Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Chrome.exe using up a lot of memory, Periodic Freezing, FRST scan tool removed.
Message
<blockquote data-quote="Yuchan1226" data-source="post: 388959" data-attributes="member: 36605"><p>Ok, I feel rediculous for not realizing, but I managed to diable my fire wall and get the scans for Farbar, I will upload with the combofix data. Sorry for the trouble.</p><p></p><p>ComboFix 15-05-19.01 - Yuichi 05/23/2015 20:05:46.1.4 - x64</p><p>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.5836 [GMT -7:00]</p><p>Running from: c:\users\Yuichi\Desktop\ComboFix.exe</p><p>AV: Norton Security Suite *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}</p><p>FW: Norton Security Suite *Disabled* {6BFC5632-188D-B806-D13E-C607121B42A0}</p><p>SP: Norton Security Suite *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}</p><p>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p> * Created a new restore point</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>c:\windows\apppatch\AppLoc.exe</p><p>c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb</p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Files Created from 2015-04-24 to 2015-05-24 )))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2015-05-24 03:16 . 2015-05-24 03:16 -------- d-----w- c:\users\Default\AppData\Local\temp</p><p>2015-05-24 02:59 . 2015-05-24 03:00 -------- d-----w- C:\FRST</p><p>2015-05-20 14:24 . 2015-05-20 14:25 -------- d-----w- c:\program files\CCleaner</p><p>2015-05-19 14:33 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll</p><p>2015-05-19 14:33 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll</p><p>2015-05-19 14:26 . 2015-05-05 01:29 342016 ----a-w- c:\windows\system32\schannel.dll</p><p>2015-05-19 14:21 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll</p><p>2015-05-19 14:21 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll</p><p>2015-05-19 14:21 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll</p><p>2015-05-19 14:21 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe</p><p>2015-05-19 14:21 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll</p><p>2015-05-19 14:21 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll</p><p>2015-05-19 14:21 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe</p><p>2015-04-24 03:31 . 2015-04-24 03:31 -------- d-----w- C:\Neople</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2015-05-24 02:23 . 2014-07-02 21:48 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys</p><p>2015-05-20 14:37 . 2014-10-22 22:17 65536 ----a-w- c:\windows\system32\spu_storage.bin</p><p>2015-05-19 14:38 . 2013-08-20 08:08 140425016 ----a-w- c:\windows\system32\MRT.exe</p><p>2015-04-14 16:37 . 2014-07-02 21:48 63704 ----a-w- c:\windows\system32\drivers\mwac.sys</p><p>2015-04-14 16:37 . 2014-07-02 21:48 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys</p><p>2015-04-14 16:37 . 2014-03-19 18:42 25816 ----a-w- c:\windows\system32\drivers\mbam.sys</p><p>2015-04-14 10:33 . 2015-04-14 10:33 1614504 ----a-w- c:\windows\system32\FM20.DLL</p><p>2015-03-30 22:25 . 2014-10-22 03:25 33856 ---ha-w- c:\windows\system32\hamachi.sys</p><p>2015-03-25 03:24 . 2015-04-23 14:56 98304 ----a-w- c:\windows\system32\wudriver.dll</p><p>2015-03-25 03:24 . 2015-04-23 14:56 37376 ----a-w- c:\windows\system32\wups2.dll</p><p>2015-03-25 03:24 . 2015-04-23 14:56 35328 ----a-w- c:\windows\system32\wups.dll</p><p>2015-03-25 03:24 . 2015-04-23 14:56 3298816 ----a-w- c:\windows\system32\wucltux.dll</p><p>2015-03-25 03:24 . 2015-04-23 14:56 2553856 ----a-w- c:\windows\system32\wuaueng.dll</p><p>2015-03-25 03:24 . 2015-04-23 14:56 191488 ----a-w- c:\windows\system32\wuwebv.dll</p><p>2015-03-25 03:24 . 2015-04-23 14:56 696320 ----a-w- c:\windows\system32\wuapi.dll</p><p>2015-03-25 03:24 . 2015-04-23 14:56 60416 ----a-w- c:\windows\system32\WinSetupUI.dll</p><p>2015-03-25 03:23 . 2015-04-23 14:56 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll</p><p>2015-03-25 03:23 . 2015-04-23 14:56 36864 ----a-w- c:\windows\system32\wuapp.exe</p><p>2015-03-25 03:23 . 2015-04-23 14:56 135168 ----a-w- c:\windows\system32\wuauclt.exe</p><p>2015-03-25 03:00 . 2015-04-23 14:56 92672 ----a-w- c:\windows\SysWow64\wudriver.dll</p><p>2015-03-25 03:00 . 2015-04-23 14:56 566784 ----a-w- c:\windows\SysWow64\wuapi.dll</p><p>2015-03-25 03:00 . 2015-04-23 14:56 29696 ----a-w- c:\windows\SysWow64\wups.dll</p><p>2015-03-25 03:00 . 2015-04-23 14:56 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll</p><p>2015-03-25 03:00 . 2015-04-23 14:56 33792 ----a-w- c:\windows\SysWow64\wuapp.exe</p><p>2015-03-23 03:25 . 2015-04-23 14:56 726528 ----a-w- c:\windows\system32\generaltel.dll</p><p>2015-03-23 03:25 . 2015-04-23 14:56 769536 ----a-w- c:\windows\system32\invagent.dll</p><p>2015-03-23 03:24 . 2015-04-23 14:56 419840 ----a-w- c:\windows\system32\devinv.dll</p><p>2015-03-23 03:24 . 2015-04-23 14:56 957952 ----a-w- c:\windows\system32\appraiser.dll</p><p>2015-03-23 03:24 . 2015-04-23 14:56 30720 ----a-w- c:\windows\system32\acmigration.dll</p><p>2015-03-23 03:24 . 2015-04-23 14:56 227328 ----a-w- c:\windows\system32\aepdu.dll</p><p>2015-03-23 03:24 . 2015-04-23 14:56 192000 ----a-w- c:\windows\system32\aepic.dll</p><p>2015-03-23 03:17 . 2015-04-23 14:56 1111552 ----a-w- c:\windows\system32\aeinv.dll</p><p>2015-03-17 05:22 . 2015-04-23 14:56 5557696 ----a-w- c:\windows\system32\ntoskrnl.exe</p><p>2015-03-17 05:19 . 2015-04-23 14:56 1727904 ----a-w- c:\windows\system32\ntdll.dll</p><p>2015-03-17 05:17 . 2015-04-23 14:56 362496 ----a-w- c:\windows\system32\wow64win.dll</p><p>2015-03-17 05:17 . 2015-04-23 14:56 243712 ----a-w- c:\windows\system32\wow64.dll</p><p>2015-03-17 05:17 . 2015-04-23 14:56 13312 ----a-w- c:\windows\system32\wow64cpu.dll</p><p>2015-03-17 05:16 . 2015-04-23 14:56 215040 ----a-w- c:\windows\system32\winsrv.dll</p><p>2015-03-17 05:16 . 2015-04-23 14:56 503808 ----a-w- c:\windows\system32\srcore.dll</p><p>2015-03-17 05:16 . 2015-04-23 14:56 50176 ----a-w- c:\windows\system32\srclient.dll</p><p>2015-03-17 05:16 . 2015-04-23 14:56 16384 ----a-w- c:\windows\system32\ntvdm64.dll</p><p>2015-03-17 05:16 . 2015-04-23 14:56 424448 ----a-w- c:\windows\system32\KernelBase.dll</p><p>2015-03-17 05:16 . 2015-04-23 14:56 1163264 ----a-w- c:\windows\system32\kernel32.dll</p><p>2015-03-17 05:16 . 2015-04-23 14:56 43520 ----a-w- c:\windows\system32\csrsrv.dll</p><p>2015-03-17 05:16 . 2015-04-23 14:56 112640 ----a-w- c:\windows\system32\smss.exe</p><p>2015-03-17 05:16 . 2015-04-23 14:56 296960 ----a-w- c:\windows\system32\rstrui.exe</p><p>2015-03-17 05:15 . 2015-04-23 14:56 338432 ----a-w- c:\windows\system32\conhost.exe</p><p>2015-03-17 05:11 . 2015-04-23 14:56 6656 ----a-w- c:\windows\system32\apisetschema.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll</p><p>2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll</p><p>2015-03-17 05:01 . 2015-04-23 14:56 3920824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe</p><p>2015-03-17 05:01 . 2015-04-23 14:56 3976632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe</p><p>2015-03-17 04:59 . 2015-04-23 14:56 1309696 ----a-w- c:\windows\SysWow64\ntdll.dll</p><p>2015-03-17 04:57 . 2015-04-23 14:56 43008 ----a-w- c:\windows\SysWow64\srclient.dll</p><p>2015-03-17 04:57 . 2015-04-23 14:56 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll</p><p>2015-03-17 04:56 . 2015-04-23 14:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll</p><p>2015-03-17 04:56 . 2015-04-23 14:56 25600 ----a-w- c:\windows\SysWow64\setup16.exe</p><p>2015-03-17 04:56 . 2015-04-23 14:56 5120 ----a-w- c:\windows\SysWow64\wow32.dll</p><p>2015-03-17 04:56 . 2015-04-23 14:56 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll</p><p>2015-03-17 04:50 . 2015-04-23 14:56 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll</p><p>2015-03-17 04:50 . 2015-04-23 14:56 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll</p><p>2015-03-17 04:50 . 2015-04-23 14:56 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll</p><p>2015-03-17 04:50 . 2015-04-23 14:56 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll</p><p>2015-03-17 04:50 . 2015-04-23 14:56 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll</p><p>2015-03-17 04:50 . 2015-04-23 14:56 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll</p><p>2015-03-17 04:50 . 2015-04-23 14:56 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll</p><p>2015-03-17 04:50 . 2015-04-23 14:56 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll</p><p>2015-03-17 04:50 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll</p><p>2015-03-17 04:50 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll</p><p>2015-03-17 04:50 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll</p><p>2015-03-17 04:50 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll</p><p>2015-03-17 04:50 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll</p><p>2015-03-17 04:50 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll</p><p>2015-03-17 04:50 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Note* empty entries & legit default entries are not shown </p><p>REGEDIT4</p><p>.</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-05-15 2888384]</p><p>"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-04-23 8204056]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</p><p>"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]</p><p>"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-21 767176]</p><p>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</p><p>"ConsentPromptBehaviorAdmin"= 5 (0x5)</p><p>"ConsentPromptBehaviorUser"= 3 (0x3)</p><p>"EnableUIADesktopToggle"= 0 (0x0)</p><p>.</p><p>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]</p><p>R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]</p><p>R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]</p><p>R3 ArcService;Arc Service;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe [x]</p><p>R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]</p><p>R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]</p><p>R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]</p><p>R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]</p><p>R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]</p><p>R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]</p><p>R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]</p><p>R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]</p><p>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]</p><p>R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]</p><p>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]</p><p>R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]</p><p>R3 X6va013;X6va013;c:\windows\SysWOW64\Drivers\X6va013;c:\windows\SysWOW64\Drivers\X6va013 [x]</p><p>R3 X6va021;X6va021;c:\windows\SysWOW64\Drivers\X6va021;c:\windows\SysWOW64\Drivers\X6va021 [x]</p><p>R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]</p><p>S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1507000.00B\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1507000.00B\SYMDS64.SYS [x]</p><p>S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1507000.00B\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1507000.00B\SYMEFA64.SYS [x]</p><p>S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150519.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150519.001\BHDrvx64.sys [x]</p><p>S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1507000.00B\ccSetx64.sys [x]</p><p>S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150521.003\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150521.003\IDSvia64.sys [x]</p><p>S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1507000.00B\Ironx64.SYS [x]</p><p>S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1507000.00B\SYMNETS.SYS [x]</p><p>S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]</p><p>S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]</p><p>S2 amdacpksd;ACP Kernel Service Driver;c:\windows\system32\drivers\amdacpksd.sys;c:\windows\SYSNATIVE\drivers\amdacpksd.sys [x]</p><p>S2 amdacpusrsvc;ACP User Service;c:\program files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe;c:\program files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [x]</p><p>S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]</p><p>S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]</p><p>S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]</p><p>S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]</p><p>S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]</p><p>S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]</p><p>S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.7.0.11\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.7.0.11\N360.exe [x]</p><p>S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]</p><p>S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]</p><p>S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]</p><p>S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]</p><p>.</p><p>.</p><p>--- Other Services/Drivers In Memory ---</p><p>.</p><p>*NewlyCreated* - MBAMSWISSARMY</p><p>*Deregistered* - EraserUtilDrv11411</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]</p><p>2015-05-21 02:39 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.65\Installer\chrmstp.exe</p><p>.</p><p>Contents of the 'Scheduled Tasks' folder</p><p>.</p><p>2015-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-12 08:08]</p><p>.</p><p>2015-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-12 08:08]</p><p>.</p><p>.</p><p>--------- X64 Entries -----------</p><p>.</p><p>.</p><p>------- Supplementary Scan -------</p><p>.</p><p>uLocal Page = c:\windows\system32\blank.htm</p><p>mLocal Page = c:\windows\SysWOW64\blank.htm</p><p>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000</p><p>IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105</p><p>Trusted Zone: clonewarsadventures.com</p><p>Trusted Zone: freerealms.com</p><p>Trusted Zone: soe.com</p><p>Trusted Zone: sony.com</p><p>.</p><p>- - - - ORPHANS REMOVED - - - -</p><p>.</p><p>Wow6432Node-HKLM-Run-DivXMediaServer - c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe</p><p>Wow6432Node-HKLM-Run-<NO NAME> - (no file)</p><p>HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start</p><p>AddRemove-DSite - c:\users\Yuichi\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe</p><p>.</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]</p><p>"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.7.0.11\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.7.0.11\diMaster.dll\" /prefetch:1"</p><p>"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS"</p><p>"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.7.0.11;c:\program files (x86)\Norton Security Suite\Engine64\21.7.0.11"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]</p><p>"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va013]</p><p>"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va013"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va021]</p><p>"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va021"</p><p>.</p><p>--------------------- LOCKED REGISTRY KEYS ---------------------</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]</p><p>@Denied: (Full) (Everyone)</p><p>.</p><p>Completion time: 2015-05-23 20:26:34</p><p>ComboFix-quarantined-files.txt 2015-05-24 03:26</p><p>.</p><p>Pre-Run: 432,687,493,120 bytes free</p><p>Post-Run: 432,219,684,864 bytes free</p><p>.</p><p>- - End Of File - - 29DBB56A1922D21A8D80DBE7D254C729</p><p>A36C5E4F47E84449FF07ED3517B43A31</p></blockquote><p></p>
[QUOTE="Yuchan1226, post: 388959, member: 36605"] Ok, I feel rediculous for not realizing, but I managed to diable my fire wall and get the scans for Farbar, I will upload with the combofix data. Sorry for the trouble. ComboFix 15-05-19.01 - Yuichi 05/23/2015 20:05:46.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.5836 [GMT -7:00] Running from: c:\users\Yuichi\Desktop\ComboFix.exe AV: Norton Security Suite *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB} FW: Norton Security Suite *Disabled* {6BFC5632-188D-B806-D13E-C607121B42A0} SP: Norton Security Suite *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\apppatch\AppLoc.exe c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb . . ((((((((((((((((((((((((( Files Created from 2015-04-24 to 2015-05-24 ))))))))))))))))))))))))))))))) . . 2015-05-24 03:16 . 2015-05-24 03:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-05-24 02:59 . 2015-05-24 03:00 -------- d-----w- C:\FRST 2015-05-20 14:24 . 2015-05-20 14:25 -------- d-----w- c:\program files\CCleaner 2015-05-19 14:33 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-19 14:33 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2015-05-19 14:26 . 2015-05-05 01:29 342016 ----a-w- c:\windows\system32\schannel.dll 2015-05-19 14:21 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll 2015-05-19 14:21 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll 2015-05-19 14:21 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll 2015-05-19 14:21 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe 2015-05-19 14:21 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll 2015-05-19 14:21 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll 2015-05-19 14:21 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe 2015-04-24 03:31 . 2015-04-24 03:31 -------- d-----w- C:\Neople . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-05-24 02:23 . 2014-07-02 21:48 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-05-20 14:37 . 2014-10-22 22:17 65536 ----a-w- c:\windows\system32\spu_storage.bin 2015-05-19 14:38 . 2013-08-20 08:08 140425016 ----a-w- c:\windows\system32\MRT.exe 2015-04-14 16:37 . 2014-07-02 21:48 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-04-14 16:37 . 2014-07-02 21:48 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-04-14 16:37 . 2014-03-19 18:42 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-04-14 10:33 . 2015-04-14 10:33 1614504 ----a-w- c:\windows\system32\FM20.DLL 2015-03-30 22:25 . 2014-10-22 03:25 33856 ---ha-w- c:\windows\system32\hamachi.sys 2015-03-25 03:24 . 2015-04-23 14:56 98304 ----a-w- c:\windows\system32\wudriver.dll 2015-03-25 03:24 . 2015-04-23 14:56 37376 ----a-w- c:\windows\system32\wups2.dll 2015-03-25 03:24 . 2015-04-23 14:56 35328 ----a-w- c:\windows\system32\wups.dll 2015-03-25 03:24 . 2015-04-23 14:56 3298816 ----a-w- c:\windows\system32\wucltux.dll 2015-03-25 03:24 . 2015-04-23 14:56 2553856 ----a-w- c:\windows\system32\wuaueng.dll 2015-03-25 03:24 . 2015-04-23 14:56 191488 ----a-w- c:\windows\system32\wuwebv.dll 2015-03-25 03:24 . 2015-04-23 14:56 696320 ----a-w- c:\windows\system32\wuapi.dll 2015-03-25 03:24 . 2015-04-23 14:56 60416 ----a-w- c:\windows\system32\WinSetupUI.dll 2015-03-25 03:23 . 2015-04-23 14:56 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll 2015-03-25 03:23 . 2015-04-23 14:56 36864 ----a-w- c:\windows\system32\wuapp.exe 2015-03-25 03:23 . 2015-04-23 14:56 135168 ----a-w- c:\windows\system32\wuauclt.exe 2015-03-25 03:00 . 2015-04-23 14:56 92672 ----a-w- c:\windows\SysWow64\wudriver.dll 2015-03-25 03:00 . 2015-04-23 14:56 566784 ----a-w- c:\windows\SysWow64\wuapi.dll 2015-03-25 03:00 . 2015-04-23 14:56 29696 ----a-w- c:\windows\SysWow64\wups.dll 2015-03-25 03:00 . 2015-04-23 14:56 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll 2015-03-25 03:00 . 2015-04-23 14:56 33792 ----a-w- c:\windows\SysWow64\wuapp.exe 2015-03-23 03:25 . 2015-04-23 14:56 726528 ----a-w- c:\windows\system32\generaltel.dll 2015-03-23 03:25 . 2015-04-23 14:56 769536 ----a-w- c:\windows\system32\invagent.dll 2015-03-23 03:24 . 2015-04-23 14:56 419840 ----a-w- c:\windows\system32\devinv.dll 2015-03-23 03:24 . 2015-04-23 14:56 957952 ----a-w- c:\windows\system32\appraiser.dll 2015-03-23 03:24 . 2015-04-23 14:56 30720 ----a-w- c:\windows\system32\acmigration.dll 2015-03-23 03:24 . 2015-04-23 14:56 227328 ----a-w- c:\windows\system32\aepdu.dll 2015-03-23 03:24 . 2015-04-23 14:56 192000 ----a-w- c:\windows\system32\aepic.dll 2015-03-23 03:17 . 2015-04-23 14:56 1111552 ----a-w- c:\windows\system32\aeinv.dll 2015-03-17 05:22 . 2015-04-23 14:56 5557696 ----a-w- c:\windows\system32\ntoskrnl.exe 2015-03-17 05:19 . 2015-04-23 14:56 1727904 ----a-w- c:\windows\system32\ntdll.dll 2015-03-17 05:17 . 2015-04-23 14:56 362496 ----a-w- c:\windows\system32\wow64win.dll 2015-03-17 05:17 . 2015-04-23 14:56 243712 ----a-w- c:\windows\system32\wow64.dll 2015-03-17 05:17 . 2015-04-23 14:56 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2015-03-17 05:16 . 2015-04-23 14:56 215040 ----a-w- c:\windows\system32\winsrv.dll 2015-03-17 05:16 . 2015-04-23 14:56 503808 ----a-w- c:\windows\system32\srcore.dll 2015-03-17 05:16 . 2015-04-23 14:56 50176 ----a-w- c:\windows\system32\srclient.dll 2015-03-17 05:16 . 2015-04-23 14:56 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2015-03-17 05:16 . 2015-04-23 14:56 424448 ----a-w- c:\windows\system32\KernelBase.dll 2015-03-17 05:16 . 2015-04-23 14:56 1163264 ----a-w- c:\windows\system32\kernel32.dll 2015-03-17 05:16 . 2015-04-23 14:56 43520 ----a-w- c:\windows\system32\csrsrv.dll 2015-03-17 05:16 . 2015-04-23 14:56 112640 ----a-w- c:\windows\system32\smss.exe 2015-03-17 05:16 . 2015-04-23 14:56 296960 ----a-w- c:\windows\system32\rstrui.exe 2015-03-17 05:15 . 2015-04-23 14:56 338432 ----a-w- c:\windows\system32\conhost.exe 2015-03-17 05:11 . 2015-04-23 14:56 6656 ----a-w- c:\windows\system32\apisetschema.dll 2015-03-17 05:11 . 2015-04-23 14:56 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-03-17 05:11 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-03-17 05:01 . 2015-04-23 14:56 3920824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2015-03-17 05:01 . 2015-04-23 14:56 3976632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2015-03-17 04:59 . 2015-04-23 14:56 1309696 ----a-w- c:\windows\SysWow64\ntdll.dll 2015-03-17 04:57 . 2015-04-23 14:56 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2015-03-17 04:57 . 2015-04-23 14:56 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2015-03-17 04:56 . 2015-04-23 14:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-03-17 04:56 . 2015-04-23 14:56 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2015-03-17 04:56 . 2015-04-23 14:56 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2015-03-17 04:56 . 2015-04-23 14:56 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2015-03-17 04:50 . 2015-04-23 14:56 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2015-03-17 04:50 . 2015-04-23 14:56 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2015-03-17 04:50 . 2015-04-23 14:56 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2015-03-17 04:50 . 2015-04-23 14:56 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-03-17 04:50 . 2015-04-23 14:56 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2015-03-17 04:50 . 2015-04-23 14:56 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2015-03-17 04:50 . 2015-04-23 14:56 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2015-03-17 04:50 . 2015-04-23 14:56 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2015-03-17 04:50 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-03-17 04:50 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-03-17 04:50 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2015-03-17 04:50 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-03-17 04:50 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2015-03-17 04:50 . 2015-04-23 14:56 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2015-03-17 04:50 . 2015-04-23 14:56 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2015-05-15 2888384] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-04-23 8204056] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-21 767176] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 ArcService;Arc Service;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x] R3 X6va013;X6va013;c:\windows\SysWOW64\Drivers\X6va013;c:\windows\SysWOW64\Drivers\X6va013 [x] R3 X6va021;X6va021;c:\windows\SysWOW64\Drivers\X6va021;c:\windows\SysWOW64\Drivers\X6va021 [x] R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1507000.00B\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1507000.00B\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1507000.00B\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1507000.00B\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150519.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150519.001\BHDrvx64.sys [x] S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1507000.00B\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150521.003\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150521.003\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1507000.00B\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1507000.00B\SYMNETS.SYS [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 amdacpksd;ACP Kernel Service Driver;c:\windows\system32\drivers\amdacpksd.sys;c:\windows\SYSNATIVE\drivers\amdacpksd.sys [x] S2 amdacpusrsvc;ACP User Service;c:\program files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe;c:\program files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [x] S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x] S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.7.0.11\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.7.0.11\N360.exe [x] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY *Deregistered* - EraserUtilDrv11411 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-05-21 02:39 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.65\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2015-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-12 08:08] . 2015-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-12 08:08] . . --------- X64 Entries ----------- . . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-DivXMediaServer - c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-DSite - c:\users\Yuichi\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.7.0.11\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.7.0.11\diMaster.dll\" /prefetch:1" "ImagePath"="\SystemRoot\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS" "TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.7.0.11;c:\program files (x86)\Norton Security Suite\Engine64\21.7.0.11" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va013] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va013" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va021] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va021" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2015-05-23 20:26:34 ComboFix-quarantined-files.txt 2015-05-24 03:26 . Pre-Run: 432,687,493,120 bytes free Post-Run: 432,219,684,864 bytes free . - - End Of File - - 29DBB56A1922D21A8D80DBE7D254C729 A36C5E4F47E84449FF07ED3517B43A31 [/QUOTE]
Insert quotes…
Verification
Post reply
Top