Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Adware Running Amok [Solved]


  • This topic is locked This topic is locked
17 replies to this topic

#1 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 24 August 2014 - 06:42 PM

Every click in a browser launches adware. Please help. Thanks.

 

.
DDS (Ver_11-03-05.01) - NTFS_AMD64  
Run by SRE Lab at 17:36:43.29 on Sun 08/24/2014
Internet Explorer: 9.11.9600.17207 BrowserJavaVersion: 10.7.2
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4001.1183 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\mfevtps.exe
C:\Program Files\pcmax\pcmax.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\48A0C3FC-2898-45E4-B2B9-147D27D29D45\hmhfslexky64.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\Program Files\003\xmkysecqun64.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\SysWOW64\rundll32.exe
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Zune\zune.exe
C:\Users\SRE Lab\AppData\Roaming\Spotify\spotify.exe
C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\windows\system32\calc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\SRE Lab\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
mStart Page = about:blank
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Click to Call for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: SupraSavings: {ca3eae2b-3b20-2e6f-a849-c126d93b6ad3} - C:\Program Files\48A0C3FC-2898-45E4-B2B9-147D27D29D45\xkymsyyrfh.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [Spotify Web Helper] "C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\SRE Lab\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [pcreg] C:\Program Files\pcmax\service.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [pcreg] C:\Program Files\pcmax\service.exe
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: DatamngrCoordinator.exe - tasklist.exe
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
BHO-X64:     SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64:     URLRedirectionBHO - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
mRun-x64: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
mRun-x64: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
mRun-x64: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
mRun-x64: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
mRun-x64: [pcreg] C:\Program Files\pcmax\service.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64:  C:\PROGRA~3\WinSpeed\WINSPE~1.DLL
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
IFEO-X64: DatamngrCoordinator.exe - tasklist.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\SRELAB~1\AppData\Roaming\Mozilla\Firefox\Profiles\pm2k21sz.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://websearch.calcitapp.info/
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017319.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\Windows\System32\drivers\fbfmon.sys [2012-3-5 57952]
R0 LHDmgr;LHDmgr;C:\Windows\System32\drivers\LhdX64.sys [2012-3-5 39008]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2014-6-20 786296]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2014-6-20 348552]
R1 BPntDrv;BPntDrv;C:\Windows\System32\drivers\BPntDrv.sys [2012-3-5 13408]
R1 netfilter64;netfilter64;C:\Windows\System32\drivers\netfilter64.sys [2014-7-17 46376]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-5-8 65432]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-15 1166848]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 CltMngSvc;Search Protect Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2014-6-10 2723648]
R2 HomeNetSvc;McAfee Home Network;"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [2014-8-23 328928]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [2014-8-23 328928]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2014-8-23 178528]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [2014-8-23 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [2014-8-23 328928]
R2 mcpltsvc;McAfee Platform Services;"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [2014-8-23 328928]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [2014-8-23 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2014-8-23 1041192]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2014-8-23 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2014-8-23 189912]
R2 pcmaxservice;pcmaxservice Service;C:\Program Files\pcmax\pcmax.exe [2014-5-29 241344]
R2 SupraSavingsService64;SupraSavingsService64;C:\Program Files (x86)\48A0C3FC-2898-45E4-B2B9-147D27D29D45\hmhfslexky64.exe [2014-7-17 172544]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-5 2655768]
R2 xmkysecqun64;xmkysecqun64;C:\Program Files\003\xmkysecqun64.exe run options=01110010030000000000000000000000 sourceguid=48A0C3FC-2898-45E4-B2B9-147D27D29D45 --> C:\Program Files\003\xmkysecqun64.exe run options=01110010030000000000000000000000 sourceguid=48A0C3FC-2898-45E4-B2B9-147D27D29D45 [?]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-1-17 245760]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2014-6-20 72128]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-12-4 31088]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-11-2 317440]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\System32\drivers\HECIx64.sys [2010-10-19 56344]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2014-6-20 313544]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2014-6-20 523792]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-7-24 444720]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2011-9-17 8604672]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 rtsuvc;Lenovo EasyCamera;C:\Windows\System32\drivers\rtsuvc.sys [2012-3-5 8200552]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-11-30 42392]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]
S2 0281741408842900mcinstcleanup;McAfee Application Installer Cleanup (0281741408842900);C:\windows\TEMP\028174~1.EXE -cleanup -nolog --> C:\windows\TEMP\028174~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 f1f78e38;WinSpeed;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-5 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-3 262320]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2012-3-5 349224]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-3-5 39464]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-5 136176]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-8-23 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-9 111616]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-7-24 96592]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 50942144]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-16 119408]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-9-15 340240]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2012-3-5 332272]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2012-3-5 313960]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-11 1255736]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S3 wsvd;wsvd;C:\Windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-08-23 22:10:59 197704 ----a-w- C:\windows\System32\drivers\HipShieldK.sys
2014-08-23 22:10:12 -------- d-----w- C:\Program Files (x86)\McAfee.com
2014-08-23 22:09:54 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2014-08-23 22:08:34 -------- d-----w- C:\Program Files\McAfee.com
2014-08-23 22:08:33 -------- d-----w- C:\Program Files\McAfee
2014-08-23 21:56:39 -------- d-----w- C:\Quarantine
2014-08-23 21:56:20 -------- d-----w- C:\Program Files\stinger
2014-08-23 21:55:43 189912 ----a-w- C:\windows\System32\mfevtps.exe
2014-08-23 21:55:41 -------- d-----w- C:\Program Files\Common Files\McAfee
2014-08-23 21:35:14 -------- d-----w- C:\Program Files (x86)\COolSaaleCouipoN
2014-08-22 18:08:29 11319192 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{446789BA-671F-4C1D-9ABD-40BBDD460A7F}\mpengine.dll
2014-08-18 03:40:16 -------- d-----w- C:\Program Files\SupraSavings
2014-08-16 20:32:06 -------- d-----w- C:\PROGRA~3\f4ebfd6d8c1ca983
2014-08-16 20:32:01 -------- d-----w- C:\Users\SRELAB~1\AppData\Local\Packages
2014-08-16 20:31:54 -------- d-----w- C:\PROGRA~3\COolSaaleCouipoN
2014-08-16 05:09:31 300920 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\LocalCopy\{6A9C110E-84DD-428E-9DA0-F050D314875F}-setup.exe
2014-08-16 05:07:56 300920 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\LocalCopy\{5DF68AF8-72DA-495D-B959-7F45DB0FDE86}-setup.exe
2014-08-16 05:00:30 -------- d-----w- C:\PROGRA~3\WinSpeed
2014-08-12 23:00:10 4575232 ----a-w- C:\windows\SysWow64\GPhotos.scr
2014-08-02 19:41:29 2620928 ----a-w- C:\windows\System32\wucltux.dll
2014-08-02 19:41:06 97792 ----a-w- C:\windows\System32\wudriver.dll
2014-08-02 19:41:06 92672 ----a-w- C:\windows\SysWow64\wudriver.dll
2014-08-02 19:40:43 36864 ----a-w- C:\windows\System32\wuapp.exe
2014-08-02 19:40:43 33792 ----a-w- C:\windows\SysWow64\wuapp.exe
2014-08-02 19:40:43 198600 ----a-w- C:\windows\System32\wuwebv.dll
2014-08-02 19:40:43 179656 ----a-w- C:\windows\SysWow64\wuwebv.dll
.
==================== Find3M  ====================
.
2014-08-05 16:20:00 270496 ------w- C:\windows\System32\MpSigStub.exe
2014-07-24 21:33:10 11336 ----a-w- C:\windows\System32\drivers\mfeclnrk.sys
2014-07-24 21:32:30 96592 ----a-w- C:\windows\System32\drivers\mfencrk.sys
2014-07-24 21:31:56 444720 ----a-w- C:\windows\System32\drivers\mfencbdc.sys
2014-07-17 18:20:10 46376 ----a-w- C:\windows\System32\drivers\netfilter64.sys
2014-07-11 22:22:30 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-11 22:22:30 699056 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-06-20 17:38:22 72128 ----a-w- C:\windows\System32\drivers\cfwids.sys
2014-06-20 17:31:06 348552 ----a-w- C:\windows\System32\drivers\mfewfpk.sys
2014-06-20 17:26:02 786296 ----a-w- C:\windows\System32\drivers\mfehidk.sys
2014-06-20 17:23:40 523792 ----a-w- C:\windows\System32\drivers\mfefirek.sys
2014-06-20 17:21:48 313544 ----a-w- C:\windows\System32\drivers\mfeavfk.sys
2014-06-20 17:20:54 181704 ----a-w- C:\windows\System32\drivers\mfeapfk.sys
2014-06-19 01:06:55 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\windows\SysWow64\wininet.dll
2014-06-18 02:18:30 692736 ----a-w- C:\windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\windows\System32\win32k.sys
2014-06-06 10:10:34 624128 ----a-w- C:\windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-05-30 08:08:52 210944 ----a-w- C:\windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\windows\System32\drivers\afd.sys
.
============= FINISH: 17:40:20.28 ===============
 

    Advertisements

Register to Remove


#2 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 25 August 2014 - 02:13 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

 

Please upload the attach.txt by DDS as well.


Proud Member of UNITE & TB
 

#3 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 26 August 2014 - 01:06 AM

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-08-26 00:01:15
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.JE3Z 465.76GB
Running: ugez3vv1.exe; Driver: C:\Users\SRELAB~1\AppData\Local\Temp\uwdiqpod.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread   C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3640:3700]                                                 0000000076ec7587
Thread   C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3640:3712]                                                 0000000073737712
Thread   C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3640:3744]                                                 00000000779b2e65
Thread   C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3640:3984]                                                 00000000779b3e85
Thread   C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3640:8876]                                                 00000000779b3e85
Thread   C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3640:8568]                                                 00000000779b3e85
---- Processes - GMER 2.1 ----
 
Library  C:\PROGRA~3\WinSpeed\WINSPE~1.DLL (*** suspicious ***) @ C:\windows\system32\rundll32.exe [2824](2014-08-16 05:00:30)  000007fef7010000
 
---- Registry - GMER 2.1 ----
 
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13                                            
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6427378abad6                                            
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)                        
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6427378abad6 (not active ControlSet)                        
 
---- EOF - GMER 2.1 ----
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 6/19/2012 10:59:08 AM
System Uptime: 8/24/2014 10:26:40 AM (7 hours ago)
.
Motherboard: LENOVO                           |  | KL6                             
Processor: Intel® Celeron® CPU B800 @ 1.50GHz | CPU | 1500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 420 GiB total, 15.842 GiB free.
D: is FIXED (NTFS) - 30 GiB total, 27.588 GiB free.
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP192: 7/22/2014 9:42:22 PM - Windows Update
RP193: 7/24/2014 10:02:08 AM - Windows Update
RP194: 7/29/2014 2:05:59 PM - Windows Update
RP195: 8/2/2014 12:40:15 PM - Windows Update
RP196: 8/9/2014 9:03:58 PM - Windows Update
RP197: 8/14/2014 1:02:13 PM - Windows Update
RP198: 8/19/2014 6:48:36 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader X (10.1.11)
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Software Update
Audacity 2.0.3
Brother MFL-Pro Suite MFC-7820N
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.10
Canon Utilities EOS Sample Music
Canon Utilities EOS Utility
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
Canon Utilities Movie Uploader for YouTube
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
D3DX10
Energy Management
Google Chrome
Google Toolbar for Internet Explorer
GraphCalc v4.0.1
HL-4150CDN
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® Wireless Display
Java 7 Update 7
Java Auto Updater
Junk Mail filter update
Lenovo EasyCamera
Lenovo Games Console
Lenovo MuteSync
Lenovo OneKey Recovery
Lenovo YouCam
McAfee SecurityCenter
Mesh Runtime
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Onekey Theater
ooVoo
Picasa 3
Power2Go
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Skype Click to Call
Skype™ 6.18
Spotify
UserGuide
VeriFace
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinSpeed
.
==== Event Viewer Messages From Past Week ========
.
8/24/2014 5:27:36 PM, Error: ACPI [13]  - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
8/23/2014 6:14:41 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/23/2014 6:13:26 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the WinSpeed service to connect.
8/23/2014 5:51:36 PM, Error: Service Control Manager [7034]  - The WinSpeed service terminated unexpectedly.  It has done this 1 time(s).
8/23/2014 3:09:03 PM, Error: Service Control Manager [7003]  - The McAfee Proxy Service service depends the following service: MfeFire. This service might not be installed.
8/20/2014 2:20:45 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
.
==== End Of File ===========================
 


#4 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 27 August 2014 - 02:22 AM

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:

    oovoo
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 

#5 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 30 August 2014 - 08:31 AM

Hi Marius,

 

Please keep this case open. For some reason, I'm not being notified any longer when there is a new post to my cases. I'll tackle this as soon as I'm back home.

 

Thanks.



#6 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 30 August 2014 - 02:12 PM

ComboFix 14-08-29.03 - SRE Lab 08/30/2014  12:03:34.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4001.1529 [GMT -7:00]
Running from: c:\users\SRE Lab\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\374311380
c:\programdata\Roaming
c:\users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpkilkheacbboffppjgceiplijhfpd
c:\users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpkilkheacbboffppjgceiplijhfpd\243\aCr9rz9S.js
c:\users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpkilkheacbboffppjgceiplijhfpd\243\background.html
c:\users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpkilkheacbboffppjgceiplijhfpd\243\content.js
c:\users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpkilkheacbboffppjgceiplijhfpd\243\lsdb.js
c:\users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgdpkilkheacbboffppjgceiplijhfpd\243\manifest.json
c:\users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bgdpkilkheacbboffppjgceiplijhfpd_0.localstorage-journal
c:\users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bgdpkilkheacbboffppjgceiplijhfpd_0.localstorage
c:\users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\SRE Lab\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F977C27B-D6B6-419B-B97F-7CB3D8C9B28C}.xps
c:\users\SRE Lab\AppData\Roaming\Mozilla\Firefox\Profiles\pm2k21sz.default\extensions\lgswklaq@cbht-.co.uk
c:\users\SRE Lab\AppData\Roaming\Mozilla\Firefox\Profiles\pm2k21sz.default\extensions\lgswklaq@cbht-.co.uk\bootstrap.js
c:\users\SRE Lab\AppData\Roaming\Mozilla\Firefox\Profiles\pm2k21sz.default\extensions\lgswklaq@cbht-.co.uk\chrome.manifest
c:\users\SRE Lab\AppData\Roaming\Mozilla\Firefox\Profiles\pm2k21sz.default\extensions\lgswklaq@cbht-.co.uk\content\bg.js
c:\users\SRE Lab\AppData\Roaming\Mozilla\Firefox\Profiles\pm2k21sz.default\extensions\lgswklaq@cbht-.co.uk\install.rdf
c:\users\SRE Lab\Documents\~WRL3342.tmp
c:\windows\s.bat
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_CltMngSvc
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-28 to 2014-08-30  )))))))))))))))))))))))))))))))
.
.
2014-08-30 19:13 . 2014-08-30 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-30 18:45 . 2014-08-30 18:45 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-08-27 19:54 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-27 19:54 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-27 19:54 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-25 16:27 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-25 16:27 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-25 16:27 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-25 16:27 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-25 16:27 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-25 16:27 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-25 16:27 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-25 16:27 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-23 22:10 . 2013-09-23 20:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2014-08-23 22:10 . 2014-08-23 22:10 -------- d-----w- c:\program files (x86)\McAfee.com
2014-08-23 22:09 . 2014-08-23 22:10 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2014-08-23 22:08 . 2014-08-23 22:11 -------- d-----w- c:\program files\McAfee
2014-08-23 21:56 . 2014-08-23 21:56 -------- d-----w- C:\Quarantine
2014-08-23 21:56 . 2014-08-23 21:59 -------- d-----w- c:\program files\stinger
2014-08-23 21:55 . 2014-06-20 17:30 189912 ----a-w- c:\windows\system32\mfevtps.exe
2014-08-23 21:55 . 2014-08-23 22:11 -------- d-----w- c:\program files\Common Files\McAfee
2014-08-23 21:35 . 2014-08-23 21:35 -------- d-----w- c:\program files (x86)\COolSaaleCouipoN
2014-08-22 18:08 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{446789BA-671F-4C1D-9ABD-40BBDD460A7F}\mpengine.dll
2014-08-18 03:43 . 2014-08-18 03:43 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-08-18 03:40 . 2014-08-30 18:37 -------- d-----w- c:\program files\SupraSavings
2014-08-16 20:32 . 2014-08-23 21:35 -------- d-----w- c:\programdata\f4ebfd6d8c1ca983
2014-08-16 20:32 . 2014-08-16 20:32 -------- d-----w- c:\users\SRE Lab\AppData\Local\Packages
2014-08-16 20:31 . 2014-08-24 01:12 -------- d-----w- c:\programdata\COolSaaleCouipoN
2014-08-16 20:18 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-16 20:18 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-16 05:09 . 2014-08-16 05:09 300920 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{6A9C110E-84DD-428E-9DA0-F050D314875F}-setup.exe
2014-08-16 05:07 . 2014-08-16 05:07 300920 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{5DF68AF8-72DA-495D-B959-7F45DB0FDE86}-setup.exe
2014-08-16 05:00 . 2014-08-24 00:52 -------- d-----w- c:\programdata\WinSpeed
2014-08-14 20:07 . 2014-06-03 10:02 3241984 ----a-w- c:\windows\system32\msi.dll
2014-08-14 20:07 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\SysWow64\msi.dll
2014-08-14 20:07 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2014-08-14 20:07 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2014-08-14 20:07 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll
2014-08-14 20:07 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-08-14 20:07 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2014-08-14 20:05 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-14 20:05 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-12 23:00 . 2014-08-12 23:00 4575232 ----a-w- c:\windows\SysWow64\GPhotos.scr
2014-08-02 19:41 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-02 19:41 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-02 19:41 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-02 19:41 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-02 19:41 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-02 19:41 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-02 19:41 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-02 19:41 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-02 19:41 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-02 19:41 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-02 19:40 . 2014-05-14 16:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-02 19:40 . 2014-05-14 16:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-02 19:40 . 2014-05-14 16:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-02 19:40 . 2014-05-14 16:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-29 17:45 . 2010-06-24 11:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-25 16:40 . 2012-09-08 20:42 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-05 16:20 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-24 21:33 . 2014-07-24 21:33 11336 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2014-07-24 21:32 . 2014-07-24 21:32 96592 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2014-07-24 21:31 . 2014-07-24 21:31 444720 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2014-07-17 18:20 . 2014-07-17 18:20 46376 ----a-w- c:\windows\system32\drivers\netfilter64.sys
2014-07-11 22:22 . 2012-10-03 20:49 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-11 22:22 . 2012-10-03 20:49 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-20 17:38 . 2014-06-20 17:38 72128 ----a-w- c:\windows\system32\drivers\cfwids.sys
2014-06-20 17:31 . 2014-06-20 17:31 348552 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2014-06-20 17:26 . 2014-06-20 17:26 786296 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-06-20 17:23 . 2014-06-20 17:23 523792 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2014-06-20 17:21 . 2014-06-20 17:21 313544 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2014-06-20 17:20 . 2014-06-20 17:20 181704 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2014-06-18 02:18 . 2014-07-10 06:22 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-10 06:22 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-10 06:22 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-10 06:22 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-10 06:21 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-10 06:21 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-10 06:21 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2012-03-05 13:32 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ca3eae2b-3b20-2e6f-a849-c126d93b6ad3}]
2014-07-11 14:13 74752 ----a-w- c:\program files\48A0C3FC-2898-45E4-B2B9-147D27D29D45\xkymsyyrfh.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-08-26 1245752]
"Spotify"="c:\users\SRE Lab\AppData\Roaming\Spotify\Spotify.exe" [2014-08-26 6621752]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-25 21652064]
"pcreg"="c:\program files\pcmax\service.exe" [2014-05-29 79088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MuteSync"="c:\progra~2\Lenovo\LENOVO~1\MuteSync.exe" [2009-12-28 336384]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-03-05 329056]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-27 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"pcreg"="c:\program files\pcmax\service.exe" [2014-05-29 79088]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-26 537992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-12-14 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 f1f78e38;WinSpeed;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe;c:\programdata\Partner\Partner.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 netfilter64;netfilter64;c:\windows\system32\drivers\netfilter64.sys;c:\windows\SYSNATIVE\drivers\netfilter64.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 pcmaxservice;pcmaxservice Service;c:\program files\pcmax\pcmax.exe;c:\program files\pcmax\pcmax.exe [x]
S2 SupraSavingsService64;SupraSavingsService64;c:\program files (x86)\48A0C3FC-2898-45E4-B2B9-147D27D29D45\hmhfslexky64.exe;c:\program files (x86)\48A0C3FC-2898-45E4-B2B9-147D27D29D45\hmhfslexky64.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 xmkysecqun64;xmkysecqun64;c:\program files\003\xmkysecqun64.exe run options=01110010030000000000000000000000 sourceguid=48A0C3FC-2898-45E4-B2B9-147D27D29D45;c:\program files\003\xmkysecqun64.exe run options=01110010030000000000000000000000 sourceguid=48A0C3FC-2898-45E4-B2B9-147D27D29D45 [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-16 05:01 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-03 22:22]
.
2014-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05 13:31]
.
2014-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05 13:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2012-03-05 13:32 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-03-05 13:24 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-15 1935120]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-03-05 114688]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-03-05 789920]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-03-05 9745312]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-03-05 5374880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"pcreg"="c:\program files\pcmax\service.exe" [2014-05-29 79088]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.150.1
FF - ProfilePath - c:\users\SRE Lab\AppData\Roaming\Mozilla\Firefox\Profiles\pm2k21sz.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://websearch.calcitapp.info/
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=mcafee&type=A111US636&p=
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{f1f78e38} - c:\progra~3\WinSpeed\WinSpeed.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2014-08-30  12:31:05 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-30 19:31
.
Pre-Run: 44,118,720,512 bytes free
Post-Run: 47,046,393,856 bytes free
.
- - End Of File - - 300DBB781B678EF46CC18AFC9208C1E3


#7 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 30 August 2014 - 05:01 PM

Adware still appears to be there.



#8 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 02 September 2014 - 01:46 PM

Adware pops up while on Amazon.



#9 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 08 September 2014 - 04:02 AM

I apologize for the late reply - I was out of the office.

 

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Attached Files


Proud Member of UNITE & TB
 

#10 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 09 September 2014 - 11:19 PM

ComboFix 14-09-09.01 - SRE Lab 09/09/2014  21:47:49.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4001.2200 [GMT -7:00]
Running from: c:\users\SRE Lab\Desktop\ComboFix.exe
Command switches used :: c:\users\SRE Lab\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\netfilter64.sys"
"c:\windows\system32\drivers\netfilter64.sys"
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\COolSaaleCouipoN
c:\program files\003
c:\program files\003\xmkysecqun64.exe
c:\program files\48A0C3FC-2898-45E4-B2B9-147D27D29D45
c:\program files\48A0C3FC-2898-45E4-B2B9-147D27D29D45\xkymsyyrfh.dll
c:\program files\pcmax
c:\program files\pcmax\msvcr100.dll
c:\program files\pcmax\nodown.txt
c:\program files\pcmax\pcmax.exe
c:\program files\pcmax\service.exe
c:\program files\SupraSavings
c:\programdata\COolSaaleCouipoN
c:\programdata\f4ebfd6d8c1ca983
c:\programdata\f4ebfd6d8c1ca983\{0C516764-8CFC-C2FE-7BB0-A50A646E4DCD}.20140823143517
c:\programdata\f4ebfd6d8c1ca983\34e2e82387c90a761dfa07c36bb565e1.ini
c:\programdata\f4ebfd6d8c1ca983\391d8035b5bee6211dfa07c36bb565e1.ini
c:\programdata\f4ebfd6d8c1ca983\b6a46afacac9d2f21dfa07c36bb565e1.ini
c:\programdata\Partner
c:\programdata\Partner\debug.log
c:\programdata\Partner\Partner.dll
c:\programdata\Partner\Partner.exe
c:\programdata\Partner\Partner64.dll
c:\programdata\WinSpeed
c:\programdata\WinSpeed\WinSpeed_x64.dll
c:\users\SRE Lab\AppData\Local\Packages
c:\users\SRE Lab\AppData\Local\Packages\windows_ie_ac_001\AC\{82EEFAA0-08AF-D1D1-1902-306CA1757B65}\COolSaaleCouipoN.2.9.dat
c:\windows\system32\drivers\netfilter64.sys
c:\windows\system32\drivers\netfilter64.sys
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected 
Restored copy from - c:\windows\erdnt\cache86\userinit.exe 
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETFILTER64
-------\Service_f1f78e38
-------\Service_netfilter64
-------\Service_Partner Service
-------\Service_pcmaxservice
-------\Service_SupraSavingsService64
-------\Service_xmkysecqun64
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-10 to 2014-09-10  )))))))))))))))))))))))))))))))
.
.
2014-09-10 04:57 . 2014-09-10 04:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-30 20:28 . 2014-08-30 20:28 414 ----a-w- c:\users\SRE Lab\AppData\Local\LMIR0002.tmp.bat
2014-08-30 20:28 . 2014-08-30 20:28 339 ----a-w- c:\users\SRE Lab\AppData\Local\LMIR0002.tmp_r.bat
2014-08-30 18:45 . 2014-08-30 18:45 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-08-27 19:54 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-27 19:54 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-27 19:54 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-25 16:27 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-25 16:27 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-25 16:27 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-25 16:27 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-25 16:27 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-25 16:27 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-25 16:27 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-25 16:27 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-23 22:10 . 2013-09-23 20:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2014-08-23 22:10 . 2014-08-23 22:10 -------- d-----w- c:\program files (x86)\McAfee.com
2014-08-23 22:09 . 2014-08-23 22:10 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2014-08-23 22:08 . 2014-08-23 22:11 -------- d-----w- c:\program files\McAfee
2014-08-23 21:56 . 2014-08-23 21:56 -------- d-----w- C:\Quarantine
2014-08-23 21:56 . 2014-08-23 21:59 -------- d-----w- c:\program files\stinger
2014-08-23 21:55 . 2014-06-20 17:30 189912 ----a-w- c:\windows\system32\mfevtps.exe
2014-08-23 21:55 . 2014-08-23 22:11 -------- d-----w- c:\program files\Common Files\McAfee
2014-08-22 18:08 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{446789BA-671F-4C1D-9ABD-40BBDD460A7F}\mpengine.dll
2014-08-18 03:43 . 2014-08-18 03:43 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-08-16 20:18 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-16 20:18 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-16 05:09 . 2014-08-16 05:09 300920 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{6A9C110E-84DD-428E-9DA0-F050D314875F}-setup.exe
2014-08-16 05:07 . 2014-08-16 05:07 300920 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{5DF68AF8-72DA-495D-B959-7F45DB0FDE86}-setup.exe
2014-08-14 20:07 . 2014-06-03 10:02 3241984 ----a-w- c:\windows\system32\msi.dll
2014-08-14 20:07 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\SysWow64\msi.dll
2014-08-14 20:07 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2014-08-14 20:07 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2014-08-14 20:07 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll
2014-08-14 20:07 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-08-14 20:07 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2014-08-14 20:05 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-14 20:05 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-12 23:00 . 2014-08-12 23:00 4575232 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-29 17:45 . 2010-06-24 11:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-25 16:40 . 2012-09-08 20:42 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-05 16:20 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-24 21:33 . 2014-07-24 21:33 11336 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2014-07-24 21:32 . 2014-07-24 21:32 96592 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2014-07-24 21:31 . 2014-07-24 21:31 444720 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2014-07-11 22:22 . 2012-10-03 20:49 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-11 22:22 . 2012-10-03 20:49 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-20 17:38 . 2014-06-20 17:38 72128 ----a-w- c:\windows\system32\drivers\cfwids.sys
2014-06-20 17:31 . 2014-06-20 17:31 348552 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2014-06-20 17:26 . 2014-06-20 17:26 786296 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-06-20 17:23 . 2014-06-20 17:23 523792 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2014-06-20 17:21 . 2014-06-20 17:21 313544 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2014-06-20 17:20 . 2014-06-20 17:20 181704 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2014-06-18 02:18 . 2014-07-10 06:22 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-10 06:22 646144 ----a-w- c:\windows\SysWow64\osk.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-08-26 1245752]
"Spotify"="c:\users\SRE Lab\AppData\Roaming\Spotify\Spotify.exe" [2014-08-26 6621752]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-25 21652064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MuteSync"="c:\progra~2\Lenovo\LENOVO~1\MuteSync.exe" [2009-12-28 336384]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-03-05 329056]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-27 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-26 537992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-12-14 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 0323831409897797mcinstcleanup;McAfee Application Installer Cleanup (0323831409897797);c:\windows\TEMP\032383~1.EXE;c:\windows\TEMP\032383~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-16 05:01 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-03 22:22]
.
2014-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05 13:31]
.
2014-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05 13:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-03-05 13:24 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-15 1935120]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-03-05 114688]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-03-05 789920]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-03-05 9745312]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-03-05 5374880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.150.1
FF - ProfilePath - c:\users\SRE Lab\AppData\Roaming\Mozilla\Firefox\Profiles\pm2k21sz.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=mcafee&type=A111US636&p=
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - c:\programdata\Partner\Partner.dll
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{ca3eae2b-3b20-2e6f-a849-c126d93b6ad3} - c:\program files\48A0C3FC-2898-45E4-B2B9-147D27D29D45\xkymsyyrfh.dll
Toolbar-Locked - (no file)
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{f1f78e38} - c:\progra~3\WinSpeed\WinSpeed.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-09-09  22:09:19 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-10 05:09
ComboFix2.txt  2014-08-30 19:31
.
Pre-Run: 31,995,146,240 bytes free
Post-Run: 31,601,827,840 bytes free
.
- - End Of File - - F786B3C9353F42D0ACDF5A18BE665BD5
 

    Advertisements

Register to Remove


#11 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 10 September 2014 - 06:28 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 

#12 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 10 September 2014 - 11:59 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/10/2014
Scan Time: 9:06:50 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.11.01
Rootkit Database: v2014.09.10.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: SRE Lab
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327449
Time Elapsed: 25 min, 20 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 20
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2633423535-2134131027-269556285-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [035a15d7aecd53e3c73ab4cd986a758b], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Quarantined, [69f4c62686f5b383f78fe2d8ed15a65a], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [f06d99533b40aa8c186fa317956d0af6], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Quarantined, [124bf9f3e398d066c15afdbdce3412ee], 
PUP.Optional.CouponDownloader.A, HKLM\SOFTWARE\Coupon Downloader, Quarantined, [0855f8f40873ef47aa8cb16659aa827e], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, Quarantined, [421b7e6e502bce68b59154da21e26c94], 
PUP.Optional.SupraSavings, HKLM\SOFTWARE\suprasavings, Quarantined, [14495a929fdca78f1139a55eef14a759], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent, Quarantined, [114cf1fb82f9f83e7034164247bd8080], 
PUP.Optional.HQPro.A, HKLM\SOFTWARE\WOW6432NODE\HQPro-1.9, Quarantined, [8cd14aa23249d75fa926e02e09fa29d7], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [3e1ff4f87efdcc6a94b23fef6a99649c], 
PUP.Optional.SupraSavings, HKLM\SOFTWARE\WOW6432NODE\SupraSavings, Quarantined, [36279b51c8b32016e961df2458ab926e], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent, Quarantined, [63fafaf23843d3638f15065260a49d63], 
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5F189DF5-2D05-472B-9091-84D9848AE48B}{f1f78e38}, Quarantined, [9cc1c62645360234b746d92f41c246ba], 
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, Quarantined, [59041ad2ccaf48ee0ce860a99d662dd3], 
PUP.Optional.CinemaHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Cinema-DPlus3, Quarantined, [3c215a921566ba7c5b63da29a1629967], 
PUP.Optional.CouponDownloader.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Coupon Downloader, Quarantined, [f766d913f487df578badc5528d7609f7], 
PUP.Optional.HQPro.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQPro-1.9, Quarantined, [aab3e10b91ead4626b6656b89370e818], 
PUP.Optional.HQPro.A, HKU\S-1-5-21-2633423535-2134131027-269556285-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQPro-1.9, Quarantined, [322bca225b20c76ff9d85fafe91a31cf], 
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-2633423535-2134131027-269556285-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings, Quarantined, [17461bd1d4a745f1b9ba8897c53ebc44], 
PUP.Optional.ViewPassword.A, HKU\S-1-5-21-2633423535-2134131027-269556285-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ViewPassword, Quarantined, [203d7a72b0cb44f2f821ef1c22e14ab6], 
 
Registry Values: 1
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, Quarantined, [59041ad2ccaf48ee0ce860a99d662dd3]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.FLVMPlayer, C:\Program Files (x86)\FLVM Player, Quarantined, [4b129359691252e4bca316de38ca5fa1], 
 
Files: 15
PUP.Optional.SearchProtect.A, C:\temp\sp-downloader.exe, Quarantined, [45185399e69546f04e243c54d22ff20e], 
PUP.Optional.OptimunInstaller, C:\Users\SRE Lab\Downloads\Java_Updater_Setup (1).exe, Quarantined, [df7ea448c6b585b19f3e59f023dd60a0], 
PUP.Optional.OptimunInstaller, C:\Users\SRE Lab\Downloads\Java_Updater_Setup.exe, Quarantined, [2a3325c71a612016429b9aafe71945bb], 
PUP.Optional.Iminent.A, C:\Users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage, Quarantined, [590415d7176441f532f705f8ad55e41c], 
PUP.Optional.Iminent.A, C:\Users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage, Quarantined, [401d78743c3fb77f724d2dd8ae5527d9], 
PUP.Optional.CalcIt.A, C:\Users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.calcitapp.info_0.localstorage, Quarantined, [fa63e10b304b25110eecd92f0ef54bb5], 
PUP.Optional.CalcIt.A, C:\Users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.calcitapp.info_0.localstorage-journal, Quarantined, [cc9135b7e695d56144b660a8b05329d7], 
PUP.Optional.BetterDeals.A, C:\Users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage, Quarantined, [f06d75776d0ee05635f0719f90736997], 
PUP.Optional.BetterDeals.A, C:\Users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal, Quarantined, [2f2e53994536e452da4be9275da6dc24], 
PUP.Optional.LiveLyrics.A, C:\Users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, Quarantined, [e17ceffd384358de78e49380f2118e72], 
PUP.Optional.LiveLyrics.A, C:\Users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, Quarantined, [f865717bb9c278be9dbfc152df2409f7], 
PUP.Optional.Superfish.A, C:\Users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [be9f1cd00576a98d60ff9f7658ab38c8], 
PUP.Optional.Superfish.A, C:\Users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [91cc42aa116ac076372832e30bf80df3], 
PUP.Optional.Iminent.A, C:\Users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, Quarantined, [b8a5f2fa7dfe63d33fcf50c7bd46748c], 
PUP.Optional.CrossRider.A, C:\Users\SRE Lab\AppData\Roaming\Mozilla\Firefox\Profiles\pm2k21sz.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "146a701a235bb9b34dcfb4053b319109");), Replaced,[96c71cd04a31013557d6aa8146bf35cb]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
C:\Program Files (x86)\48A0C3FC-2898-45E4-B2B9-147D27D29D45\hmhfslexky64.exe a variant of Win64/Adware.Adpeak.F application
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{5DF68AF8-72DA-495D-B959-7F45DB0FDE86}-setup.exe a variant of Win32/SquareNet.C potentially unwanted application
C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{6A9C110E-84DD-428E-9DA0-F050D314875F}-setup.exe a variant of Win32/SquareNet.C potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files\003\xmkysecqun64.exe.vir a variant of Win64/Adware.Adpeak.C application
C:\Qoobox\Quarantine\C\Program Files\48A0C3FC-2898-45E4-B2B9-147D27D29D45\xkymsyyrfh.dll.vir a variant of Win32/AdWare.CouponAmazing.B application
C:\Qoobox\Quarantine\C\Program Files\pcmax\pcmax.exe.vir a variant of Win32/Conduit.SearchProtect.O potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files\pcmax\service.exe.vir Win32/Conduit.SearchProtect.T potentially unwanted application
C:\Qoobox\Quarantine\C\ProgramData\WinSpeed\WinSpeed_x64.dll.vir a variant of Win64/SProtector.B potentially unwanted application
C:\temp\launcher.exe Win32/Conduit.SearchProtect.M potentially unwanted application
C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\{5DF68AF8-72DA-495D-B959-7F45DB0FDE86}-setup.exe a variant of Win32/SquareNet.C potentially unwanted application
C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\{6A9C110E-84DD-428E-9DA0-F050D314875F}-setup.exe a variant of Win32/SquareNet.C potentially unwanted application
 


#13 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 14 September 2014 - 04:27 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 

#14 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 15 September 2014 - 02:38 AM

C:\Program Files (x86)\48A0C3FC-2898-45E4-B2B9-147D27D29D45\hmhfslexky64.exe a variant of Win64/Adware.Adpeak.F application
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{5DF68AF8-72DA-495D-B959-7F45DB0FDE86}-setup.exe a variant of Win32/SquareNet.C potentially unwanted application
C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{6A9C110E-84DD-428E-9DA0-F050D314875F}-setup.exe a variant of Win32/SquareNet.C potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files\003\xmkysecqun64.exe.vir a variant of Win64/Adware.Adpeak.C application
C:\Qoobox\Quarantine\C\Program Files\48A0C3FC-2898-45E4-B2B9-147D27D29D45\xkymsyyrfh.dll.vir a variant of Win32/AdWare.CouponAmazing.B application
C:\Qoobox\Quarantine\C\Program Files\pcmax\pcmax.exe.vir a variant of Win32/Conduit.SearchProtect.O potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files\pcmax\service.exe.vir Win32/Conduit.SearchProtect.T potentially unwanted application
C:\Qoobox\Quarantine\C\ProgramData\WinSpeed\WinSpeed_x64.dll.vir a variant of Win64/SProtector.B potentially unwanted application
C:\temp\launcher.exe Win32/Conduit.SearchProtect.M potentially unwanted application
C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\{5DF68AF8-72DA-495D-B959-7F45DB0FDE86}-setup.exe a variant of Win32/SquareNet.C potentially unwanted application
C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\{6A9C110E-84DD-428E-9DA0-F050D314875F}-setup.exe a variant of Win32/SquareNet.C potentially unwanted application


#15 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 16 September 2014 - 08:33 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users