-
<<What I would do is go into your AOL mail and delete anything with an attachment or even mail that you deem safe but no longer need, even in your send folder then empty the trash, just guessing you may have an infected email>>
E-mail in AOL is not stored on the computer so that you can access it anywhere. But I did go ahead and permanetly delete the deleted e-mails and anything else I didn't think I would need.
Here's the combofix log:
ComboFix 14-10-29.01 - Gateway 10/29/2014 13:30:50.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3764.2645 [GMT -5:00]
Running from: c:\users\Gateway\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-09-28 to 2014-10-29 )))))))))))))))))))))))))))))))
.
.
2014-10-29 18:38 . 2014-10-29 18:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-10-29 18:38 . 2014-10-29 18:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-29 18:33 . 2014-10-29 18:33 -------- d-----w- c:\users\Gateway\AppData\Local\CrashDumps
2014-10-29 16:29 . 2014-10-29 16:29 111080 ----a-w- c:\windows\system32\drivers\eKdgjNlY.sys
2014-10-29 16:28 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D769973-A26B-4408-B1CB-B88CB8F20A13}\mpengine.dll
2014-10-29 16:00 . 2014-10-29 16:31 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-29 16:00 . 2014-10-01 16:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-29 16:00 . 2014-10-01 16:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-29 16:00 . 2014-10-01 16:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-29 16:00 . 2014-10-29 16:00 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-29 15:53 . 2014-10-29 15:53 111080 ----a-w- c:\windows\system32\drivers\AVoXsrYx.sys
2014-10-29 15:43 . 2014-10-29 15:43 111080 ----a-w- c:\windows\system32\drivers\HxQQQsyo.sys
2014-10-29 15:39 . 2014-10-29 15:42 -------- d-----w- C:\AdwCleaner
2014-10-29 15:17 . 2014-10-29 15:17 111080 ----a-w- c:\windows\system32\drivers\MxlQYWlT.sys
2014-10-29 12:48 . 2014-10-29 12:48 111080 ----a-w- c:\windows\system32\drivers\PwOKWLIh.sys
2014-10-29 11:09 . 2014-10-29 11:09 111080 ----a-w- c:\windows\system32\drivers\UBrLFeHr.sys
2014-10-29 10:48 . 2014-10-29 10:48 111080 ----a-w- c:\windows\system32\drivers\opRcMSkk.sys
2014-10-28 18:39 . 2014-10-28 18:39 -------- d-----w- c:\programdata\Malwarebytes
2014-10-28 18:35 . 2014-10-28 18:35 111080 ----a-w- c:\windows\system32\drivers\iAncQEAl.sys
2014-10-28 15:20 . 2014-10-29 12:47 -------- d-----w- C:\FRST
2014-10-28 08:20 . 2014-10-28 08:20 111080 ----a-w- c:\windows\system32\drivers\jnsAdKtw.sys
2014-10-28 07:35 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-27 16:58 . 2014-10-27 16:58 -------- d-----w- c:\users\Gateway\AppData\Local\Apps
2014-10-27 14:54 . 2014-10-27 14:54 111080 ----a-w- c:\windows\system32\drivers\pDKYbgdo.sys
2014-10-27 14:39 . 2014-10-27 14:39 111080 ----a-w- c:\windows\system32\drivers\JmOVyYpY.sys
2014-10-27 12:40 . 2014-10-27 12:40 -------- d-----w- c:\programdata\boost_interprocess
2014-10-27 12:29 . 2014-10-27 12:29 111080 ----a-w- c:\windows\system32\drivers\atYthjoV.sys
2014-10-27 12:25 . 2014-10-27 12:25 111080 ----a-w- c:\windows\system32\drivers\IXtkPayO.sys
2014-10-27 12:19 . 2014-10-27 12:19 111080 ----a-w- c:\windows\system32\drivers\YVTTuumS.sys
2014-10-27 12:10 . 2014-10-27 12:10 111080 ----a-w- c:\windows\system32\drivers\gSuQpyHA.sys
2014-10-27 12:06 . 2014-10-27 12:06 111080 ----a-w- c:\windows\system32\drivers\PGBxTkEF.sys
2014-10-27 00:43 . 2014-10-27 00:43 111080 ----a-w- c:\windows\system32\drivers\ufimfweO.sys
2014-10-26 23:25 . 2014-10-26 23:25 12872 ----a-w- c:\windows\system32\bootdelete.exe
2014-10-26 12:46 . 2014-10-26 12:46 111080 ----a-w- c:\windows\system32\drivers\SaBACdhX.sys
2014-10-25 18:42 . 2014-10-25 18:42 111080 ----a-w- c:\windows\system32\drivers\qkkcNgcg.sys
2014-10-24 22:36 . 2014-10-24 22:36 111080 ----a-w- c:\windows\system32\drivers\sBDzxsjA.sys
2014-10-22 15:01 . 2014-10-22 15:01 111080 ----a-w- c:\windows\system32\drivers\iOwjfFdq.sys
2014-10-22 11:23 . 2014-10-22 11:23 111080 ----a-w- c:\windows\system32\drivers\sNmtkkiz.sys
2014-10-22 11:05 . 2014-10-22 11:05 111080 ----a-w- c:\windows\system32\drivers\PHrqeLVS.sys
2014-10-22 10:54 . 2014-10-22 10:54 111080 ----a-w- c:\windows\system32\drivers\KnLHwfQW.sys
2014-10-21 19:34 . 2014-10-21 19:34 111080 ----a-w- c:\windows\system32\drivers\BlFSMOwS.sys
2014-10-21 13:00 . 2014-10-21 13:00 111080 ----a-w- c:\windows\system32\drivers\ipEyTLGa.sys
2014-10-21 12:49 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll
2014-10-21 12:49 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll
2014-10-21 12:49 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2014-10-21 12:49 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2014-10-21 12:49 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll
2014-10-21 12:49 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2014-10-21 12:40 . 2014-10-21 12:40 111080 ----a-w- c:\windows\system32\drivers\tICbFABY.sys
2014-10-21 12:37 . 2014-10-21 12:37 111080 ----a-w- c:\windows\system32\drivers\uOqCtCGV.sys
2014-10-21 12:32 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2014-10-21 12:32 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll
2014-10-21 12:32 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-10-21 12:32 . 2014-09-29 00:58 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-21 12:32 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll
2014-10-21 12:32 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-10-21 12:31 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-21 12:31 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-21 12:17 . 2014-10-21 12:17 111080 ----a-w- c:\windows\system32\drivers\TejdXozT.sys
2014-10-20 07:29 . 2014-10-20 07:29 111080 ----a-w- c:\windows\system32\drivers\VaIZBLul.sys
2014-10-09 16:42 . 2014-10-09 16:42 111080 ----a-w- c:\windows\system32\drivers\pkUPoewm.sys
2014-10-08 09:40 . 2014-10-08 09:40 111080 ----a-w- c:\windows\system32\drivers\PvmDPGpu.sys
2014-10-08 09:14 . 2014-10-08 09:14 111080 ----a-w- c:\windows\system32\drivers\qCEOYKVu.sys
2014-10-06 11:42 . 2014-10-06 11:42 111080 ----a-w- c:\windows\system32\drivers\FKACWuEl.sys
2014-10-03 23:34 . 2014-10-03 23:34 111080 ----a-w- c:\windows\system32\drivers\kCpsrgpo.sys
2014-10-02 13:31 . 2014-10-22 15:15 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-10-02 13:31 . 2014-10-02 13:31 -------- d-----w- c:\programdata\RogueKiller
2014-10-01 10:17 . 2014-09-17 11:05 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78B986AF-7794-4504-8620-03B8D602F3A3}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-29 17:31 . 2014-09-29 17:31 111080 ----a-w- c:\windows\system32\drivers\exTZeEAA.sys
2014-09-29 12:58 . 2014-09-29 12:58 111080 ----a-w- c:\windows\system32\drivers\Cllvxtmc.sys
2014-09-29 12:40 . 2014-09-29 12:40 111080 ----a-w- c:\windows\system32\drivers\dubezlMy.sys
2014-09-28 23:59 . 2014-09-28 23:59 111080 ----a-w- c:\windows\system32\drivers\OyPexOOc.sys
2014-09-28 19:58 . 2014-09-28 19:58 111080 ----a-w- c:\windows\system32\drivers\yMxFRDLr.sys
2014-09-28 19:36 . 2014-09-28 19:36 111080 ----a-w- c:\windows\system32\drivers\UzVfwxBv.sys
2014-09-28 14:17 . 2014-09-28 14:17 111080 ----a-w- c:\windows\system32\drivers\VbdJPgnZ.sys
2014-09-28 13:59 . 2014-09-28 13:59 111080 ----a-w- c:\windows\system32\drivers\bUvERcaW.sys
2014-09-28 11:53 . 2014-09-28 11:53 111080 ----a-w- c:\windows\system32\drivers\ICPieGzC.sys
2014-09-27 21:41 . 2014-09-27 21:41 111080 ----a-w- c:\windows\system32\drivers\UgqyfSyY.sys
2014-09-27 21:22 . 2014-09-27 21:22 111080 ----a-w- c:\windows\system32\drivers\dFcHOCdB.sys
2014-09-27 21:13 . 2014-09-27 21:13 111080 ----a-w- c:\windows\system32\drivers\KxCEIaxm.sys
2014-09-27 21:07 . 2014-09-27 21:07 111080 ----a-w- c:\windows\system32\drivers\yspnfyZk.sys
2014-09-25 13:11 . 2014-09-25 13:11 111080 ----a-w- c:\windows\system32\drivers\OVeQxxot.sys
2014-09-25 13:01 . 2014-09-25 13:01 111080 ----a-w- c:\windows\system32\drivers\NsnVqhYY.sys
2014-09-24 16:07 . 2014-09-24 16:07 111080 ----a-w- c:\windows\system32\drivers\gRQyHaVv.sys
2014-09-24 12:14 . 2014-09-24 12:14 111080 ----a-w- c:\windows\system32\drivers\cqVRFPRT.sys
2014-09-22 06:42 . 2011-10-27 20:21 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-20 22:52 . 2014-09-20 22:52 111080 ----a-w- c:\windows\system32\drivers\orzShdkG.sys
2014-09-20 22:40 . 2014-09-20 22:40 111080 ----a-w- c:\windows\system32\drivers\lNmKKXXK.sys
2014-09-20 22:13 . 2014-09-20 22:13 111080 ----a-w- c:\windows\system32\drivers\ILtPGRZV.sys
2014-09-20 22:11 . 2014-09-20 22:11 111080 ----a-w- c:\windows\system32\drivers\NBCkzyDb.sys
2014-09-20 21:46 . 2014-09-20 21:46 111080 ----a-w- c:\windows\system32\drivers\SsgbkfyY.sys
2014-09-20 13:10 . 2013-06-26 14:27 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-20 13:10 . 2013-06-26 14:27 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-17 11:05 . 2012-02-10 12:24 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-16 10:51 . 2014-09-16 10:51 111080 ----a-w- c:\windows\system32\drivers\aWWCvThI.sys
2014-09-09 22:11 . 2014-09-29 17:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-29 17:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-03 19:47 . 2010-06-24 18:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-03 19:46 . 2014-09-03 19:46 111080 ----a-w- c:\windows\system32\drivers\iVIgRJke.sys
2014-09-03 19:44 . 2014-09-03 19:44 111080 ----a-w- c:\windows\system32\drivers\LixWLhJB.sys
2014-08-31 17:20 . 2014-08-31 17:20 111080 ----a-w- c:\windows\system32\drivers\HwhACASq.sys
2014-08-28 21:09 . 2014-08-28 21:09 111080 ----a-w- c:\windows\system32\drivers\ajOQjQhU.sys
2014-08-27 14:47 . 2014-08-27 14:47 111080 ----a-w- c:\windows\system32\drivers\txAthFaK.sys
2014-08-27 14:46 . 2014-08-27 14:46 111080 ----a-w- c:\windows\system32\drivers\JKzFHMwg.sys
2014-08-23 02:07 . 2014-09-20 21:59 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-09-20 21:59 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:34 . 2014-08-23 00:34 111080 ----a-w- c:\windows\system32\drivers\vCKYeTXc.sys
2014-08-21 13:56 . 2014-08-21 13:56 111080 ----a-w- c:\windows\system32\drivers\SXkkfHGk.sys
2014-08-19 15:44 . 2014-08-19 15:44 111080 ----a-w- c:\windows\system32\drivers\lFDmxCus.sys
2014-08-10 22:23 . 2014-08-10 22:22 111080 ----a-w- c:\windows\system32\drivers\ObnXGiKQ.sys
2014-08-02 18:38 . 2014-08-02 18:38 111080 ----a-w- c:\windows\system32\drivers\OBYIpiCc.sys
2014-08-01 11:53 . 2014-09-20 22:01 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-20 22:01 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.6\AOL.EXE" [2011-04-25 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-11 975952]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-06-20 73832]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-01-16 647120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe;c:\program files\Webroot\WRSA.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PCDSRVC{FCB8192B-6C0E95E9-06020101}_0;PCDSRVC{FCB8192B-6C0E95E9-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\gateway\appdata\local\temp\i1amxcawrfo3\pcdrdiag\bin\pcdsrvc_x64.pkms;c:\users\gateway\appdata\local\temp\i1amxcawrfo3\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys;c:\windows\SYSNATIVE\drivers\WRkrn.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-06-11 861216]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.aol.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{FCB8192B-6C0E95E9-06020101}_0]
"ImagePath"="\??\c:\users\gateway\appdata\local\temp\i1amxcawrfo3\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
@DACL=(02 0000)
@="Bing"
"URL"="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
"DisplayName"="@ieframe.dll,-12512"
"FaviconURL"="http://www.bing.com/favicon.ico"
"SuggestionsURL"="http://api.bing.com/qsml.aspx?query={searchTerms}&src={referrer:source?}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IE8SSC&market={Language}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-29 13:46:48
ComboFix-quarantined-files.txt 2014-10-29 18:46
.
Pre-Run: 567,220,666,368 bytes free
Post-Run: 566,681,833,472 bytes free
.
- - End Of File - - E7318077D953FCAB3C349E51402095F3
-
Oh forgot to mention as I was running combo fix. It's said Webroot Secure anywhere was still active even though I had it disabled. It comes up when I reboot and I disable it because I don't like it except for clearing temp files. So for the most part it's disabled. Also about like 8 or 9 in the combofix process a notification came up that PEV.exe stopped working and required me to close the program to continue. Not sure if that's part of combo fix or something else.
-
Combofix is showing a ton of drivers that wont Google, when I cant find any info on them there most times bad, I want you to check two of them before we remove them all
You need to enable windows to show all files and folders, instructions Here
Go to VirusTotal and submit these files for analysis, just use CHOOSE FILE and then Scan It, if it says this file has been checked before, have them recheck it. When the scan is done just copy and paste the link back to this forum for me to see.
c:\windows\system32\drivers\eKdgjNlY.sys
c:\windows\system32\drivers\AVoXsrYx.sys
If the site is busy you can try this one
http://virusscan.jotti.org/en
-
When I go to Virus Total I cannot find either of these drivers. When I search for then in the C: drive the properties says it's part of Webroot Secure Anywhere. I've had this come up before. I don't know why those won't show except for maybe they are part of security software?
-
Did some asking around and they may be part of webroot, never been a big fan of webroot, its up to you but try uninstalling it and see if things get better
-
Since I ran combo fix I've not gotten a pop up. But then again these things come and go. I've been in my e-mail several times and nothing yet. So I'll check it out again tomorrow morning and see what happens. It's just strange that it comes and goes. Nothing consistent, which is why it's so darned frustrating and probably hard to find. I'll check in again tomorrow and let you know how it goes.
-
If you look at your Combofix log nothing was removed
Lets reset all your browsers back to company defaults
- Open IE
- Go to Tools> Internet Options > Advanced Tab
- Reset Internet Explorer Setting
- Reset
- This will take a few seconds
- Close IE and then reopen it and see if it helped
- Open Firefox
- Click on Help > Troubleshooting Information > Reset Firefox to its default state
- Click the Chrome menu on the browser toolbar.
- Select Settings.
- Scroll down to Show advanced settings...
- Down on the bottom you will see an option for RESET BROWSER SETTINGS
- Click on it and it will set Chome back to defaults
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules