Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Proxy server virus: (127.0.0.1 port 8118)
Message
<blockquote data-quote="thedarkhippy" data-source="post: 407766" data-attributes="member: 36149"><p>ok so have run it. There was two error while it run, saying that it could not save certain files and i am unable to attach the results as it says file empty? the file is not empty as i can copy and paste it:</p><p></p><p>ComboFix 15-07-05.01 - User 06/07/2015 20:43:59.1.2 - x64</p><p>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5735.3408 [GMT 1:00]</p><p>Running from: c:\users\User\Desktop\ComboFix.exe</p><p>AV: Norton Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}</p><p>FW: Norton Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}</p><p>SP: Norton Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}</p><p>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>c:\windows\wininit.ini</p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Files Created from 2015-06-06 to 2015-07-06 )))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2015-07-06 19:58 . 2015-07-06 19:58 -------- d-----w- c:\users\TEMP\AppData\Local\temp</p><p>2015-07-06 19:58 . 2015-07-06 19:58 -------- d-----w- c:\users\Default\AppData\Local\temp</p><p>2015-07-05 19:58 . 2015-07-05 21:19 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys</p><p>2015-07-05 19:58 . 2015-06-18 07:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys</p><p>2015-07-05 19:58 . 2015-06-18 07:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys</p><p>2015-07-05 19:58 . 2015-06-18 07:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys</p><p>2015-07-05 19:58 . 2015-07-05 19:58 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware</p><p>2015-07-05 19:58 . 2015-07-05 19:58 -------- d-----w- c:\programdata\Malwarebytes</p><p>2015-07-03 17:01 . 2015-07-05 13:43 -------- d-----w- c:\windows\system32\drivers\NSx64</p><p>2015-07-03 17:01 . 2015-07-03 17:01 -------- d-----w- c:\program files (x86)\Norton Security</p><p>2015-07-03 16:12 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CAFF9B3-EB9D-46A7-9229-12A6F4179100}\mpengine.dll</p><p>2015-07-01 20:17 . 2015-05-25 18:19 1255424 ----a-w- c:\windows\system32\diagtrack.dll</p><p>2015-07-01 20:16 . 2015-05-25 17:08 3206144 ----a-w- c:\windows\system32\win32k.sys</p><p>2015-07-01 20:16 . 2015-04-11 03:19 69888 ----a-w- c:\windows\system32\drivers\stream.sys</p><p>2015-07-01 20:11 . 2015-05-22 18:21 490496 ----a-w- c:\program files\Internet Explorer\ieinstal.exe</p><p>2015-06-24 09:06 . 2015-06-25 09:06 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0</p><p>2015-06-22 09:42 . 2015-06-22 09:43 -------- d-----w- c:\users\TEMP.User-TOSH</p><p>2015-06-21 18:58 . 2015-06-22 17:20 -------- dc----w- c:\windows\system32\DRVSTORE</p><p>2015-06-21 17:59 . 2015-06-21 17:59 -------- d-----w- c:\users\User\AppData\Local\CrashRpt</p><p>2015-06-21 17:30 . 2015-06-21 17:30 -------- d-----w- C:\RegBackup</p><p>2015-06-15 07:30 . 2015-06-15 07:30 -------- d-----w- c:\program files\Common Files\AV</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2015-07-03 17:05 . 2013-03-14 19:39 102616 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS</p><p>2015-07-02 07:28 . 2013-09-19 20:03 140135120 ----a-w- c:\windows\system32\MRT.exe</p><p>2015-05-25 18:01 . 2015-07-01 20:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll</p><p>2015-05-22 18:18 . 2015-06-05 08:10 700416 ----a-w- c:\windows\system32\generaltel.dll</p><p>2015-05-22 18:18 . 2015-06-05 08:10 757248 ----a-w- c:\windows\system32\invagent.dll</p><p>2015-05-22 18:18 . 2015-06-05 08:10 423424 ----a-w- c:\windows\system32\devinv.dll</p><p>2015-05-22 18:18 . 2015-06-05 08:10 1021440 ----a-w- c:\windows\system32\appraiser.dll</p><p>2015-05-22 18:18 . 2015-06-05 08:10 45568 ----a-w- c:\windows\system32\acmigration.dll</p><p>2015-05-22 18:18 . 2015-06-05 08:10 227328 ----a-w- c:\windows\system32\aepdu.dll</p><p>2015-05-22 18:13 . 2015-06-05 08:10 1119232 ----a-w- c:\windows\system32\aeinv.dll</p><p>2015-05-21 13:19 . 2015-06-05 08:10 193536 ----a-w- c:\windows\system32\aepic.dll</p><p>2015-05-01 13:17 . 2015-05-13 11:12 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll</p><p>2015-05-01 13:16 . 2015-05-13 11:12 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll</p><p>2015-04-20 03:17 . 2015-05-13 09:30 1179136 ----a-w- c:\windows\system32\FntCache.dll</p><p>2015-04-20 03:17 . 2015-05-13 09:30 1647104 ----a-w- c:\windows\system32\DWrite.dll</p><p>2015-04-20 02:56 . 2015-05-13 09:30 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll</p><p>2015-04-18 03:10 . 2015-05-13 09:43 460800 ----a-w- c:\windows\system32\certcli.dll</p><p>2015-04-18 02:56 . 2015-05-13 09:43 342016 ----a-w- c:\windows\SysWow64\certcli.dll</p><p>2015-04-16 12:26 . 2015-03-26 13:26 73728 ----a-w- c:\windows\SysWow64\tasks.dll</p><p>2015-04-14 02:38 . 2015-04-14 02:38 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL</p><p>2015-04-13 03:28 . 2015-05-13 09:36 328704 ----a-w- c:\windows\system32\services.exe</p><p>2015-04-08 03:29 . 2015-05-13 09:23 275456 ----a-w- c:\windows\system32\InkEd.dll</p><p>2015-04-08 03:29 . 2015-05-13 09:23 24576 ----a-w- c:\windows\system32\jnwmon.dll</p><p>2015-04-08 03:14 . 2015-05-13 09:23 216064 ----a-w- c:\windows\SysWow64\InkEd.dll</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Note* empty entries & legit default entries are not shown </p><p>REGEDIT4</p><p>.</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2015-04-10 455392]</p><p>"Spotify"="c:\users\User\AppData\Roaming\Spotify\Spotify.exe" [2015-07-02 7504952]</p><p>"Spotify Web Helper"="c:\users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-07-02 2030648]</p><p>"GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-06-20 813896]</p><p>.</p><p>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]</p><p>"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]</p><p>.</p><p>c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</p><p>TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</p><p>"ConsentPromptBehaviorAdmin"= 5 (0x5)</p><p>"ConsentPromptBehaviorUser"= 3 (0x3)</p><p>"EnableUIADesktopToggle"= 0 (0x0)</p><p>"EnableLinkedConnections"= 1 (0x1)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]</p><p>"LoadAppInit_DLLs"=1 (0x1)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]</p><p>"aux1"=wdmaud.drv</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]</p><p>@=""</p><p>.</p><p>R1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\ccSetx64.sys [x]</p><p>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]</p><p>R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]</p><p>R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [x]</p><p>R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]</p><p>R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]</p><p>R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]</p><p>R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]</p><p>R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]</p><p>R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]</p><p>R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]</p><p>R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]</p><p>R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]</p><p>R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]</p><p>R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]</p><p>R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]</p><p>R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]</p><p>R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]</p><p>R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]</p><p>R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]</p><p>R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]</p><p>R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]</p><p>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]</p><p>R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]</p><p>R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]</p><p>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]</p><p>R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]</p><p>S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NSx64\1600020.011\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1600020.011\SYMDS64.SYS [x]</p><p>S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NSx64\1600020.011\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1600020.011\SYMEFA64.SYS [x]</p><p>S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\BASHDefs\20150625.001\BHDrvx64.sys;c:\program files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\BASHDefs\20150625.001\BHDrvx64.sys [x]</p><p>S1 ccSet_NS;NS Settings Manager;c:\windows\system32\drivers\NSx64\1600020.011\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSx64\1600020.011\ccSetx64.sys [x]</p><p>S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\IPSDefs\20150703.001\IDSvia64.sys;c:\program files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\IPSDefs\20150703.001\IDSvia64.sys [x]</p><p>S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NSx64\1600020.011\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1600020.011\Ironx64.SYS [x]</p><p>S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NSx64\1600020.011\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1600020.011\SYMNETS.SYS [x]</p><p>S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]</p><p>S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]</p><p>S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]</p><p>S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]</p><p>S2 dlba_device;dlba_device;c:\windows\system32\dlbacoms.exe;c:\windows\SYSNATIVE\dlbacoms.exe [x]</p><p>S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]</p><p>S2 NS;Norton Security;c:\program files (x86)\Norton Security\Engine\22.0.2.17\NS.exe;c:\program files (x86)\Norton Security\Engine\22.0.2.17\NS.exe [x]</p><p>S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]</p><p>S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]</p><p>S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]</p><p>S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]</p><p>S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]</p><p>S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]</p><p>S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]</p><p>S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys;c:\windows\SYSNATIVE\drivers\QIOMem.sys [x]</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]</p><p>2015-07-06 08:43 990024 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe</p><p>.</p><p>Contents of the 'Scheduled Tasks' folder</p><p>.</p><p>2015-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job</p><p>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-14 19:45]</p><p>.</p><p>2015-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 16:23]</p><p>.</p><p>2015-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 16:23]</p><p>.</p><p>2015-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153010267-44935286-722844377-1000Core.job</p><p>- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-25 19:57]</p><p>.</p><p>2015-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153010267-44935286-722844377-1000UA.job</p><p>- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-25 19:57]</p><p>.</p><p>.</p><p>--------- X64 Entries -----------</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]</p><p>.</p><p>------- Supplementary Scan -------</p><p>.</p><p>uLocal Page = c:\windows\system32\blank.htm</p><p>uStart Page = hxxp://<a href="http://www.google.com/" target="_blank">www.google.com/</a></p><p>uDefault_Search_URL = hxxp://<a href="http://www.google.com" target="_blank">www.google.com</a></p><p>mLocal Page = c:\windows\SysWOW64\blank.htm</p><p>mSearch Bar = hxxp://<a href="http://www.google.com" target="_blank">www.google.com</a></p><p>IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000</p><p>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000</p><p>IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105</p><p>Trusted Zone: dell.com</p><p>TCP: DhcpNameServer = 192.168.0.1</p><p>.</p><p>- - - - ORPHANS REMOVED - - - -</p><p>.</p><p>Toolbar-Locked - (no file)</p><p>Toolbar-10 - (no file)</p><p>Notify-SDWinLogon - SDWinLogon.dll</p><p>HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start</p><p>Toolbar-Locked - (no file)</p><p>Toolbar-10 - (no file)</p><p>HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe</p><p>AddRemove-AVG Web TuneUp - c:\program files (x86)\AVG Web TuneUp\UNINSTALL.exe</p><p>AddRemove-spotimote - c:\program files (x86)\spotimote\uninstall.exe</p><p>AddRemove-zonealarm - c:\users\User\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe</p><p>.</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]</p><p>"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"</p><p>--</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NS]</p><p>"ImagePath"="\"c:\program files (x86)\Norton Security\Engine\22.0.2.17\NS.exe\" /s \"NS\" /m \"c:\program files (x86)\Norton Security\Engine\22.0.2.17\diMaster.dll\" /prefetch:1"</p><p>"ImagePath"="\SystemRoot\system32\drivers\NSx64\1600020.011\SYMNETS.SYS"</p><p>"TrustedImagePaths"="c:\program files (x86)\Norton Security\Engine\22.0.2.17;c:\program files (x86)\Norton Security\Engine64\22.0.2.17"</p><p>.</p><p>--------------------- LOCKED REGISTRY KEYS ---------------------</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</p><p>@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker5"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Shockwave Flash Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</p><p>@="0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash.11"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Macromedia Flash Factory Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="FlashFactory.FlashFactory.1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="FlashFactory.FlashFactory"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker5"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\McAfee]</p><p>"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,</p><p> 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]</p><p>@Denied: (A) (Everyone)</p><p>"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]</p><p>@Denied: (A) (Everyone)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]</p><p>"Key"="ActionsPane3"</p><p>"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</p><p>@Denied: (A) (Users)</p><p>@Denied: (A) (Everyone)</p><p>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</p><p>"BlindDial"=dword:00000000</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]</p><p>@Denied: (A) (Users)</p><p>@Denied: (A) (Everyone)</p><p>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</p><p>"BlindDial"=dword:00000000</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]</p><p>@Denied: (Full) (Everyone)</p><p>.</p><p>Completion time: 2015-07-06 21:04:04</p><p>ComboFix-quarantined-files.txt 2015-07-06 20:04</p><p>ComboFix2.txt 2015-06-21 18:33</p><p>.</p><p>Pre-Run: 108,610,990,080 bytes free</p><p>Post-Run: 108,075,675,648 bytes free</p><p>.</p><p>- - End Of File - - C15E71EABD0E5F0BFAB58999174AC0AB</p><p>A36C5E4F47E84449FF07ED3517B43A31</p></blockquote><p></p>
[QUOTE="thedarkhippy, post: 407766, member: 36149"] ok so have run it. There was two error while it run, saying that it could not save certain files and i am unable to attach the results as it says file empty? the file is not empty as i can copy and paste it: ComboFix 15-07-05.01 - User 06/07/2015 20:43:59.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5735.3408 [GMT 1:00] Running from: c:\users\User\Desktop\ComboFix.exe AV: Norton Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} FW: Norton Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} SP: Norton Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2015-06-06 to 2015-07-06 ))))))))))))))))))))))))))))))) . . 2015-07-06 19:58 . 2015-07-06 19:58 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2015-07-06 19:58 . 2015-07-06 19:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-07-05 19:58 . 2015-07-05 21:19 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-07-05 19:58 . 2015-06-18 07:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-07-05 19:58 . 2015-06-18 07:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-07-05 19:58 . 2015-06-18 07:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-07-05 19:58 . 2015-07-05 19:58 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2015-07-05 19:58 . 2015-07-05 19:58 -------- d-----w- c:\programdata\Malwarebytes 2015-07-03 17:01 . 2015-07-05 13:43 -------- d-----w- c:\windows\system32\drivers\NSx64 2015-07-03 17:01 . 2015-07-03 17:01 -------- d-----w- c:\program files (x86)\Norton Security 2015-07-03 16:12 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CAFF9B3-EB9D-46A7-9229-12A6F4179100}\mpengine.dll 2015-07-01 20:17 . 2015-05-25 18:19 1255424 ----a-w- c:\windows\system32\diagtrack.dll 2015-07-01 20:16 . 2015-05-25 17:08 3206144 ----a-w- c:\windows\system32\win32k.sys 2015-07-01 20:16 . 2015-04-11 03:19 69888 ----a-w- c:\windows\system32\drivers\stream.sys 2015-07-01 20:11 . 2015-05-22 18:21 490496 ----a-w- c:\program files\Internet Explorer\ieinstal.exe 2015-06-24 09:06 . 2015-06-25 09:06 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2015-06-22 09:42 . 2015-06-22 09:43 -------- d-----w- c:\users\TEMP.User-TOSH 2015-06-21 18:58 . 2015-06-22 17:20 -------- dc----w- c:\windows\system32\DRVSTORE 2015-06-21 17:59 . 2015-06-21 17:59 -------- d-----w- c:\users\User\AppData\Local\CrashRpt 2015-06-21 17:30 . 2015-06-21 17:30 -------- d-----w- C:\RegBackup 2015-06-15 07:30 . 2015-06-15 07:30 -------- d-----w- c:\program files\Common Files\AV . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-07-03 17:05 . 2013-03-14 19:39 102616 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2015-07-02 07:28 . 2013-09-19 20:03 140135120 ----a-w- c:\windows\system32\MRT.exe 2015-05-25 18:01 . 2015-07-01 20:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-05-22 18:18 . 2015-06-05 08:10 700416 ----a-w- c:\windows\system32\generaltel.dll 2015-05-22 18:18 . 2015-06-05 08:10 757248 ----a-w- c:\windows\system32\invagent.dll 2015-05-22 18:18 . 2015-06-05 08:10 423424 ----a-w- c:\windows\system32\devinv.dll 2015-05-22 18:18 . 2015-06-05 08:10 1021440 ----a-w- c:\windows\system32\appraiser.dll 2015-05-22 18:18 . 2015-06-05 08:10 45568 ----a-w- c:\windows\system32\acmigration.dll 2015-05-22 18:18 . 2015-06-05 08:10 227328 ----a-w- c:\windows\system32\aepdu.dll 2015-05-22 18:13 . 2015-06-05 08:10 1119232 ----a-w- c:\windows\system32\aeinv.dll 2015-05-21 13:19 . 2015-06-05 08:10 193536 ----a-w- c:\windows\system32\aepic.dll 2015-05-01 13:17 . 2015-05-13 11:12 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-01 13:16 . 2015-05-13 11:12 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2015-04-20 03:17 . 2015-05-13 09:30 1179136 ----a-w- c:\windows\system32\FntCache.dll 2015-04-20 03:17 . 2015-05-13 09:30 1647104 ----a-w- c:\windows\system32\DWrite.dll 2015-04-20 02:56 . 2015-05-13 09:30 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll 2015-04-18 03:10 . 2015-05-13 09:43 460800 ----a-w- c:\windows\system32\certcli.dll 2015-04-18 02:56 . 2015-05-13 09:43 342016 ----a-w- c:\windows\SysWow64\certcli.dll 2015-04-16 12:26 . 2015-03-26 13:26 73728 ----a-w- c:\windows\SysWow64\tasks.dll 2015-04-14 02:38 . 2015-04-14 02:38 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL 2015-04-13 03:28 . 2015-05-13 09:36 328704 ----a-w- c:\windows\system32\services.exe 2015-04-08 03:29 . 2015-05-13 09:23 275456 ----a-w- c:\windows\system32\InkEd.dll 2015-04-08 03:29 . 2015-05-13 09:23 24576 ----a-w- c:\windows\system32\jnwmon.dll 2015-04-08 03:14 . 2015-05-13 09:23 216064 ----a-w- c:\windows\SysWow64\InkEd.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2015-04-10 455392] "Spotify"="c:\users\User\AppData\Roaming\Spotify\Spotify.exe" [2015-07-02 7504952] "Spotify Web Helper"="c:\users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-07-02 2030648] "GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-06-20 813896] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\ccSetx64.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x] R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x] R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NSx64\1600020.011\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1600020.011\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NSx64\1600020.011\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1600020.011\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\BASHDefs\20150625.001\BHDrvx64.sys;c:\program files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\BASHDefs\20150625.001\BHDrvx64.sys [x] S1 ccSet_NS;NS Settings Manager;c:\windows\system32\drivers\NSx64\1600020.011\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSx64\1600020.011\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\IPSDefs\20150703.001\IDSvia64.sys;c:\program files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\IPSDefs\20150703.001\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NSx64\1600020.011\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1600020.011\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NSx64\1600020.011\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1600020.011\SYMNETS.SYS [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 dlba_device;dlba_device;c:\windows\system32\dlbacoms.exe;c:\windows\SYSNATIVE\dlbacoms.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 NS;Norton Security;c:\program files (x86)\Norton Security\Engine\22.0.2.17\NS.exe;c:\program files (x86)\Norton Security\Engine\22.0.2.17\NS.exe [x] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x] S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys;c:\windows\SYSNATIVE\drivers\QIOMem.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-07-06 08:43 990024 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2015-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-14 19:45] . 2015-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 16:23] . 2015-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 16:23] . 2015-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153010267-44935286-722844377-1000Core.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-25 19:57] . 2015-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153010267-44935286-722844377-1000UA.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-25 19:57] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://[URL="http://www.google.com/"]www.google.com/[/URL] uDefault_Search_URL = hxxp://[URL="http://www.google.com"]www.google.com[/URL] mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Bar = hxxp://[URL="http://www.google.com"]www.google.com[/URL] IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 Trusted Zone: dell.com TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) Notify-SDWinLogon - SDWinLogon.dll HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) Toolbar-10 - (no file) HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe AddRemove-AVG Web TuneUp - c:\program files (x86)\AVG Web TuneUp\UNINSTALL.exe AddRemove-spotimote - c:\program files (x86)\spotimote\uninstall.exe AddRemove-zonealarm - c:\users\User\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NS] "ImagePath"="\"c:\program files (x86)\Norton Security\Engine\22.0.2.17\NS.exe\" /s \"NS\" /m \"c:\program files (x86)\Norton Security\Engine\22.0.2.17\diMaster.dll\" /prefetch:1" "ImagePath"="\SystemRoot\system32\drivers\NSx64\1600020.011\SYMNETS.SYS" "TrustedImagePaths"="c:\program files (x86)\Norton Security\Engine\22.0.2.17;c:\program files (x86)\Norton Security\Engine64\22.0.2.17" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2015-07-06 21:04:04 ComboFix-quarantined-files.txt 2015-07-06 20:04 ComboFix2.txt 2015-06-21 18:33 . Pre-Run: 108,610,990,080 bytes free Post-Run: 108,075,675,648 bytes free . - - End Of File - - C15E71EABD0E5F0BFAB58999174AC0AB A36C5E4F47E84449FF07ED3517B43A31 [/QUOTE]
Insert quotes…
Verification
Post reply
Top