Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware (hacked?) everywhere - Please Help - "WOW64";Oovoo; Da

malware microsoft windows cloud oovoo WOW64 WOW_64 virus hacked Combo-Fix

  • This topic is locked This topic is locked

#1
HelpMeTina

HelpMeTina

    New Member

  • Member
  • Pip
  • 2 posts

Hello,

 

I installed some cloud providers on several of our computers (and my iPhone). One was called SugarSync and the other Oovoo.  Since I stupidly did this, basically nothing works.  My iPhone  (which was bought off Gazelle; yes I am very stupid) and anything that connects wirelessly I feel is affected.  I am posting the Combo-Fix report below.  I realize I did this to myself, but I would really like to feel secure when using my computers/phone/anything in my house. 

 

I am also attaching the info and log that resulted from running RSIT. I'm attaching a couple of files because I believe whatever controls my computer ran its own "version" of Combo-Fix (it was not the one I had saved as "Combo-Fix" - it used a different one that somehow saved automatically NOT to the desktop.

 

ComboFix 15-10-09.01 - joanne 10/11/2015  17:50:22.1.1 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3838.1852 [GMT -4:00]
Running from: c:\users\joanne\Desktop\Combo-Fix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\joanne\GoToAssistDownloadHelper.exe . . . . Failed to delete
C:\ZLB1006.tmp . . . . Failed to delete
.
.
(((((((((((((((((((((((((   Files Created from 2015-09-11 to 2015-10-11  )))))))))))))))))))))))))))))))
.
.
2575-04-24 19:16 . 2575-04-24 19:16 74456 ----a-w- c:\windows\system32\RtNicProp64.dll
2574-04-05 12:32 . 2574-04-05 12:32 883928 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2566-03-26 11:48 . 2566-03-26 11:48 913456 ----a-w- c:\windows\system32\SFSS_APO.dll
2015-10-11 21:59 . 2015-10-11 21:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-11 21:25 . 2015-10-11 21:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-10-11 20:46 . 2015-10-11 20:52 -------- d-----w- c:\program files (x86)\trend micro
2015-10-11 20:46 . 2015-10-11 20:47 -------- d-----w- C:\rsit
2015-10-11 18:08 . 2015-10-11 18:08 -------- d-----w- c:\users\joanne\AppData\Roaming\Oracle
2015-10-11 18:08 . 2015-10-11 18:08 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-10-11 18:06 . 2015-10-11 18:06 -------- d-----w- c:\users\joanne\.oracle_jre_usage
2015-10-11 17:25 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6B5DF7B-DB8B-4899-AF76-970C56EF36B8}\mpengine.dll
2015-10-11 03:15 . 2015-10-11 03:22 -------- d-----w- c:\users\joanne\AppData\Local\Mozilla
2015-10-11 03:15 . 2015-10-11 03:15 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-10-10 16:12 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-10-04 01:16 . 2013-09-20 14:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2015-10-04 00:29 . 2015-10-04 00:29 -------- d-----w- c:\users\joanne\AppData\Local\VirtualStore
2015-10-03 23:34 . 2015-10-11 21:38 -------- d-----w- c:\program files\Common Files\AV
2015-09-28 19:03 . 2015-09-28 19:03 -------- d-----w- c:\users\joanne\AppData\Local\LogMeIn Rescue Applet
2015-09-28 18:29 . 2015-09-29 05:38 -------- d-----w- c:\program files (x86)\ShowMyPCService
2015-09-28 18:28 . 2015-09-29 05:28 -------- d-----w- c:\users\joanne\AppData\Local\Deployment
2015-09-26 17:10 . 2015-10-11 19:17 -------- d-----w- c:\program files (x86)\iTunes
2015-09-26 17:10 . 2015-09-26 17:10 -------- d-----w- c:\program files\iPod
2015-09-26 17:10 . 2015-09-26 17:11 -------- d-----w- c:\program files\iTunes
2015-09-26 17:08 . 2015-09-26 17:08 -------- d-----w- c:\program files (x86)\Apple Software Update
2015-09-26 17:08 . 2015-09-26 17:08 -------- d-----w- c:\users\joanne\AppData\Local\Apple
2015-09-26 17:07 . 2015-09-26 17:07 -------- d-----w- c:\program files\Bonjour
2015-09-26 17:07 . 2015-09-26 17:07 -------- d-----w- c:\program files (x86)\Bonjour
2015-09-26 15:11 . 2015-09-26 15:13 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-09-26 12:53 . 2015-10-11 18:24 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit
2015-09-26 12:53 . 2015-09-26 12:53 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Exploit
2015-09-26 12:52 . 2015-09-26 12:52 -------- d-----w- c:\users\joanne\AppData\Local\Programs
2015-09-26 07:54 . 2015-07-01 22:13 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BEB03E2-0DEE-4D2B-849A-7A9FE7D35297}\gapaengine.dll
2015-09-25 22:11 . 2015-09-25 22:18 -------- d-----w- C:\$Windows.~BT
2015-09-25 17:05 . 2015-09-26 07:51 -------- d-----w- c:\users\joanne\AppData\Local\Google
2015-09-25 14:27 . 2015-09-26 03:09 -------- d-----w- c:\users\joanne\AppData\Local\Diagnostics
2015-09-25 13:39 . 2015-09-26 02:18 -------- d-----w- c:\users\joanne\AppData\Local\ElevatedDiagnostics
2015-09-19 06:25 . 2015-09-19 06:25 984448 ----a-w- c:\windows\system32\ucrtbase.dll
2015-09-19 06:19 . 2015-09-19 06:19 -------- d-----w- c:\programdata\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-09-15 09:26 . 2015-08-15 06:48 25190400 ----a-w- c:\windows\system32\mshtml.dll
2015-09-12 13:38 . 2015-08-04 17:55 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-09-12 13:38 . 2015-08-04 18:03 692672 ----a-w- c:\windows\system32\winload.efi
2015-09-12 13:38 . 2015-08-04 18:00 616360 ----a-w- c:\windows\system32\winresume.efi
2015-09-12 13:38 . 2015-08-04 17:56 59392 ----a-w- c:\windows\system32\appidapi.dll
2015-09-12 13:38 . 2015-08-04 17:56 32768 ----a-w- c:\windows\system32\appidsvc.dll
2015-09-12 13:38 . 2015-08-04 17:47 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2015-09-12 13:38 . 2015-08-04 17:56 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-09-12 13:38 . 2015-08-04 17:55 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-09-12 13:38 . 2015-08-04 16:58 61440 ----a-w- c:\windows\system32\drivers\appid.sys
2015-09-12 13:37 . 2015-09-02 01:51 3209216 ----a-w- c:\windows\system32\win32k.sys
2015-09-12 13:37 . 2015-09-02 01:47 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-12 13:37 . 2015-09-02 03:04 41984 ----a-w- c:\windows\system32\lpk.dll
2015-09-12 13:37 . 2015-09-02 03:04 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-09-12 13:37 . 2015-09-02 03:04 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-09-12 13:37 . 2015-09-02 02:48 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-12 13:37 . 2015-09-02 01:33 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-09-12 13:37 . 2015-09-02 03:04 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-09-12 13:37 . 2015-09-02 02:48 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-09-12 13:37 . 2015-09-02 02:48 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-09-12 13:37 . 2015-09-02 02:47 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-09-12 13:35 . 2015-08-05 17:56 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2015-09-12 13:34 . 2015-07-15 03:17 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2574-04-05 12:32 . 2011-06-10 10:34 108760 ----a-w- c:\windows\system32\RTNUninst64.dll
2015-10-11 19:22 . 2014-10-15 07:11 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-11 18:05 . 2015-05-06 09:10 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-09-15 09:31 . 2014-04-29 17:57 630992 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-08-26 22:37 . 2011-09-19 16:31 134753440 ----a-w- c:\windows\system32\MRT.exe
2015-08-12 20:03 . 2015-08-12 20:03 96528 ----a-w- c:\windows\system32\dns-sd.exe
2015-08-12 20:03 . 2015-08-12 20:03 86288 ----a-w- c:\windows\system32\dnssd.dll
2015-08-12 20:03 . 2015-08-12 20:03 61712 ----a-w- c:\windows\system32\jdns_sd.dll
2015-08-12 20:03 . 2015-08-12 20:03 213264 ----a-w- c:\windows\system32\dnssdX.dll
2015-08-12 20:03 . 2015-08-12 20:03 84240 ----a-w- c:\windows\SysWow64\dns-sd.exe
2015-08-12 20:03 . 2015-08-12 20:03 72976 ----a-w- c:\windows\SysWow64\dnssd.dll
2015-08-12 20:03 . 2015-08-12 20:03 50960 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2015-08-12 20:03 . 2015-08-12 20:03 178960 ----a-w- c:\windows\SysWow64\dnssdX.dll
2015-07-30 18:06 . 2015-08-16 17:26 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 18:06 . 2015-08-16 17:26 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 18:06 . 2015-08-16 17:25 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 17:57 . 2015-08-16 17:26 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-07-30 17:57 . 2015-08-16 17:25 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-07-30 13:13 . 2015-08-14 10:15 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 13:13 . 2015-08-14 10:15 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-28 20:09 . 2015-08-17 09:41 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 20:05 . 2015-08-17 09:41 774656 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 20:05 . 2015-08-17 09:41 743424 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 20:05 . 2015-08-17 09:41 437760 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 20:05 . 2015-08-17 09:41 1116672 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 20:05 . 2015-08-17 09:41 69120 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 20:05 . 2015-08-17 09:41 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-28 19:55 . 2015-08-17 09:41 1148416 ----a-w- c:\windows\system32\aeinv.dll
2015-07-24 09:03 . 2015-07-24 09:03 26528 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS
2015-07-22 17:53 . 2015-09-12 13:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-22 12:25 . 2012-05-04 09:23 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-22 12:25 . 2011-09-20 06:31 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-16 19:12 . 2015-08-16 17:44 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
2015-07-16 19:12 . 2015-08-16 17:44 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-07-16 19:12 . 2015-08-16 17:44 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-07-16 19:11 . 2015-08-16 17:44 62976 ----a-w- c:\windows\system32\tsgqec.dll
2015-07-16 19:11 . 2015-08-16 17:44 7077376 ----a-w- c:\windows\system32\mstscax.dll
2015-07-16 19:11 . 2015-08-16 17:44 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll
2015-07-15 18:15 . 2015-08-16 17:41 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-15 18:10 . 2015-08-16 17:41 1743360 ----a-w- c:\windows\system32\sysmain.dll
2015-07-15 18:10 . 2015-08-16 17:40 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-15 03:19 . 2015-08-17 09:37 52736 ----a-w- c:\windows\system32\basesrv.dll
2013-09-07 13:07 . 2013-09-07 13:07 4096000 ----a-w- c:\program files (x86)\GUT298E.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]
"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2015-07-22 2620728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-08-04 597552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-11 c:\windows\Tasks\WpsUpdateTask_joanne.job
- c:\program files (x86)\Kingsoft\Kingsoft Office\office6\wpsupdate.exe [2011-10-29 16:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-08-12 03:15 2340472 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-08-12 03:15 2340472 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-08-12 03:15 2340472 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\joanne\AppData\Roaming\Mozilla\Firefox\Profiles\l6xihxdu.default\
.
Supplementary scan did not complete!
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-SpybotPostWindows10UpgradeReInstall - c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-IMFservice
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
   8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}"=hex:51,66,7a,6c,4c,1d,38,12,15,21,99,
   35,ad,10,d3,00,f6,8f,3c,cf,15,94,08,e1
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}"=hex:51,66,7a,6c,4c,1d,38,12,e3,94,1f,
   be,3b,97,d8,0c,d0,f4,c8,9e,21,03,83,f2
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:fc,f6,bd,21,d1,a3,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,c3,f3,c1,97,16,c3,42,b8,4b,27,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,c3,f3,c1,97,16,c3,42,b8,4b,27,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
.
**************************************************************************
.
Completion time: 2015-10-11  18:07:28 - machine was rebooted
.
Pre-Run: 110,597,640,192 bytes free
Post-Run: 110,351,712,256 bytes free
.
- - End Of File - - 8AFA4AE5A79C304C7987311D45A1A750
 

Attached Files


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Apologies for the delay .. If you still require assistance please post fresh FRST logs
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, microsoft, windows, cloud, oovoo, WOW64, WOW_64, virus, hacked, Combo-Fix

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP