Jump to content

Recommended Posts

For the last couple of days I have had multiple malicious website blocked pop ups show up for various IP addresses including fff5ee.com and searchnet.blinkxcore.com. I'm hoping someone can help. I ran the Farbar Recovery Scan Tool and got the following logs.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014
Ran by dibollparts (administrator) on DIBOLLPARTS-PC on 27-10-2014 16:21:05
Running from E:\
Loaded Profile: dibollparts (Available profiles: dibollparts & allied)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(CNS International) C:\Program Files (x86)\CNS International\The InterCom System\Server\ICSvrNT.EXE
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\N360.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(iAnywhere Solutions, Inc.) C:\Program Files\SQL Anywhere 11\Bin32\dbsrv11.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Allied Information Networks) C:\ALLIED\BASNTSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\dibollparts\AppData\Roaming\ChromeUpdate.exe
(Allied Information Networks) C:\Users\dibollparts\AppData\Roaming\msdjish.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\N360.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907240 2010-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112408 2012-04-17] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...\Run: [bASNT] => c:\ALLIED\BASNT.EXE
HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-10-01] (Google Inc.)
HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...\Run: [shopAtHomeWatcher] => C:\Users\dibollparts\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...\Run: [shopAtHomeUpdater] => C:\Users\dibollparts\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...\Run: [GoogleChromeAutoLaunch_42633E726CDEF9E0918FA6A3B75ACBF2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-09] (Google Inc.)
HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...\Run: [ChromeUpdate] => C:\Users\dibollparts\AppData\Roaming\ChromeUpdate.exe [18630862 2014-10-27] ()
HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...\Run: [2632168996] => C:\Users\dibollparts\AppData\Roaming\msdjish.exe [500736 2013-08-28] (Allied Information Networks)
HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\dibollparts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6500 E710n-z.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6500 E710n-z.lnk -> C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.0.1.3\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.0.1.3\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.0.1.3\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [uninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\Windows\SysWOW64\cgmopenbho.dll (CGM Open Consortium, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: AOL Messaging Toolbar Loader -> {b0cda128-b425-4eef-a174-61a11ac5dbf8} -> C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
BHO-x32: AOL Mail Toolbar Loader -> {fbea8524-8c72-4208-9d12-7fb73e9926eb} -> C:\Program Files (x86)\AOL Mail Toolbar\aolmailtb.dll (AOL)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - AOL Messaging Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
Toolbar: HKLM-x32 - AOL Mail Toolbar - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files (x86)\AOL Mail Toolbar\aolmailtb.dll (AOL)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {A3704FA3-DBF6-46B5-B95E-0677DFD39577} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\dibollparts\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFFPlgn [2014-10-27]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn [2014-10-27]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://feed.helperbar.com/?publisher=QuickOC&dpid=QuickOC&co=US&userid=31da0563-16f4-962b-8a50-c0cc2233bdff&searchtype=hp&installDate=03/10/2013
CHR StartupUrls: Default -> "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000013&tb_uuid=D16070C15B1C4C83B4749E9CA9F2246F", "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (Norton Identity Safe) - C:\Users\dibollparts\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\npcoplgn.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\dibollparts\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\dibollparts\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dibollparts\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\dibollparts\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-01]
CHR Extension: (Google Search) - C:\Users\dibollparts\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-01]
CHR Extension: (Norton Identity Protection) - C:\Users\dibollparts\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-10-27]
CHR Extension: (Google Wallet) - C:\Users\dibollparts\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR Extension: (Gmail) - C:\Users\dibollparts\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-01]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\Exts\Chrome.crx [2014-10-27]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BASrv; c:\ALLIED\BASNTSrv.exe [78848 2011-03-01] (Allied Information Networks) [File not signed]
R2 InterCom; C:\Program Files (x86)\CNS International\The InterCom System\Server\ICSvrNT.EXE [419328 2001-02-02] (CNS International) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\N360.exe [264360 2013-08-31] (Symantec Corporation)
R2 SQLANYs_Allied; C:\Program Files\SQL Anywhere 11\Bin32\dbsrv11.exe [141176 2011-04-01] (iAnywhere Solutions, Inc.)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.) [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) [File not signed]
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20130814.001\BHDrvx64.sys [1525336 2013-08-13] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1500010.003\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20130805.011\IDSVia64.sys [520280 2013-08-05] (Symantec Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [1980648 2010-10-04] (Realtek Semiconductor Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20130814.018\ENG64.SYS [126040 2013-08-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20130814.018\EX64.SYS [2100312 2013-08-14] (Symantec Corporation)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
R3 SRTSP; C:\Windows\system32\drivers\N360x64\1500010.003\SRTSP64.SYS [854616 2013-07-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1500010.003\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1500010.003\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1500010.003\SYMEFA64.SYS [1147480 2013-08-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1500010.003\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1500010.003\SYMNETS.SYS [590424 2013-07-30] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-27 16:19 - 2014-10-27 16:21 - 00000000 ____D () C:\FRST
2014-10-27 16:00 - 2014-10-27 16:00 - 00000197 _____ () C:\Windows\AlliedPlus.ini
2014-10-27 15:54 - 2014-10-27 15:54 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-10-27 15:49 - 2014-10-27 12:28 - 191629048 _____ (Symantec Corporation) C:\Users\dibollparts\Downloads\N360ESD2101EN.exe
2014-10-27 15:45 - 2014-10-27 15:45 - 00000134 _____ () C:\Users\dibollparts\Desktop\Internet Explorer Troubleshooting.url
2014-10-27 14:57 - 2014-10-27 14:57 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-10-27 14:57 - 2014-10-27 14:57 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-10-27 14:57 - 2014-10-27 14:57 - 00003204 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-10-27 14:57 - 2014-10-27 14:57 - 00002388 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-10-27 14:57 - 2014-10-27 14:57 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-10-27 14:56 - 2014-10-27 14:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-10-27 14:56 - 2014-10-27 14:56 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-10-27 14:56 - 2014-10-27 14:56 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-10-27 14:36 - 2014-10-27 14:36 - 00008560 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-10-27 14:36 - 2014-10-27 14:36 - 00008560 _____ () C:\Users\dibollparts\DECRYPT_INSTRUCTION.HTML
2014-10-27 14:36 - 2014-10-27 14:36 - 00008560 _____ () C:\Users\DECRYPT_INSTRUCTION.HTML
2014-10-27 14:36 - 2014-10-27 14:36 - 00008560 _____ () C:\DECRYPT_INSTRUCTION.HTML
2014-10-27 14:36 - 2014-10-27 14:36 - 00004220 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-10-27 14:36 - 2014-10-27 14:36 - 00004220 _____ () C:\Users\dibollparts\DECRYPT_INSTRUCTION.TXT
2014-10-27 14:36 - 2014-10-27 14:36 - 00004220 _____ () C:\Users\DECRYPT_INSTRUCTION.TXT
2014-10-27 14:36 - 2014-10-27 14:36 - 00004220 _____ () C:\DECRYPT_INSTRUCTION.TXT
2014-10-27 14:36 - 2014-10-27 14:36 - 00000280 _____ () C:\Users\Public\INSTALL_TOR.URL
2014-10-27 14:36 - 2014-10-27 14:36 - 00000280 _____ () C:\Users\Public\Documents\INSTALL_TOR.URL
2014-10-27 14:36 - 2014-10-27 14:36 - 00000280 _____ () C:\Users\INSTALL_TOR.URL
2014-10-27 14:36 - 2014-10-27 14:36 - 00000280 _____ () C:\Users\dibollparts\INSTALL_TOR.URL
2014-10-27 14:36 - 2014-10-27 14:36 - 00000280 _____ () C:\Users\dibollparts\Documents\INSTALL_TOR.URL
2014-10-27 14:36 - 2014-10-27 14:36 - 00000280 _____ () C:\INSTALL_TOR.URL
2014-10-27 14:34 - 2014-10-27 14:34 - 00008560 _____ () C:\Users\dibollparts\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-10-27 14:34 - 2014-10-27 14:34 - 00008560 _____ () C:\Users\dibollparts\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-10-27 14:34 - 2014-10-27 14:34 - 00008560 _____ () C:\Users\dibollparts\AppData\DECRYPT_INSTRUCTION.HTML
2014-10-27 14:34 - 2014-10-27 14:34 - 00008560 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-10-27 14:34 - 2014-10-27 14:34 - 00004220 _____ () C:\Users\dibollparts\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-10-27 14:34 - 2014-10-27 14:34 - 00004220 _____ () C:\Users\dibollparts\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-27 14:34 - 2014-10-27 14:34 - 00004220 _____ () C:\Users\dibollparts\AppData\DECRYPT_INSTRUCTION.TXT
2014-10-27 14:34 - 2014-10-27 14:34 - 00004220 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-10-27 14:34 - 2014-10-27 14:34 - 00000280 _____ () C:\Users\dibollparts\AppData\Roaming\INSTALL_TOR.URL
2014-10-27 14:34 - 2014-10-27 14:34 - 00000280 _____ () C:\Users\dibollparts\AppData\Local\INSTALL_TOR.URL
2014-10-27 14:34 - 2014-10-27 14:34 - 00000280 _____ () C:\Users\dibollparts\AppData\INSTALL_TOR.URL
2014-10-27 14:34 - 2014-10-27 14:34 - 00000280 _____ () C:\ProgramData\INSTALL_TOR.URL
2014-10-27 14:19 - 2014-10-27 14:19 - 00000000 ____D () C:\Program Files (x86)\QS
2014-10-27 13:59 - 2014-10-27 13:59 - 00000000 ____D () C:\Users\dibollparts\AppData\Roaming\TeamViewer
2014-10-27 13:55 - 2014-10-27 14:30 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp
2014-10-27 13:55 - 2014-10-27 13:55 - 18630862 _____ () C:\Users\dibollparts\AppData\Roaming\ChromeUpdate.exe
2014-10-27 13:55 - 2014-10-27 13:55 - 00000944 ____H () C:\ProgramData\@system2.att
2014-10-27 13:55 - 2014-10-27 13:55 - 00000448 ____H () C:\Users\dibollparts\AppData\Roaming\麽鎒駓覜
2014-10-27 11:02 - 2014-10-27 12:30 - 55915216 _____ (Microsoft Corporation) C:\Users\dibollparts\Downloads\IE11-Windows6.1-x64-en-us.exe
2014-10-24 16:45 - 2014-10-24 16:45 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-10-24 16:44 - 2014-10-27 13:55 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-24 16:44 - 2014-10-24 16:44 - 00070656 _____ () C:\Windows\system32\aruxedk.dll
2014-10-24 16:44 - 2014-10-24 16:44 - 00003860 _____ () C:\Windows\System32\Tasks\{734C9E29-0266-FD7D-84A4-5F80C8A3C3AF}
2014-10-24 16:44 - 2014-10-24 16:44 - 00000000 _____ () C:\Windows\system32\yfesna.dll
2014-10-23 15:43 - 2014-10-27 13:58 - 00000000 ____D () C:\Users\dibollparts\AppData\Local\CrashDumps
2014-10-23 15:41 - 2014-10-23 15:41 - 00000000 ____D () C:\NPE
2014-10-23 15:07 - 2014-10-23 16:24 - 00000000 ____D () C:\Users\dibollparts\AppData\Local\NPE
2014-10-23 14:42 - 2014-10-27 15:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-23 14:42 - 2014-10-24 08:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-23 14:42 - 2014-10-23 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-23 14:42 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-23 14:42 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-17 11:43 - 2014-10-21 16:16 - 00004078 _____ () C:\Windows\System32\Tasks\BOSS Extractor - Fasttrack
2014-10-17 10:36 - 2014-10-17 10:36 - 00000020 ___SH () C:\Users\allied\ntuser.ini
2014-10-17 10:36 - 2014-10-17 10:36 - 00000000 ____D () C:\Users\allied
2014-10-17 10:36 - 2014-02-14 14:29 - 00000000 ____D () C:\Users\allied\AppData\Local\Google
2014-10-17 10:36 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\allied\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-17 10:36 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\allied\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-16 08:37 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 08:37 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 08:37 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 08:37 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 08:37 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 08:37 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 08:37 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 08:37 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 08:37 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 08:37 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 08:32 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 08:32 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 08:32 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 08:32 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 08:32 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 08:32 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 08:32 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 08:32 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 08:32 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 08:32 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 08:32 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 08:32 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 08:32 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 08:32 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 08:32 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 08:32 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 08:32 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 08:32 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 08:32 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 08:32 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 08:31 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 08:31 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-01 08:23 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 08:23 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 11:39 - 2014-09-30 11:39 - 00000097 _____ () C:\Users\Public\Documents\SAH_Install.ini
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-27 16:17 - 2013-12-11 04:00 - 00018943 _____ () C:\Windows\IE11_main.log
2014-10-27 16:17 - 2013-09-30 10:06 - 01487129 _____ () C:\Windows\WindowsUpdate.log
2014-10-27 16:01 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-27 16:01 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-27 15:54 - 2013-09-30 16:33 - 00000000 ____D () C:\Users\dibollparts\Desktop\OpenOffice 4.0.0 (en-US) Installation Files
2014-10-27 15:53 - 2013-10-23 11:34 - 00000000 ____D () C:\Users\dibollparts\Documents\Symantec
2014-10-27 15:53 - 2013-09-30 10:18 - 00000000 ____D () C:\Users\Public\Documents\SQL Anywhere 11
2014-10-27 15:53 - 2013-09-30 10:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-27 15:48 - 2013-10-01 09:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-27 15:48 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-27 15:48 - 2009-07-13 23:51 - 00047288 _____ () C:\Windows\setupact.log
2014-10-27 15:16 - 2010-11-20 22:47 - 01556264 _____ () C:\Windows\PFRO.log
2014-10-27 15:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Vss
2014-10-27 14:56 - 2013-09-30 16:34 - 00000000 ____D () C:\ProgramData\Norton
2014-10-27 14:36 - 2014-03-04 12:15 - 00000000 ___RD () C:\Users\dibollparts\Google Drive
2014-10-27 14:36 - 2013-09-30 13:05 - 00000000 ____D () C:\Users\dibollparts\Desktop\CHAD'S
2014-10-27 14:36 - 2013-09-30 10:10 - 00000000 ____D () C:\Users\dibollparts
2014-10-27 14:34 - 2014-04-23 09:30 - 00000000 ____D () C:\Users\dibollparts\AppData\Local\HP
2014-10-27 14:34 - 2014-01-08 11:51 - 00000000 ____D () C:\Users\dibollparts\AppData\Local\AOL Mail Toolbar
2014-10-27 14:34 - 2014-01-08 11:51 - 00000000 ____D () C:\ProgramData\AOL Mail Toolbar
2014-10-27 14:34 - 2013-11-26 11:34 - 00000000 ____D () C:\Users\dibollparts\AppData\Roaming\PTC
2014-10-27 14:34 - 2013-10-01 09:05 - 00000000 ____D () C:\Users\dibollparts\AppData\Local\Google
2014-10-27 14:34 - 2013-10-01 08:55 - 00000000 ____D () C:\Users\dibollparts\AppData\Roaming\OpenOffice
2014-10-27 14:34 - 2013-09-30 12:46 - 00000000 ____D () C:\Users\dibollparts\AppData\Local\AOL
2014-10-27 14:34 - 2013-09-30 12:46 - 00000000 ____D () C:\ProgramData\AIM Toolbar
2014-10-27 14:34 - 2013-09-30 10:55 - 00000000 __HDC () C:\ProgramData\{4A5CBC98-7CD6-45EC-A87F-858CD28964FC}
2014-10-27 14:34 - 2013-09-30 10:23 - 00000000 ____D () C:\ALLIED
2014-10-27 14:34 - 2013-09-30 10:10 - 00000000 ____D () C:\Users\dibollparts\AppData\Roaming\Adobe
2014-10-27 14:34 - 2013-09-30 09:13 - 00000000 ____D () C:\ProgramData\Wave Systems Corp
2014-10-27 14:34 - 2013-09-30 09:11 - 00000000 ____D () C:\ProgramData\NTRU Cryptosystems
2014-10-27 14:34 - 2011-02-10 09:25 - 00000000 ____D () C:\dell
2014-10-27 14:25 - 2013-10-01 08:31 - 00000000 ____D () C:\Users\dibollparts\AppData\Roaming\SoftGrid Client
2014-10-27 14:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-27 14:24 - 2009-07-14 00:13 - 00816664 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-25 03:15 - 2013-09-30 10:57 - 00000302 _____ () C:\Windows\Tasks\AQS Uploader Updates.job
2014-10-24 16:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-10-24 13:24 - 2013-10-01 09:05 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-24 13:24 - 2013-10-01 09:05 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-24 13:24 - 2013-10-01 09:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-23 15:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\TAPI
2014-10-23 14:48 - 2014-03-05 16:27 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-23 14:42 - 2014-03-05 16:27 - 00000000 ____D () C:\Users\dibollparts\AppData\Roaming\Malwarebytes
2014-10-23 14:42 - 2014-03-05 16:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-23 14:42 - 2014-03-05 16:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-21 15:26 - 2013-09-30 10:13 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-10-21 10:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-20 18:12 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-20 13:14 - 2013-10-01 09:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-17 15:26 - 2013-09-30 10:19 - 00000000 ____D () C:\ProgramData\Sybase Central 6.0.0
2014-10-17 15:25 - 2013-09-30 10:46 - 00003343 _____ () C:\Users\dibollparts\.isqlPreferences11
2014-10-17 15:25 - 2013-09-30 10:46 - 00001609 _____ () C:\Users\dibollparts\.isqlHistory11
2014-10-17 11:18 - 2013-09-30 10:55 - 00000000 ____D () C:\Program Files (x86)\Allied
2014-10-17 10:22 - 2013-09-30 10:45 - 00000286 _____ () C:\Users\dibollparts\.jlogon11
2014-10-17 03:20 - 2009-07-13 23:45 - 00292552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 03:18 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 03:07 - 2013-10-01 09:05 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-01 11:11 - 2014-03-05 16:27 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 
Files to move or delete:
====================
C:\Users\dibollparts\g2ax_customer_downloadhelper_win32_x86.exe
 
 
Some content of TEMP:
====================
C:\Users\dibollparts\AppData\Local\Temp\cdo3149551479.dll
C:\Users\dibollparts\AppData\Local\Temp\cdo517159356.dll
C:\Users\dibollparts\AppData\Local\Temp\tv.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-20 18:05
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2014
Ran by dibollparts at 2014-10-27 16:21:31
Running from E:\
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 Premier Edition (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Disabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AIM for Windows (HKCU\...\AIM) (Version:  - AOL Inc.)
Allied B.O.S.S. (HKCU\...\Allied B.O.S.S.) (Version:  - )
AOL Mail Toolbar (HKLM-x32\...\AOL Mail Toolbar) (Version:  - AOL)
AOL Messaging Toolbar (HKLM-x32\...\AIM Toolbar) (Version:  - AOL Inc.)
AQS Uploader (HKLM-x32\...\AQS Uploader) (Version: 1.3.7 - Allied Information Networks)
AQS Uploader (x32 Version: 1.3.7 - Allied Information Networks) Hidden
Arbortext IsoView 7.1 (HKLM-x32\...\{08D9CAD3-48A1-4033-B794-82E97BE8E9CC}) (Version: 7.1.60.09 - PTC)
ASPCA Reminder by We-Care.com v4.1.22.1 (HKLM-x32\...\{DB9BF6DA-8030-4A21-9FF4-8856A7556FCF}) (Version: 4.1.22.1 - We-Care.com)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{75B8A55E-0762-4676-AAC0-6FDF025B034B}) (Version: 1.0.220 - Citrix)
Crystal Reports 8.5 Runtime (HKLM-x32\...\Crystal Reports 8.5 Runtime) (Version:  - )
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.1.00001.002 - Dell Inc.)
Dell Data Protection | Access (Version: 02.01.01.002 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 2.01.018 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 2.01.010 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
DellAccess (Version: 01.01.00.072 - Wave Systems Corp.) Hidden
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
EMBASSY Security Center (Version: 04.03.00.121 - Wave Systems Corp.) Hidden
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{D79A5962-7305-41B9-A39E-A98AB598F372}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.2.27.0 (HKLM-x32\...\{F109D156-577D-101B-A622-CF4351943AA4}) (Version: 1.2.27.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)
Intel® Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Version: 16.8.45.00 - Dell)
Intel® Network Connections 16.8.45.00 (Version: 16.8.45.00 - Dell) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.6137.5006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.0.1.3 - Symantec Corporation)
NTRU TCG Software Stack (Version: 2.1.36 - Security Innovation, Inc.) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
Preboot Manager (Version: 03.03.00.074 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.022 - Wave Systems Corp.) Hidden
QuickShare (HKLM-x32\...\{27609265-ABBE-4358-8299-0D16EE4EDA63}) (Version: 10.206.60.14326 - Linkury Inc.) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5883 - Realtek Semiconductor Corp.)
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
SQL Anywhere 11 (HKLM\...\{ECE263B0-6C8B-404C-B4AC-8FAB1C87AB4A}) (Version: 11.1.2584 - iAnywhere Solutions, Inc.)
Trusted Drive Manager (Version: 4.1.1.312 - Wave Systems Corp.) Hidden
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Wave Infrastructure Installer (Version: 07.67.17.0010 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.033 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1282170938-1678244530-1077303023-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
 
==================== Restore Points  =========================
 
27-10-2014 19:23:30 Windows Modules Installer
27-10-2014 21:15:02 Windows Modules Installer
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {36EA13E3-FFAC-4B4D-ABAB-23C554474125} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {385BF550-A574-408F-89AA-A8A6AC92006A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01] (Google Inc.)
Task: {49EB16AD-E67A-4CE1-9E66-2F47AD11BEE7} - System32\Tasks\BOSS AQS Uploader => C:\Program Files (x86)\Allied\AQS Uploader\BOSS\AQS Uploader.exe [2012-10-02] (Microsoft)
Task: {570C15D2-EA18-499F-9279-30D283588259} - System32\Tasks\Boss Daily backup - Local => C:\Program Files\SQL Anywhere 11\Bin32\dbbackup.exe [2011-04-01] (iAnywhere Solutions, Inc.)
Task: {6B6D46CB-234C-450F-B3A3-73C0133CCDF7} - System32\Tasks\{734C9E29-0266-FD7D-84A4-5F80C8A3C3AF} => C:\Windows\system32\aruxedk.dll [2014-10-24] ()
Task: {73DB406F-F52A-429C-AFE9-A852A093B3AB} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {9B54BD8C-6716-43BC-9B3A-4379D2A14F8C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01] (Google Inc.)
Task: {B87D7A83-A4FC-4C67-A118-FB1ED7D65CC5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-30] (Adobe Systems Incorporated)
Task: {D302926F-7B5D-4650-83AE-C50D0DA5D804} - System32\Tasks\BOSS Extractor - Fasttrack => C:\Program Files (x86)\Allied\BOSS Extractor\BOSSExtractor.exe [2014-10-17] ()
Task: {ECA7BED0-B9D2-42C5-AA66-B17F181F9E04} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\WSCStub.exe [2013-08-31] (Symantec Corporation)
Task: {FF4645E6-387A-4470-A31F-895A074035EF} - System32\Tasks\AQS Uploader Updates => C:\Windows\Installer\AQS Uploader Updates for All Users.lnk [2013-09-30] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AQS Uploader Updates.job => ?
Task: C:\Windows\Tasks\BOSS AQS Upload.job => C:\Program Files (x86)\Allied\AQS Uploader\BOSS\AQS Uploader.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-25 19:47 - 2011-06-10 13:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-27 13:55 - 2014-10-27 13:55 - 18630862 _____ () C:\Users\dibollparts\AppData\Roaming\ChromeUpdate.exe
2014-10-17 03:06 - 2014-10-09 21:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-17 03:06 - 2014-10-09 21:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-17 03:06 - 2014-10-09 21:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-17 03:06 - 2014-10-09 21:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
2014-10-17 03:25 - 2014-10-17 03:25 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2013-09-30 10:08 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1282170938-1678244530-1077303023-500 - Administrator - Disabled)
allied (S-1-5-21-1282170938-1678244530-1077303023-1001 - Administrator - Enabled) => C:\Users\allied
dibollparts (S-1-5-21-1282170938-1678244530-1077303023-1000 - Administrator - Enabled) => C:\Users\dibollparts
Guest (S-1-5-21-1282170938-1678244530-1077303023-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/27/2014 03:58:26 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (10/27/2014 03:49:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/27/2014 03:18:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/27/2014 03:14:15 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (10/27/2014 03:05:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/27/2014 02:53:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/27/2014 02:38:26 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (10/27/2014 02:30:20 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (10/27/2014 02:30:20 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (10/27/2014 02:30:20 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
 
System errors:
=============
Error: (10/27/2014 03:49:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/27/2014 03:48:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services service which failed to start because of the following error: 
%%0
 
Error: (10/27/2014 03:35:39 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084TdmService{2F723A84-FD6F-4C32-9477-391FA6EA0BB6}
 
Error: (10/27/2014 03:21:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (10/27/2014 03:17:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/27/2014 03:17:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (10/27/2014 03:17:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (10/27/2014 03:17:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (10/27/2014 03:17:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (10/27/2014 03:17:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (10/27/2014 03:58:26 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (10/27/2014 03:49:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/27/2014 03:18:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/27/2014 03:14:15 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (10/27/2014 03:05:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/27/2014 02:53:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/27/2014 02:38:26 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (10/27/2014 02:30:20 PM) (Source: VSS) (EventID: 22) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (10/27/2014 02:30:20 PM) (Source: VSS) (EventID: 22) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (10/27/2014 02:30:20 PM) (Source: VSS) (EventID: 22) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 46%
Total physical RAM: 8072.93 MB
Available physical RAM: 4353.84 MB
Total Pagefile: 16144.05 MB
Available Pagefile: 11616.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:930.74 GB) (Free:874.59 GB) NTFS
Drive e: (Lexar) (Removable) (Total:29.81 GB) (Free:29.11 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 6F796CAD)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 29.8 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

 

 

Link to post
Share on other sites

Hello apac and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall the following programs:

Download Updater (AOL Inc.)

QuickShare

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Threat Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • FRST log

fixlist.txt

Link to post
Share on other sites

Hello Borislav thank you for your assistance. I have pasted both logs below. Thank you.

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 10/29/2014

Scan Time: 5:26:20 PM

Logfile: mbam log.txt

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.10.29.08

Rootkit Database: v2014.10.22.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Enabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: dibollparts

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 344924

Time Elapsed: 4 min, 29 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-10-2014 01

Ran by dibollparts at 2014-10-29 17:35:41 Run:1

Running from C:\Users\dibollparts\Downloads

Loaded Profile: dibollparts (Available profiles: dibollparts & allied)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

CustomCLSID: HKU\S-1-5-21-1282170938-1678244530-1077303023-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...\Run: [2632168996] => C:\Users\dibollparts\AppData\Roaming\msdjish.exe [500736 2013-08-28] (Allied Information Networks)

HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

CHR HomePage: Default -> hxxp://feed.helperbar.com/?publisher=QuickOC&dpid=QuickOC&co=US&userid=31da0563-16f4-962b-8a50-c0cc2233bdff&searchtype=hp&installDate=03/10/2013

2014-10-27 13:55 - 2014-10-27 14:30 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp

2014-10-27 13:55 - 2014-10-27 13:55 - 18630862 _____ () C:\Users\dibollparts\AppData\Roaming\ChromeUpdate.exe

2014-10-27 13:55 - 2014-10-27 13:55 - 00000944 ____H () C:\ProgramData\@system2.att

2014-10-27 13:55 - 2014-10-27 13:55 - 00000448 ____H () C:\Users\dibollparts\AppData\Roaming\麽鎒駓覜

2014-10-24 16:45 - 2014-10-24 16:45 - 00000028 _____ () C:\Windows\SysWOW64\u

2014-10-24 16:44 - 2014-10-27 13:55 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage

2014-10-24 16:44 - 2014-10-24 16:44 - 00070656 _____ () C:\Windows\system32\aruxedk.dll

2014-10-24 16:44 - 2014-10-24 16:44 - 00003860 _____ () C:\Windows\System32\Tasks\{734C9E29-0266-FD7D-84A4-5F80C8A3C3AF}

2014-10-24 16:44 - 2014-10-24 16:44 - 00000000 _____ () C:\Windows\system32\yfesna.dll

C:\Users\dibollparts\AppData\Local\Temp\cdo3149551479.dll

C:\Users\dibollparts\AppData\Local\Temp\cdo517159356.dll

End

*****************

 

"HKU\S-1-5-21-1282170938-1678244530-1077303023-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key Deleted Successfully.

HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\Software\Microsoft\Windows\CurrentVersion\Run\\2632168996 => value deleted successfully.

"HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found.

"HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.

"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.

Chrome HomePage deleted successfully.

C:\ProgramData\wrnhoah.tmp => Moved successfully.

Could not move "C:\Users\dibollparts\AppData\Roaming\ChromeUpdate.exe" => Scheduled to move on reboot.

C:\ProgramData\@system2.att => Moved successfully.

C:\Users\dibollparts\AppData\Roaming\麽鎒駓覜 => Moved successfully.

C:\Windows\SysWOW64\u => Moved successfully.

C:\ProgramData\Windows Genuine Advantage => Moved successfully.

C:\Windows\system32\aruxedk.dll => Moved successfully.

C:\Windows\System32\Tasks\{734C9E29-0266-FD7D-84A4-5F80C8A3C3AF} => Moved successfully.

Could not move "C:\Windows\system32\yfesna.dll" => Scheduled to move on reboot.

"C:\Users\dibollparts\AppData\Local\Temp\cdo3149551479.dll" => File/Directory not found.

"C:\Users\dibollparts\AppData\Local\Temp\cdo517159356.dll" => File/Directory not found.

 

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-29 17:37:00)<=

 

C:\Users\dibollparts\AppData\Roaming\ChromeUpdate.exe => Is moved successfully.

C:\Windows\system32\yfesna.dll => Is moved successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

Well done! :)

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

  • 2 weeks later...
I apologize for the delay in replying. below is the combofix log.

 

 

ComboFix 14-11-10.02 - dibollparts 11/10/2014  12:22:10.1.8 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8073.6130 [GMT -6:00]

Running from: c:\users\dibollparts\Desktop\combofix.exe

AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

SP: Norton 360 *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\dibollparts\g2ax_customer_downloadhelper_win32_x86.exe

.

.

(((((((((((((((((((((((((   Files Created from 2014-10-10 to 2014-11-10  )))))))))))))))))))))))))))))))

.

.

2014-11-10 18:26 . 2014-11-10 18:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-11-03 20:46 . 2014-09-25 22:50 13619200 ----a-w- c:\windows\system32\ieframe.dll

2014-10-30 13:57 . 2014-10-30 13:57 -------- d-----w- c:\users\dibollparts\AppData\Roaming\OfficeRecovery

2014-10-29 22:18 . 2014-10-29 22:18 -------- d-----w- C:\MATS

2014-10-29 22:08 . 2014-10-29 22:08 -------- d-----w- c:\windows\system32\appmgmt

2014-10-29 16:10 . 2014-10-29 16:10 -------- d-----w- c:\programdata\Microsoft Help

2014-10-29 16:10 . 2014-10-29 16:10 -------- d-----w- c:\users\dibollparts\AppData\Local\Microsoft Help

2014-10-27 21:19 . 2014-10-29 22:37 -------- d-----w- C:\FRST

2014-10-27 19:57 . 2014-10-27 19:57 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2014-10-27 19:57 . 2014-10-27 19:57 -------- d-----w- c:\program files\Common Files\Symantec Shared

2014-10-27 19:56 . 2014-10-27 21:30 -------- d-----w- c:\windows\system32\drivers\N360x64

2014-10-27 19:56 . 2014-10-27 19:56 -------- d-----w- c:\program files (x86)\Norton 360

2014-10-27 19:56 . 2014-10-27 19:56 -------- d-----w- c:\program files (x86)\NortonInstaller

2014-10-27 19:19 . 2014-10-27 19:19 -------- d-----w- c:\program files (x86)\QS

2014-10-27 18:59 . 2014-10-27 18:59 -------- d-----w- c:\users\dibollparts\AppData\Roaming\TeamViewer

2014-10-23 20:43 . 2014-10-29 22:21 -------- d-----w- c:\users\dibollparts\AppData\Local\CrashDumps

2014-10-23 20:41 . 2014-10-27 21:32 -------- d-----w- C:\NPE

2014-10-23 20:07 . 2014-10-27 21:45 -------- d-----w- c:\users\dibollparts\AppData\Local\NPE

2014-10-23 19:42 . 2014-11-10 16:55 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-10-23 19:42 . 2014-11-07 17:08 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware

2014-10-23 19:42 . 2014-10-29 22:24 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-10-23 19:42 . 2014-10-01 16:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-10-17 15:36 . 2014-10-27 21:44 -------- d-----w- c:\users\allied

2014-10-16 13:37 . 2014-09-29 00:58 3198976 ----a-w- c:\windows\system32\win32k.sys

2014-10-16 13:37 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll

2014-10-16 13:37 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll

2014-10-16 13:37 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll

2014-10-16 13:37 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll

2014-10-16 13:37 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll

2014-10-16 13:37 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll

2014-10-16 13:37 . 2014-10-10 02:05 276480 ----a-w- c:\windows\system32\generaltel.dll

2014-10-16 13:37 . 2014-10-10 02:05 507392 ----a-w- c:\windows\system32\aepdu.dll

2014-10-16 13:37 . 2014-10-10 02:00 424448 ----a-w- c:\windows\system32\aeinv.dll

2014-10-16 13:31 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll

2014-10-16 13:31 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-10-01 16:11 . 2014-03-05 21:27 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-09-25 02:08 . 2014-10-01 13:23 371712 ----a-w- c:\windows\system32\qdvd.dll

2014-09-25 01:40 . 2014-10-01 13:23 519680 ----a-w- c:\windows\SysWow64\qdvd.dll

2014-09-09 22:11 . 2014-09-24 13:14 2048 ----a-w- c:\windows\system32\tzres.dll

2014-09-09 21:47 . 2014-09-24 13:14 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2014-08-23 02:07 . 2014-08-28 13:09 404480 ----a-w- c:\windows\system32\gdi32.dll

2014-08-23 01:45 . 2014-08-28 13:09 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-10-01 39408]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-10-21 22869088]

"GoogleChromeAutoLaunch_42633E726CDEF9E0918FA6A3B75ACBF2"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-10-22 854344]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]

"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2012-04-17 112408]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"TaskbarNoNotification"= 0 (0x0)

"HideSCAHealth"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"TaskbarNoNotification"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"TaskbarNoNotification"= 0 (0x0)

"HideSCAHealth"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]

R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20141030.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [x]

S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20141107.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20141107.001\IDSvia64.sys [x]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]

S2 BASrv;BASrv;c:\allied\BASNTSrv.exe;c:\allied\BASNTSrv.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]

S2 InterCom;InterCom;c:\program files (x86)\CNS International\The InterCom System\Server\ICSvrNT.EXE;c:\program files (x86)\CNS International\The InterCom System\Server\ICSvrNT.EXE [x]

S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]

S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 SQLANYs_Allied;SQL Anywhere - Allied;c:\program files\SQL Anywhere 11\Bin32\dbsrv11.exe;c:\program files\SQL Anywhere 11\Bin32\dbsrv11.exe [x]

S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfswin7.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaywin7.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirwin7.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvolwin7.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-10-28 18:25 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-30 15:06]

.

2014-11-04 c:\windows\Tasks\AQS Uploader Updates.job

- c:\windows\Installer\AQS Uploader Updates for All Users.lnk [2013-09-30 15:55]

.

2013-09-30 c:\windows\Tasks\BOSS AQS Upload.job

- c:\program files (x86)\Allied\AQS Uploader\BOSS\AQS Uploader.exe [2012-10-02 14:46]

.

2014-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01 14:05]

.

2014-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01 14:05]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl64.exe" [2010-10-04 2907240]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]

"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-BASNT - c:\allied\BASNT.EXE

Wow6432Node-HKCU-Run-ShopAtHomeWatcher - c:\users\dibollparts\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe

Wow6432Node-HKCU-Run-ShopAtHomeUpdater - c:\users\dibollparts\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe

Wow6432Node-HKCU-Run-ChromeUpdate - c:\users\dibollparts\AppData\Roaming\ChromeUpdate.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"

"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"

"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.6.0.32;c:\program files (x86)\Norton 360\Engine64\21.6.0.32"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2014-11-10  12:42:32 - machine was rebooted

ComboFix-quarantined-files.txt  2014-11-10 18:42

.

Pre-Run: 942,592,593,920 bytes free

Post-Run: 941,881,896,960 bytes free

.

- - End Of File - - 45D2371B562F0C232A14F80B2352E422
Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Here are the results of the ESETScan.

 

C:\FRST\Quarantine\C\Users\dibollparts\AppData\Roaming\ChromeUpdate.exe.xBAD a variant of Win32/Kryptik.CPHG trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Windows\system32\aruxedk.dll.xBAD Win64/TrojanDownloader.Cerabit.A trojan cleaned by deleting - quarantined

Link to post
Share on other sites

That's great! :)

Last steps:

Step 1

  • Download OTL to your desktop and run it.
  • Click on CleanUp button.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2

Please uninstall ESET Online Scanner .

Step 3

Some malware prevention tips:

https://forums.malwarebytes.org/index.php?/topic/81386-so-how-did-i-get-infected-in-the-first-place/

Safe surfing! :)

Link to post
Share on other sites

  • 3 months later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.