUpdate.log

2014-10-03 02:45 - 2014-06-13 00:46 - 00000000 ___RD () C:\Users\Sergio\Google Drive

2014-10-03 02:45 - 2014-03-26 12:28 - 00000000 ____D () C:\Users\Sergio\AppData\Roaming\Dropbox

2014-10-03 02:43 - 2014-04-08 17:18 - 00000050 _____ () C:\Windows\system32\SupplicantTest.log

2014-10-03 02:43 - 2014-03-27 19:47 - 00000000 ____D () C:\ProgramData\VMware

2014-10-03 02:43 - 2014-03-20 03:12 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-10-03 02:42 - 2014-03-20 03:26 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-10-03 02:42 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-03 02:35 - 2014-03-20 03:12 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-10-03 02:21 - 2014-04-22 02:02 - 00001050 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1493215691-313182909-2788800161-1000UA.job

2014-10-03 01:58 - 2014-03-20 21:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-10-03 01:55 - 2014-08-19 14:17 - 00000000 ____D () C:\Windows\pss

2014-10-03 01:46 - 2014-03-20 03:11 - 00000000 ____D () C:\Users\Sergio\AppData\Local\Apps\2.0

2014-10-03 01:44 - 2014-03-30 20:41 - 00000000 ____D () C:\Users\Sergio\AppData\Roaming\AIMP3

2014-10-03 01:02 - 2009-07-14 00:20 - 00000000 __RHD () C:\Users\Default

2014-10-03 00:59 - 2009-07-13 23:34 - 00000215 _____ () C:\Windows\system.ini

2014-10-02 22:36 - 2014-08-20 15:17 - 00000000 ____D () C:\ProgramData\Symantec

2014-10-02 21:20 - 2014-04-22 02:02 - 00000998 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1493215691-313182909-2788800161-1000Core.job

2014-10-02 19:29 - 2014-03-20 22:22 - 00000000 ____D () C:\Users\Sergio\AppData\Roaming\vlc

2014-10-02 18:27 - 2014-04-08 19:09 - 00007673 _____ () C:\Users\Sergio\AppData\Local\resmon.resmoncfg

2014-10-02 10:12 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-09-30 14:53 - 2009-07-14 02:13 - 00006408 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-30 14:52 - 2014-03-24 00:54 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-30 14:52 - 2014-03-24 00:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-29 23:00 - 2014-03-27 23:32 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-25 22:26 - 2014-03-22 22:21 - 00000000 ____D () C:\Users\Sergio\AppData\Local\Microsoft Help

2014-09-24 00:43 - 2014-08-20 11:53 - 00000000 ____D () C:\temp

2014-09-18 23:36 - 2014-03-26 12:29 - 00000000 ____D () C:\Users\Sergio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-09-14 15:31 - 2014-03-22 22:21 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-09-14 15:30 - 2014-08-27 01:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2014-09-11 00:12 - 2014-03-23 00:47 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-11 00:05 - 2014-03-23 00:47 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-09-03 02:57 - 2014-08-25 22:55 - 00000000 ____D () C:\Users\Sergio\AppData\Local\Adobe

2014-09-03 02:06 - 2014-08-07 01:26 - 00000000 ____D () C:\Users\Sergio\AppData\Roaming\Notepad++

 

Some content of TEMP:

====================

C:\Users\Sergio\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprj4q2z.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

==================== BCD ================================

 

Windows Boot Manager

--------------------

identifier              {bootmgr}

device                  partition=\Device\HarddiskVolume1

description             Windows Boot Manager

locale                  en-US

inherit                 {globalsettings}

default                 {current}

resumeobject            {288b0fa9-a17b-11e2-a349-8089dc6ebb26}

displayorder            {current}

toolsdisplayorder       {memdiag}

timeout                 30

 

Windows Boot Loader

-------------------

identifier              {288b0fa7-a17b-11e2-a349-8089dc6ebb26}

device                  ramdisk=[C:]\Recovery\288b0fa7-a17b-11e2-a349-8089dc6ebb26\Winre.wim,{288b0fa8-a17b-11e2-a349-8089dc6ebb26}

path                    \windows\system32\winload.exe

description             Windows Recovery Environment

inherit                 {bootloadersettings}

osdevice                ramdisk=[C:]\Recovery\288b0fa7-a17b-11e2-a349-8089dc6ebb26\Winre.wim,{288b0fa8-a17b-11e2-a349-8089dc6ebb26}

systemroot              \windows

nx                      OptIn

winpe                   Yes

 

Windows Boot Loader

-------------------

identifier              {current}

device                  partition=C:

path                    \Windows\system32\winload.exe

description             Windows 7

locale                  en-US

inherit                 {bootloadersettings}

recoverysequence        {288b0fab-a17b-11e2-a349-8089dc6ebb26}

recoveryenabled         Yes

osdevice                partition=C:

systemroot              \Windows

resumeobject            {288b0fa9-a17b-11e2-a349-8089dc6ebb26}

nx                      OptIn

 

Windows Boot Loader

-------------------

identifier              {288b0fab-a17b-11e2-a349-8089dc6ebb26}

device                  ramdisk=[C:]\Recovery\288b0fab-a17b-11e2-a349-8089dc6ebb26\Winre.wim,{288b0fac-a17b-11e2-a349-8089dc6ebb26}

path                    \windows\system32\winload.exe

description             Windows Recovery Environment

inherit                 {bootloadersettings}

osdevice                ramdisk=[C:]\Recovery\288b0fab-a17b-11e2-a349-8089dc6ebb26\Winre.wim,{288b0fac-a17b-11e2-a349-8089dc6ebb26}

systemroot              \windows

nx                      OptIn

winpe                   Yes

 

Resume from Hibernate

---------------------

identifier              {288b0fa9-a17b-11e2-a349-8089dc6ebb26}

device                  partition=C:

path                    \Windows\system32\winresume.exe

description             Windows Resume Application

locale                  en-US

inherit                 {resumeloadersettings}

filedevice              partition=C:

filepath                \hiberfil.sys

debugoptionenabled      No

 

Windows Memory Tester

---------------------

identifier              {memdiag}

device                  partition=\Device\HarddiskVolume1

path                    \boot\memtest.exe

description             Windows Memory Diagnostic

locale                  en-US

inherit                 {globalsettings}

badmemoryaccess         Yes

 

EMS Settings

------------

identifier              {emssettings}

bootems                 Yes

 

Debugger Settings

-----------------

identifier              {dbgsettings}

debugtype               Serial

debugport               1

baudrate                115200

 

RAM Defects

-----------

identifier              {badmemory}

 

Global Settings

---------------

identifier              {globalsettings}

inherit                 {dbgsettings}

                        {emssettings}

                        {badmemory}

 

Boot Loader Settings

--------------------

identifier              {bootloadersettings}

inherit                 {globalsettings}

                        {hypervisorsettings}

 

Hypervisor Settings

-------------------

identifier              {hypervisorsettings}

hypervisordebugtype     Serial

hypervisordebugport     1

hypervisorbaudrate      115200

 

Resume Loader Settings

----------------------

identifier              {resumeloadersettings}

inherit                 {globalsettings}

 

Device options

--------------

identifier              {288b0fa8-a17b-11e2-a349-8089dc6ebb26}

description             Ramdisk Options

ramdisksdidevice        partition=C:

ramdisksdipath          \Recovery\288b0fa7-a17b-11e2-a349-8089dc6ebb26\boot.sdi

 

Device options

--------------

identifier              {288b0fac-a17b-11e2-a349-8089dc6ebb26}

description             Ramdisk Options

ramdisksdidevice        partition=C:

ramdisksdipath          \Recovery\288b0fab-a17b-11e2-a349-8089dc6ebb26\boot.sdi

 

 

 

LastRegBack: 2014-09-26 05:02

 

 

==================== End Of Log ============================

Addition.txt

FRST.txt

[gringo_pr]

Hello

We are very sorry for the delay in responding to your request, If you are still in need of assistance please let me know and I will get started in helping you with your request.

Regards,

Gringo

Malwareremoval

Malwarebytes

[gringo_pr]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!